The majority of privacy frameworks and thinking around the issues of privacy across the globe can be attributed or traced back to the guidelines produced by the OECD (Organization for Economic Cooperation and Development).
The OECD issued a report titled "Recommendations of the Council Concerning Guidelines Governing the Protection of Privacy and Trans-Border Flows of Personal Data" (around 1980) that sought to create a comprehensive data protection system throughout Europe. This report became the foundation of the European Union's Data Protection Directive and many other privacy legislation and approaches across the world.
The OECD's report recommended that seven principles be employed for protecting personal data:
I have been thinking for the past few days about these principles, and the status quo in the technology industry.
Take for example, the principle of Purpose. The current best practice is for companies to gather lots of user data and find creative, and sometimes useful, ways to utilize this data. Typical examples include:
However, it clearly represents best practices in the IT industry today - "Collect as much user data as possible. Claim it as ours. Find ways to monetize it".
Will it ever be possible to adhere to this privacy principle when current business practice operates contrary to it? Probably not.
Will it be possible to change the current business models? I do not know.
What about the adherence to other privacy principles? Do they face a similar uphill battle?
I would love to hear your thoughts on the matter.
Dr Tyrone Grandison
Executive. Technologist. Change Agent. Computer Scientist. Data Nerd. Privacy and Security Geek.