By EDRi

Like most digital rights or information technologies conferences held since Edward Snowden’s revelations early June, the PRISM scandal and the NSA surveillance program were intensively discussed at the 2013 Public Voice Conference. The conference was held on 24 September 2013 in Warsaw, Poland, in conjunction with the 35th International Conference of Data Protection and Privacy Commissioners on 25-26 September.

As well established for many years now, civil society groups, privacy advocates, data protection and privacy officials, technology experts and other professionals from different countries and regions gathered to discuss the overall theme of this year, “Our Data, Our Lives”, highlighting how important and overarching this issue has become in our everyday activities.

The first panel session discussed general developments and progress made in different regions of the world since the adoption of the Public Voice Madrid Privacy Declaration in 2009. Detailed reports from India and UK were provided, and the “13 Principles for Human Rights in Mass Communication Surveillance”, recently launched at the 24th session of the UN Human Rights Council, were presented. These principles have been endorsed so far by 270 NGOs around the world, including EDRI. In the light of these developments, the provisions of the Madrid Civil Society Privacy Declaration, one of the main recent achievements of The Public Voice coalition remain more than ever relevant.

The second panel, moderated by EDRI member Meryem Marzouki, directly addressed the NSA surveillance program issue, as well as surveillance activities conducted by other intelligence agencies, including in Europe such as the UK’s GCHQ and its Tempora program, not to mention those programs that could also be run by governments which remained suspiciously silent following the Snowden’s revelations. Professor Paul de Hert, Caroline Wilson Palow (representing Privacy International) and Pablo Molina (member of the board of directors of The Electronic Privacy Information Center, the main convenor of The Public Voice coalition) presented and discussed the responses from American and European civil society organizations to these surveillance programs, as EDRI reported in previous issues of this newsletter.

Speaking on the same panel, David Medine, the chairman of the US Privacy and Civil Liberties Oversight Board (PCLOB), reported that the mass surveillance issue has become after Snowden’s leaks the number one issue addressed by the PCLOB, which is currently holding hearings in the framework of its investigation on the NSA program, from the legal perspective (assessing the FISAA law); the constitutional perspective (with respect to both the 1st and the 4th Amendments of the US Constitution); and the policy perspective (examining whether the balance is struck properly between privacy and security objectives). While the investigation is still running, David Medine announced that PCLOB will produce a set of recommendations and make them public by the end of the
year.

The third panel discussed the role of Internet intermediaries in data collection and explored the need for platform providers to assume responsibilities in data protection. EPIC’s David Jacobs provided insights on how recent technology developments can increase data collection, providing examples such as the use of Google glasses. Among the main highlights, Michael Donohue presented the OECD developments in this respect, underlying that the revision of the OECD privacy guidelines has not yet really answered the question of the Internet intermediaries’ role in data protection. The development of the OECD High Level Principles on Internet Policy Making has shown the increasing trend of governments to use intermediaries to achieve other policy goals, such as child protection or copyright enforcement. This dual capacity of Internet intermediaries makes the issue very difficult to address, and is actually among the strong concerns raised by the OECD Civil Society Information Society Advisory Committee (CSISAC), of which EDRI is an active member, during the discussion of the OECD high Level Principles.

The fourth panel, moderated by Anna Fielder (Privacy International) addressed EU-US trade discussion, namely the Transatlantic Trade and Investment Partnership (TTIP or so-called TAFTA), setting the scene from its title: “Will the United States be Given a Free Pass on Privacy Again?”. Jennifer Stoddart, the Canada Privacy Commissioner, presented a rather optimistic, though probably long term vision. While USA and Canada need to renegotiate trade agreements with the EU, seeking for new and diversified markets because of the economic crisis, at the same time many data protection laws around the world are strongly inspired from the EU strong data protection model; this situation, combined with active internal efforts by the US FTC to increase consumer data protection and with the revision of the OECD guidelines, is likely to push towards global stronger data protection.

It remains that transborder dataflows are a strong concern than can only be solved through a global data protection agreement, such as the Council of Europe Convention 108, as highlighted at the same panel by CoE’s Sophie Kwasny, who detailed the progress of the Convention’s revision. Kostas Rossoglou from BEUC (the European association of consumers unions) also made it clear that there are still many shortcomings in the EU legislation with respect to transborder dataflows, noting that “safe harbour is not safe”, but rather a loophole
in this legislation, and that the free flow of information shouldn’t be confused with the free flow of commercially valuable citizens’ personal data.

In addition to these 4 panels, two keynotes were given, both chaired by Deborah Hurley (chair of EPIC board of directors). In its opening statement, The Polish DPA Wojciech Wiewiórowski reminded Poland history to underline the importance of the enforcement of privacy and data protection. During its lunch keynote, Jacob Kohnstam, Chairman of the EU Article 29 Working Party, reported on the closed session of the international Data Protection and Privacy Commissioners, where no less than 9 resolutions were adopted, most notably “The Warsaw declaration on the “appification” of society”, as well as other resolutions on profiling, anchoring data protection and the protection in international law, openness of personal data practices or webtracking.

Plans to hold the 36th International Data Protection and Privacy Commissioners conference in the last week of September 2014 in the Island of Mauritius are announced. Will civil society have enough resources to hold its next Public Voice conference there as well?

The Public Voice 2013 Conference: “Our Data, Our Lives” (24.09.2013) http://thepublicvoice.org/events/warsaw13/

The 35th International Conference of Data Protection and Privacy Commissioners (25-26.09.2013)
http://www.privacyconference2013.org/

The Public Voice Madrid Privacy Declaration (3.11.2009)
http://thepublicvoice.org/madrid-declaration/

The 13 International Principles on the Application of Human Rights to Communication Surveillance (20.09.2013)
http://necessaryandproportionate.org

US Privacy and Civil Liberties Oversight Board (PCLOB)
http://www.pclob.gov/

2013 OECD Privacy Guidelines (07.2013)
http://www.oecd.org/sti/ieconomy/privacy.htm#newguidelines

OECD Council Recommendation on Principles for Internet Policy Making (13.12.2011)
http://www.oecd.org/internet/ieconomy/49258588.pdf

CoE Convention 108 and its modernization process http://www.coe.int/t/dghl/standardsetting/dataprotection/modernisation_en.asp

Resolutions adopted by the 35th International Conference of Data Protection and Privacy Commissioners (24.09.2013)
https://privacyconference2013.org/Resolutions_and_Declarations

(Contribution by Meryem Marzouki, EDRi member IRIS – France)