Privacy law in New Zealand is further behind what is being developed in the Europe, ICT lawyer Rick Shera told a forum organised by the Privacy Commissioner’s Office in Wellington last week.
Shera says that at least in Europe there is a push for a “right to be forgotten”, that is to have evidence of activity beyond a certain point in your past erased from the record.
He was speaking during a panel discussion that included British Telecom chief security officer Bruce Schneier, who told the audience that it’s pointless to ask whether the things done with your privacy by overseas corporations are compliant with New Zealand law because the law is probably two or three years behind the technology.
“Data is the pollution problem of the information age,” he says, drawing an analogy with atmospheric pollution in the industrial age.
Data is being collected from us everywhere we go — whether it’s Google tracking our web use or a camera snapping a registration plate as we drive our car across a bridge. “Not all of this happens with malice; most is a natural by-product of an information society.”
Today even social interactions which used to be person-to-person are mediated through corporations such as Facebook and Amazon.
There needs to be an opposition movement parallel to the environmental movement to deal with data pollution, says Schneier, and “we will be judged by our children,” as to whether we cared enough.
The typical user is complicit in this data “pollution”, Schneier says. Storage has become so cheap and search so efficient that it’s more trouble than it’s worth to go through your data weeding out what to delete. “Stuff that five years ago we would have thrown away, we still have, because it’s easier and cheaper to save everything and search for what we need.”
The consequence of this is that a mass of data about individuals is being traded among companies with an interest in “targeting” sales. The information society isn’t just the outcome of technology, he says. Technology shows us what’s possible; governments tell us what’s legal; corporations are concerned with what’s profitable.”
There’s no point in complaining to Google about poor customer service, he says – “they’re giving excellent service to their customers. You’re not Google’s customers; you’re their product that they sell to their real customers”.
He points out that most users when faced with an interesting application to install will click the button on a set of possibly privacy invasive set of terms and conditions without reading through them.
Asked for the first piece of advice he would give a novice computer user to protect their privacy more effectively, Schneier replied simply “two words: pay attention”.
Shera pointed to another historic parallel between the ‘gatekeeper’ role of companies like Google, Facebook and Amazon and that of the early news media and publishers. “There was an uproar about their control, and laws were put in place to impose ethics on the media and safeguards against dominance of the market.” In the new generation of media, he says, we seem to have lost that protest energy.
Compounding the more malicious and intrusive end of data accumulation, Schneier says, is a set of myths, such as the “end of privacy” story – that no-one sees any point in protecting private data any more and everyone is in favour of sharing everything.
That’s not so, he says; there is evidence that, given the opportunity, people will spend a lot of time on tailoring privacy settings on platforms such as Facebook and putting in place other protections to prevent data about them being accumulated.