Report National Privacy Conference 2020
Privacy First, in collaboration with ECP (Platform for the Information Society), organised the National Privacy Conference for the third time on 28 January 2020 to draw attention to the issue of privacy.
In 1981, the European Data Protection Convention was signed on this day, 28 January, which is why the Council of Europe recognised it as European Privacy Day.
Deputy director of ECP Marjolijn Bonthuis opened the day by welcoming all attendees to Nieuwspoort. Chairman of the day Tom Jessen (presenter RTL-Z and BNR) briefly explained the day's programme. He then went into a bird's-eye view with Monique Verdier of the Personal Data Authority (AP) due to counter developments at the AP. Verdier said there has been an increase in awareness about privacy and media coverage of the issue. But she also pointed out two problems: the excessive collection of data without clear efficiency and the increase in corporate interest in making money from personal data. They also talked together about the focus for the coming years, including data trading, digital government, smart cities, Artificial Intelligence and algorithms. The AP hopes to grow in the coming years to take on a larger supervisory role.
Then came Richard van Hooijdonk, futurist and trend watcher, speaking. 'He lives for tech,' were the words with which he was introduced by Jessen. Van Hooijdonk spoke enthusiastically about the relationship between Artificial Intelligence and privacy, especially about all the possibilities the future may bring us, from self-driving cars, robots and smart devices that can support us to upgrading our bodies through neurotechnology. He advocates improving education as a foundation for the future. In his view, the world has changed enormously over the past decades, but education has not undergone the same modernisation. Precisely when we move with the times with passion and curiosity, he believes, will give us the most in this fast-changing, modern world, provided we maintain a critical eye. Bas Filippini, founder and president of Privacy First, then joined him in a discussion on the potential clashes of technological developments with ethical values and the associated privacy implications. Filippini indicated that besides convenience, many technological developments also raise questions about whether the technology is actually developed from human preferences or from algorithms developed without regard to ethics. Ultimately, Filippini came up with 10 commandments for developing and deploying technology in a human society, including, for example, 'ethics and the human condition must be central' and 'humans have the right to oblivion'.
The next speaker was Tom Vreeburg, former IT auditor at a big four company and independent IT risk and assurance professional. He questions the assumption that the government is the big watchdog over our privacy with a seemingly realistically manageable AVG, due to the complexity of the matter. Vreeburg explains that privacy has become more confusing through Big Data links to which conclusions are drawn by algorithms. He also indicates that it is important to properly protect weighty information online, rather than uphold a pretence illusion of privacy.
After a break, Peter Fleischer talking about the role of privacy within Google and the development and elaboration of the AVG. He explained what 'privacy by design' means and how this is given shape within Google. He also explained which measures Google has had to implement, such as changing all employee contracts. He also explained which measures they are still actively working on to ensure compliance with the AVG.
Afterwards, Sander Klous, professor of Big Data Ecosystems at the University of Amsterdam and also a data analyst at KPMG, explained the risks associated with possible bias of algorithms when unbalanced inputs are used for it. An algorithm can and is very likely to make mistakes. He also touches on how personal the filters are by which a select flow of information comes to you, the so-called filter bubble. According to him, this causes escalation of tensions in the world, the understanding for the other party decreases because there is only a select flow of information coming to people.
Dutch Privacy Awards
Throughout the day, five contenders for the Dutch Privacy Awards the stage to give a short pitch on their project, having previously been selected by the jury. The contenders were Publicroam, Candle and Skotty in the Consumer Solutions category and NUTS and Rabobank/Deloitte within the Business Solutions category.
Publicroam is an initiative that aims to set up secure guest Wi-Fi networks. This involves better safeguarding of users' privacy and their personal data, since as little is kept as possible and data is not resold. This is in contrast to many public Wi-Fi networks, where network security is also often questionable due to easily obtained passwords. A similar system to Publicroam is already used in government and educational institutions: Govroam and Eduroam. "We hope to win the Privacy Award, because with it we can start a movement in which secure and privacy-proof WiFi becomes a matter of course."
The second nominee was Candle, they presented a privacy-friendly smart home solution that does not require connection to a cloud and thus no connection to the internet. Various home appliances can be easily connected to each other through practical hardware solutions, combined with an open-source network. "Our goal was to challenge the industry to think better about privacy by showing that it can just be done. By showing that you don't have to choose between privacy and ease of use. If you design it right, you can have both."
The next initiative allowed to make a pitch was Skotty. Skotty is a platform that allows entrepreneurs to securely transfer information from A to B with full end-to-end encryption. According to Skotty, mere privacy is not enough, they also want to offer additional functionalities within their platform such as, for example, being able to sign contracts instantly online, as privacy is often not a goal in itself for many people. According to them, this is the only way to really make privacy the standard.
The fourth nominee was foundation NUTS. They want to provide a privacy-friendly solution for identity management and personal data sharing in healthcare, where users have a say in what healthcare data can or cannot be shared between healthcare providers. They want to do this through services delivered over a decentralised network and based on the principles of Privacy by Design. The identity of the data subject can be conclusively proven by the identity management solutions and the decentralised approach fits well with developments in healthcare architecture.
The final nominees were Rabobank and Deloittewho, in cooperation with housing corporations, have developed a concept that could replace the income test for social housing. The potential applicant often has to send income data via pdf files, which the housing corporation then has to verify; a complex process in which the data also cannot be validated. Within Rabobank/Deloitte's design, this data will be sendable by the consumer, whereby he/she retains control over the data, but the verification will be performed by a mathematical algorithm. So the verification will no longer be in the hands of the housing corporations and there is data minimisation whereby the data can also no longer be manipulated.
This was followed by a panel discussion with all speakers on data trading and giving permission for data sharing. At the end of the afternoon, a panel discussion was held by MP Kees Verhoeven (D66) presented the Dutch Privacy Awards: the winners were Publicroam, NUTS and Candle. Read more and the jury report can be found here.
On to the next edition in 2021!