The 32nd International Conference of Data Protection and Privacy Commissioners met in Jerusalem in October, where the working theme was Privacy: Generations – the New Generations of Technologies, Users and Governance.
It’s a nice idea, Generations, if question begging, because after all the problem is the nature and degree of the changes and the transitions we are currently facing.
Another difficulty with the Generational approach is that the Directive has a rather different model of the relationship between users and technology – which it conceives of as master and servant. As Recital 2 puts it “ Whereas data-processing systems are designed to serve man..”.
The idea of the technology as a servant is more or less compatible with the idea of it being neutral, because the servant follows commands and doesn’t think. The Directive pictures the technology as an obedient neutral clerk, as pure means. This leaves the data controller and data subject in command to determine ends, following the rules and common sense intuitions about their behaviour and possibilities.
The pervasive new technology doesn’t fit easily into this model, because we see not only raw power, but also sophisticated technological solutions influencing decisions on ends. Pervasive technology also means the distinction between key players and clerks-in-the-technology has become blurred – personal data stores, for instance?
It is difficult to raise the question of technology in these circumstances and then, eventually, put it back in its place. But if you do try to reflect the new circumstances, it isn’t at all clear where you might end up – and you might have to seriously modify, if not abandon, the master/servant model.
Suggestions of “generational” change sidestep the difficulty of acknowledging this with talk of growing up and putting behind. Unfortunately for this strategy, if you look closely enough, the new generation has exactly the same problem as the old one, only worse.
The key point, I suppose, is to what extent the new technology brings with it inbuilt values and new possibilities which trump or undermine the existing rules, and the assumptions and understandings brought to the rules by current users.
But instead of investigating the role of technology, it seems much more likely that the Directive Review will retain the view of the technology as a neutral servant (pure means), and try to adjust the key concepts and rules to rebalance the positions of data controllers and data subjects to reflect changed technological circumstances, all within the presiding ambit of unchanging, fundamental values (privacy).
That is one possible outcome of the Review of the Directive – but will it be the right one?