Dr. Ann Cavoukian, information and privacy commissioner of Ontario, Canada, is one of the world’s leading privacy experts. She created the concept of Privacy by Design in the 1990s and continues to develop and promote the use of technology as a tool for protecting privacy. Listen to her on our podcast.
What are the most important elements of Privacy by Design that every consumer needs to know?
Privacy by Design will make your life easier. You can be assured of privacy without having to worry about how to get it, how to ensure that it’s there. Privacy by Design happens behind the scenes. Companies, organizations, government departments—anyone, basically, who uses personally identifiable information (PII) from consumers—can embed privacy proactively into their products and services. When companies offer privacy as the default position, it means that it’s embedded into whatever service they’re offering, whatever product they’re selling, and it’s always there. You don’t have to ask for it. The absence of having to ask for it should give you some comfort and confidence, because you can be assured, “I will always have privacy when I’m working with this company.”
How does Privacy by Design look for the consumer? How does it affect everyday life?
If you’re going to a website and you know that company follows Privacy by Design, you know that any information that you give to the website will be protected, will only be used for the purpose for which it’s being provided and will not be sold or shared with any third parties without your consent. So it gives the consumer the confidence that if this company is following Privacy by Design, I don’t have to worry about giving them my name and address if I order a product from them. Consumers don’t have to worry about things related to identity theft, for example, because their information isn’t being shared with unauthorized third parties that customers don’t have a trusted business relationship with.
What are some specific products that could incorporate Privacy by Design that the consumer might actually touch and use?
We point to a system called biometric encryption, which is the embodiment of Privacy by Design. Biometrics, such as the use of a fingerprint or facial recognition technology, obviously can be very intrusive, because if the information is linked with other companies, it can reveal a great deal of information about you. Biometric encryption uses your biometric—be it a fingerprint or a facial pattern—in such a way that it can only be used for the sole purpose for which it’s being collected, and it can’t be used for any secondary purposes unless you give your consent. So it’s the most private, protective use of a biometric, without any implications in terms of unauthorized secondary uses.
There can be, in the future, lots of applications where Privacy by Design can be a real enhancement. Think about your cell phone, which you use all the time. Think about how much information you get from your cell if you have a BlackBerry or iPhone, and you access programs or websites on it. It would be wonderful if you knew that any time you use that information, it would ask you if your geolocation data could be obtained. Apple has been grilled about their policies in terms of the iPhone. Individual users’ geolocation data was, in fact, being collected and retained for quite a period of time, and users didn’t know about it. So imagine if you’ve got a cell phone or an iPhone, and you get an icon right away any time your location data is being accessed, and your permission is sought. That’s Privacy by Design. The privacy is embedded proactively every time you use a particular program or service.
How can consumers know who is and isn’t protecting their privacy?
Apple makes remarkable products, but this caught them unawares. I want to be clear: There are times when you want your location to be known—let’s say you’re asking your iPhone to get a map and how to get to a location. Of course they need to know where you are in order to be able to give you that kind of instruction. So it’s not that they should never have your location data, but you should know when they’re using your location. So a lot of this relates to transparency and giving very clear notice to users: “I need your location data to do this program that you just asked me to do.” It shouldn’t automatically be collected without the user’s knowledge or consent. That’s why so much of this relates to openness and transparency in terms of the user. Does the user know their location data is being collected? Maybe they do, and maybe they want it collected. That’s great. When you seek the user’s consent, meaning you don’t use it unless they say you can, that takes care of a lot of these problems.
What can consumers do to encourage and promote Privacy by Design?
By choosing to patronize companies that have trusted business practices, we as consumers can communicate our desire for Privacy by Design?
Yes. You’re trying to ask companies to proactively, before the fact, protect your privacy and your privacy rights. Most businesses will know what we’re talking about there. It’s about openness relating to their business practices; it’s about protecting a user’s data so it’s only used for the purpose for which it was intended—not shared with third parties that are unknown to the user, and before there’s any secondary use of the data, seeking the consent of the consumer.
Anything we should be doing to encourage our legislators?
There are about half a dozen bills that have come out in the last couple of months. If consumers want to support something, the Kerry-McCain bill is really solid and quite broad in its scope. I should mention the bill specifically refers to Privacy by Design. I was delighted. They actually say, “Follow Privacy by Design.”
What sparked your early interest in privacy and Privacy by Design?
Privacy equals freedom. All of the wonderful freedoms that we enjoy rest on the bedrock of privacy. So I want to ensure that we have it, automatically, by default. I often talk about Germany as having stronger privacy and data protection than anybody else in the world. I think that arose from the time that they had to endure the ordeals of the Third Reich and the cessation of all of their freedoms and liberties. When you look at a country that has morphed from a free and democratic state into a totalitarian state, the first thread to unravel is privacy. So when you go to Germany, they take privacy more seriously than anyone else on the planet. It’s just delightful to be there and to see how strongly they observe people’s privacy rights. And so, for me, my interest in privacy and developing Privacy by Design in a way that’s embedded as the default is because we know that the default condition is the condition that rules 80 percent of the time.
It’s a wonderful legacy. Why has its creation been important to you personally?
My parents brought me to Canada when I was four years old. They had a wonderful, charmed life [in Egypt], living freely as Christian Armenians, but that was going to change—their freedoms were going to be removed. Egypt was under British rule until the mid-‘50s, and my mother used to describe to me what it was like there. She said, “Annie, it was like being in Europe.” Cairo was completely cosmopolitan. She was a French teacher, and she said everybody spoke English and French and Arabic, and the Muslims and Christians lived side by side respecting each other’s religions and cultures. There was never any hint of any disrespect; everything was tolerated. Then when Nasser came into rule, they saw the writing on the wall, because he was nationalizing all the banks, the British were pulling out, he was going to start an army, and my two older brothers would have been conscripted into the army. My mother told me, “We could not raise our children like that.”
In both Canada and the United States, the tradition that we enjoy is one of freedom. We take it for granted. It’s there. We enjoy it every day. But because of my background with my parents, I never take it for granted—or at least I try not to—because I think sometimes people don’t understand the enormous value of freedom. Look at the unrest in the Middle East now. Look at what people are willing to give up and what they’re fighting for in order to find some freedom. My linkage of privacy with freedom is what makes it all so real for me. I want to ensure that our children can be raised in the freedom that I’ve enjoyed and that my parents gave up so much to raise me in. I want to ensure that that will continue in future generations. And I know from my work that privacy is the basis of all of those freedoms. That’s why it’s so important to me.
We literally had nothing when we came here. But we had freedom—I shouldn’t say we had nothing. We had freedom. And that’s why I hold it so dear. I do this in part for my parents, because I want to honor them for raising me in freedom.