In Conversation With Dr. Ann Cavoukian
Each month, PlaceSpeak presents a Q&A with one of today’s most innovative leaders in urbanism, public engagement, and civic technology.
This month, we spoke with Dr. Ann Cavoukian, Executive Director of the Privacy and Big Data Institute at Ryerson University. She served as the former Information and Privacy Commissioner for the province of Ontario from 1997 to 2014. In addition, she was listed on “The Power 50: Canada’s Most Powerful Business People” in 2014 and 2016.
Q: Tell us about how you created the Privacy by Design model. How did you come up with these 7 principles?
A: When I started with the Privacy Commission in the late ‘80s, everything was about regulatory compliance — after the fact, reactive models addressing privacy harms. Now, that’s very important — if something goes wrong you should have a regulator you can take your complaint to and they can investigate and offer you some remedy.
But the problem was, especially with the growth of the internet, ubiquitous computing and emails, dealing with things only after the fact in a reactive mode just wasn’t going to cut it in the future. So I wanted to develop a proactive method of addressing privacy harms, in an effort to prevent them from arising — much like a medical model. You want to prevent the injury, as opposed to just offering treatment after the fact. So that’s what led to my thinking of Privacy by Design, which is all about design-thinking: embedding privacy protecting measures into technologies and network infrastructure by design, intentionally, proactively, so that you can prevent the privacy harms from arising.
I developed the 7 foundational principles literally at my kitchen table, over several nights’ work one week. We needed to ensure that privacy is proactive, embedded into the design of the system, and integral to the operational process. Privacy by Design is all about positive-sum: you can have positive increments in two areas simultaneously, allowing multiple functionalities to take place. You can have privacy and security, not one interest versus the other. So those were some of the things that led to my thinking.
Q: How have people’s attitudes to privacy have changed over the last 5 years?
A: Well, I can certainly tell you that over the past three years, ever since Edward Snowden’s revelations, there’s been a sea change in people’s attitudes towards privacy. I do a lot of talks and speaking engagements, and I no longer have to explain to people why they have to care about their privacy. They come into the meeting and they want to know what they can do about it. The level of awareness has risen dramatically, and people are just outraged at the privacy abuses that are taking place, and they want to know what they can do about it.
So the level of awareness has risen dramatically, as has the massive explosion of sharing of our information. The Internet of Things is all about online connectivity but often in ways that people aren’t aware of. So I talk to companies and individuals — individuals on how to take responsibility and have greater control over their information, and companies on what they should be doing, following Privacy by Design principles in terms of offering protections that consumers and citizens are demanding.
Q: This leads well into our next question. What steps can individuals take to protect their privacy online? Is it too late to start thinking about it?
A: It’s never too late, and I always tell that to everyone – both companies and individuals. It’s harder for individuals, because what they can do is more limited. But they can start by gaining an awareness about what is going to happen to their information.
For example, if you order something on Amazon, you’re giving them your credit card number to pay for what you’ve ordered, and your home address so they can deliver it to you. But beyond that, if you don’t want it used for any other purpose, you have to tell them at that time. So I always tell people if you’re ordering or buying something, make your intentions clear that you’re only providing your information to them for that specific purpose. It’s called purpose specification and use limitation: I’m giving you this information for this purpose, and I only intend for you to use it to complete this transaction, and if you want to use it for any other purpose you have to come back to me and ask for my consent. I’m not saying that that will always happen, but if you start by asking those kinds of questions and making those kinds of comments, it makes a huge difference in the way you’re treated.
Also, there are privacy policies, and nobody reads privacy policies because they’re full of legalese and a pain — I get that. But at least ask some questions at the outset about what’s going to happen to your information. Is the company going to send my information to any third parties without my consent? Just asking a few pivotal questions will get whatever company you’re working with to put you in another group — the privacy-sensitive group — and they’ll treat your information differently. It’s very important for people to take some responsibility.
Q: What is the biggest challenge to privacy in 2016?
A: In talking to companies and organizations, I always try to get them over the hurdle of “Big data is out there, it’s too late for us to protect privacy. The Internet of Things is everywhere, it’s too late, you can’t put the genie back into the bottle.”
Well, yes you can.
Look at a completely different model of how to do it. Yes, there’s a ton of data out there. But if tomorrow, companies started immediately de-identifying the data in their possession once they had used it for its intended purpose, that would create a sea change. Because then you’d be dealing with de-identified data as opposed to personally identifiable data floating around everywhere. There’s so much you can do, so the biggest challenge is getting companies to believe that you still can protect privacy in this day and age of big data analytics and Internet of Things. Once they believe that, I can show them a dozen ways to do it.
Q: In that case, which companies or organizations do an excellent job when it comes to privacy and big data?
A: In Canada, there are three major telcos, but TELUS is amazing. They lead with wanting to follow Privacy by Design. Privacy is so integral to TELUS, and we’ve worked with them extensively in training both at TELUS as a telco, and at TELUS Health. They always say, “We put the customer first,” and if you put the customer first, then the first thing you do with their information is to give it the highest level of protection consistent with their expectations.
There’s another company called Bering Media — they’re awesome. They ensure that advertisements go to the right socioeconomic groups, but they do so in a double-blind manner so that no one knows who’s getting what message. The right message gets to the right group, but there’s no personal information revealed, no identifiers, and people can opt out of it.
Q: How can digital identity authentication work with Privacy by Design?
A: The stronger you can authenticate identity, the better it is from a Privacy by Design perspective, because the individual can be assured that only they, through very proper identity authentication processes, can access certain data that relates to them. It gives a much greater comfort level to the individual, and that’s what Privacy by Design is all about — assuring that the individual’s privacy will be protected and that they will be in control.
What we notice is that people are willing to give more information of a personal nature, such as their home address, phone number, etc., is if there is trust there. If there is no trust, people are unwilling to part with that information because they don’t know what uses will be made of that information that ties directly back to them. Identifiers, especially, are extremely problematic in terms of people’s willingness to share with companies unless they have that trust factor.
Q: How can governments do more to take advantage of their big data while still maintaining privacy?
A: Governments have to be very clear that information provided is intended for a particular purpose. You don’t give information to the government and say, “Do whatever you want with it.” You give it for a very specific reason. Think of taxes — it’s very sensitive information and we all have to pay taxes, but then it’s incumbent on the tax department to ensure that they exercise a duty of care with that data, and restrict the use of that data only to complete the taxation requirement, and not for other unintended purposes.
And I think that’s a big part of this. If governments are intending to use the data that is provided for a specific purpose, what they have to do before using it for another purpose such as research is to de-identify the data. There are very strong protocols for de-identifying data, which when combined with a risk of re-identification framework, will reduce the risk of re-identification dramatically to less than 0.01%. That then gives an enormous comfort level to the public that their personal information is not being used, it’s de-identified information that cannot be linked back to them. The government can very strongly indicate that robust de-identification processes have to be used.
You may also have read some popular cases where university researchers have said that they have been able to re-identify the data from New York taxicabs so governments shouldn’t bother de-identifying. That is utter nonsense. If you poorly de-identify the data, then yes, you’ll be able to re-identify the data. Just like if you encrypt data poorly, you’ll be able to decrypt it easily. Anything you want to do properly, you have to do using proper protocols, and that’s a very important role that the government can play.
Q: What is your favourite productivity app?
A: Does Twitter count? I only follow a very limited number of Twitter hashtags, but the ones I follow are in the privacy and security community, and I end up learning things from them before it even hits the news. If there’s been a new breach, or some new security development, I learn about it first. So I love reading those, because I learn a great deal.
Q: What website do you spend the most time on?
A: I don’t spend much time on websites since there’s so much information being driven to me. Probably Reddit. Reddit would be my favourite website where I get a lot of information.
Q: Is there anything else that you would like to add?
A: I just wanted to emphasize that privacy is so integral to liberty. You cannot have freedom and liberty without privacy. Privacy is all about personal control. You get to decide what to do with your information — not the government, not your spouse, not your mother — you. The Germans have a wonderful term that they developed many years ago called “informational self-determination”, that it is the individual who should determine the fate of his or her personal information, and in terms of privacy, data protection, it’s all about freedom, and that’s what I’d like people to understand.
That’s why surveillance is so bad. When governments or companies are engaging in massive, unwarranted surveillance, it’s like they’re going on a fishing expedition with your personal information, which is all about your life. They have no right to do that. If they have a warrant or a court order, then by all means — it means they have reasonable and probable grounds to believe that there is some legitimate information. We’re not in favour of any kind of wrongdoing or terrorist activity, but there must be warranted grounds to do that surveillance.