• United States



Digital privacy in the big data era: Microsoft’s data protection keynote

Dec 02, 20126 mins
Big DataData and Information SecurityMicrosoft

When it comes to data protection and protecting people's privacy in the digital age, Europe is far more advanced than America. At the IAPP European Data Protection Congress, Microsoft's Chief Privacy Officer Brendon Lynch delivered this keynote...

There are several Internet security experts who agree with Steve Rambam’s claim that “Privacy is dead – get over it.” Yet other privacy and security experts such as Bruce Schneier completely disagree. In The Value of Privacy Schneier wrote, “Privacy protects us from abuses by those in power, even if we’re doing nothing wrong at the time of surveillance.” When it comes to data protection and protecting people’s privacy in the digital age, Europe is far more advanced than America.

In fact, the head of France’s data protection agency, Isabelle Falque-Pierrotin, did an excellent job summing it up as: “In Europe, we consider privacy a fundamental right. That doesn’t mean it is exclusive of other rights, but economic rights are not superior to privacy.” The New York Times also reported that she said that, in the United States, “personal data are seen as raw material for business.”

In November, Microsoft’s Chief Privacy Officer Brendon Lynch said of the IAPP European Data Protection Congress 2012, “One area of strong consensus was the tremendous potential the digital economy holds for companies on both sides of the pond. Accordingly, it’s important to strike the right balance between data protection with business growth through interoperability between privacy regulation in the EU, U.S. and elsewhere.”

Many privacy advocates cringe when hearing the word “balance,” such as striking a balance between security and privacy. Hopefully people won’t come to cringe when they hear the word balance applied to big data security protections and privacy. As Bruce Schneier wrote way back in 2006:

Too many wrongly characterize the debate as “security versus privacy.” The real choice is liberty versus control. Tyranny, whether it arises under threat of foreign physical attack or under constant domestic authoritative scrutiny, is still tyranny. Liberty requires security without intrusion, security plus privacy. Widespread police surveillance is the very definition of a police state. And that’s why we should champion privacy even when we have nothing to hide.

Whether people realize it or not, big data is not privacy-friendly even when it is supposedly anonymized or contains obfuscated PII (Personally Identifiable Information) data. Researchers have shown that “linkability threats” can re-identity individuals. Since it boils down to the fact that you are not anonymous when it comes to big data, Microsoft has developed “Differential Privacy for everyone” [download PDF].

In the IAPP keynote address [download PDF], Lynch made some excellent and thought-provoking privacy points regarding big data. He said:

Data is the fuel that drives all of these powerful technologies, but what can be done with the data today can at times seem enormously helpful or enormously threatening. Consider two scenarios shown here. In the first case, I am using my phone in a grocery store to find out more about the items on the shelves and it is mashing up that with my private data to personalize my experience. So here I downloaded a recipe and customized it for my dietary needs. If it’s a trusted system, that’s a great experience. On the other hand, consider the US company, Target, which recently generated a lot of press about its pregnancy prediction score. This was based on what people were purchasing in Target stores, they are able to indicate a shopper that appeared to be pregnant. The concern about how Target can figure out such details about customers shopping in its stores, who are not explicitly sharing that information, is the concern. And what does it do with those insights? In this particular case, they sent some mailers to the individual involved – it was a teenage girl and her father was very offended that they were wrongly marketing to her, but it eventually did come out that she was in fact pregnant. Target knew a lot more than her father knew.

Peter Cullen, Microsoft’s Chief Privacy Strategist, wrote about “notice and consent” as a means of privacy protection and how data privacy frameworks need to “focus on the ‘harms’ or ‘impacts’ of data use, which should not only include physical and financial injury, but also broader concepts such as reputational or social harm.”

Yet after showing a video that highlighted data transfers in today’s world at the IAPP conference, Lynch said, “How could there possibly be meaningful notice and consent mechanisms in place for every transfer of data that was involved?” He added, “It would seem that advances in technology and the rise of big data can create amazing societal benefits but they can also strain traditional notions of secrecy and the notice and consent approach to privacy protection.”

In his keynote, Lynch said:

Some technology and internet companies today take the position that privacy is dead, or at least that privacy is an outdated concept that people need to get over so technology companies can help them reap the benefits of sharing as much information as possible. But we disagree that privacy is not relevant or desirable, in this sensor-driven, social everywhere, big data world that we are heading towards. People today expect strong privacy protections because they are increasingly aware of, and concerned about, the digital trails they leave behind online and indeed there’s plenty of evidence that people still care deeply about privacy.

Of course people care about privacy. Europe continues to illustrate this to the world by taking a hard stance when data is used without “informed consent” and when users cannot “opt out.” Lynch believes we need to not only protect privacy in regards to big data, but also that people “need an updated notion of privacy and data protection principles, one that shifts from a focus on secrecy to a more nuanced approach, based on reasonable consumer expectations, context and a greater emphasis on how personal information is used.”

Big data definitely represents significant threats to personal privacy. Let’s hope this “shift” and “updated notion of privacy” won’t include the word “balance” that puts individuals on the losing end as it generally has when the government talks of striking a balance between security and privacy.

Like this? Here’s more posts:

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.