APIs and Mobile and Online Privacy Scene-setting, Regulations and Controversies W3C Device API Privacy Kasey Chappelle, Global Privacy Counsel July 2010 Vodafone C2
Vast rates of societal change, increasing all the time TECHNOLOGIC SOCIAL ECONOMIC AL • Always-on, ultra-broadband • Malleable content from any • Disruptive technologies will connectivity wherever you platform enables data continue to challenge are, through highly mobile subjects to become data established business and devices powerfully supported providers , co-creating and regulatory models, and by services and data in the mashing-up personal content offering new possibilities (and ‘cloud’. (like photos, videos and text) risks) for consumers. with commercial content, and • Seamless platforms and an • Network effects will spur publishing widely. ever-expanding range of innovation, with billions of interoperable and • Empowered activists . potential users reachable by applications facilitating Greater connectivity and online and mobile service common exchanges. We will crowd-sourced everything providers and developers at use mobiles to make fundamentally change the low costs, leveraging the payments, seek healthcare, individual’s relationship with technological capabilities of and gain physical access. companies and governments, mobile devices, networks and challenging established open and interoperable • Intelligent networks and notions of trust, relying upon platforms to create intelligent services that learn and adapt authentic and trusted peer and compelling applications. based on openly available groups for authority and less attributes like presence, upon “official” sources, and in context and location, turn contributing our own performing everyday tasks in viewpoints. the background, liberating the user for more meaningful tasks.
But we have a regulatory environment in flux . . . EU US Rest of World • New ePrivacy Directive • FTC rethinking approach and • Increasing numbers of promises more aggressive countries with privacy laws • Reexamination of the Data enforcement Protection Directive • Watching what the EU/US do • US Congress readying here • Calls for a reorientation privacy laws towards real privacy protections, not bureaucracy . . . that was built on increasingly archaic distinctions. Browser Controller Application developer Blogger Mobile network Social Networker operator YouTube uploader Handset manufacturer Flickr user Operating System Application store Search Engines Processor Subject
What are some of our global regulatory obligations? Transparent Notice Informed Choice Tell them what’s going to happen Let them decide Privacy Rights and Responsibilities Access, Correct, Minimize/delete Delete No more or longer than necessary Let them change their mind
What’s the big picture? Consumers expect protection • Consumers are increasingly aware of their rights and react negatively to situations they perceive as privacy- invasive. In an always-on world, there’s growing need for better online privacy controls, even more so in the inherently personal mobile environment. Regulators are watching • Laws and regulations alone won’t create better consumer privacy – ‘privacy by design’ is the buzzword, and that requires better technical standards. If we are not careful about responding with better programmes, regulators will do it for us – and the outcome may be less than technology-friendly!
What’s the big picture? Security ≠ Privacy • API and application standards have for too long focused on security – the ‘how and what’ of data use – at the expense of privacy – the ‘why.’ Existing security standards do not provide information that allows users to exercise informed choice – a legal necessity. This is about more than just location • Other APIs can surface information in ways that are privacy intrusive: accessing the address book, statistics, analytics and profiling, cameras, photos and video, communications logs, system info and events. Need to consider and seek technical solutions for the potential misuse of all kinds of information.
Recommend
More recommend
