International Institute of Communications

Shaping the policy agenda: TELECOMMUNICATIONS • MEDIA • TECHNOLOGY
Tel:+44 (0)20 8544 8076
Fax:+44 (0)20 8544 8077

social twitter sm  social linkedin sm  social youtube sm  social facebook sm

Future policy approaches to the convergence of privacy and security online

 

INTERNATIONAL INSTITUTE OF COMMUNICATIONS

UK CHAPTER EVENT

THE IIC INVITED YOU TO PARTICIPATE IN THIS MEETING (IN ASSOCIATION WITH ISOC ENGLAND) ON:

FUTURE POLICY APPROACHES TO THE CONVERGENCE OF PRIVACY AND SECURITY online

Thursday 14 July 2016, 1730 - 20:00

Location: TechUK, 10 St Bride Street London EC4A 4AD
 

Click here to see the panel presentations on our YouTube Channel

 

The UK chapter meeting's chair, Ann Lafrance (Squire, Patton Boggs LLP) set the scene by stating that businesses seem to be caught between a rock and a hard place as they use encryption to protect their customers' privacy but also face the UK's investigative powers bill (IPB). The IPB provides that communication providers have to assist government with details of their encryption.
Privacy and security are co-dependent issues, rather than a trade-off as often depicted, according to Robin Wilton [Technical Outreach Director for Identity and Privacy, ISOC]. Privacy cannot be ensured just by technology; policy is also needed. In fact, encryption – the technological answer to privacy – is a necessary but not sufficient condition for privacy protection, as it only ensures privacy at the point of first disclosure. Three things need to happen for good protection: people need to be aware there is a problem, motivated and equipped to do something about it – or able to delegate to a service provider who can help. A key problem is that consumers cannot influence the economics of data, hence have little control over its effects on them. This is the field where policy has its greatest potential role.

Renaud Di Francesco (Sony Europe) echoed the view that users give away their data because they are not aware of its value, adding that recognising who owns the data is another important issue. At the moment, cyber security is in the hands of technology experts while it is lawyers who tend to defend privacy. There should be a more legal protection of security and technological protection of privacy. The IoT will bring new issues of activity (not just communication) protection; for example, criminals could detect when a house is operated remotely and take advantage of it.

Talal Rajab (TechUK, Head of CyberSecurity) felt that the privacy/security debate is actually about balancing different types of security, i.e. private vs. public security. He added that in its current format, the IPB would not pass the safe harbour and private shield tests required by the EU in order to offer services to its citizens. Also, whether or not the UK is part of the EU, it is bound by GDPR.

The Q&A session recognised that the twin influence of Snowden and the EU's GDPR – the former showing that necessity and proportionality of surveillance was at best a lipstick, the latter providing incentives to class action and damages - has brought data protection on top of the agenda for many companies. Businesses make their security features a key part of their branding, and any data breach is punished by stock markets and users walking away. What if the data breach happens in the public sector? Any financial punishment would make the public body even less able to protect security. Public sector really needs to put training and processes in place. The discussion also provided interesting examples from around the world. One is Japan, who is taking the opportunity of a very visible event, 2020 Olympics, to promote awareness and training on cybersecurity. The other is Singapore announcing that their public data systems are no longer connected to the internet. Does this mean that you can no longer remain connected and secure? 

ukchapjuly20162 2  ukchapjuly2016  ukchapjuly2016 3


CONFIRMED SPEAKERS

Ann LaFrance

Ann LaFrance

Coordinating Partner, EMEA Communications Law; Co-Chair, Global Data Privacy & Cybersecurity; Squire Patton Boggs (UK) LLP; Vice President, International Institute of Communications

Olivier Crepin-Leblond

Olivier Crepin-Leblond

Chair of the Internet Society, England Chapter and Chair of European At-Large Organisation (EURALO) at ICANN.

Renaud Di Francesco

Renaud Di Francesco

Director, Europe Technology Standards Office at Sony Europe

Robin Wilton

Robin Wilton

Technical Outreach for Identity and Privacy at ISOC

Talal Rajab

Talal Rajab

Head of CyberSecurity at TechUK 

Stay up to date with the IIC

Tell us how you'd like to stay informed about events, interviews and more from the IIC. 

My IIC Preferences

Follow us on Twitter