Towards a Global Privacy Framework: Arriving at Base Camp

| March 10, 2011

Will the forthcoming G8 summit be seen in history as a peak in addressing privacy globally?

Privacy is becoming a global leadership issue at last.  Will this accelerate the development of an effective global approach to protecting personal information when it moves between jurisdictions? 

We have seen a number of false starts to protecting personal information when multiple jurisdictions are involved. 

The European ‘adequacy’ model was a valiant attempt, but has proven that it cannot be made to scale outside the close knit and unique construct of the EU. 

The concept of ‘accountability following the data’ mentioned as far back as the 1980 OECD privacy guidelines was revived by APEC in its Information Privacy Principles 5 or 6 years ago. The accountability concept is being pursued vigorously right now, led by a series of European Data Protection Commissioners, the Center for Information Policy Leadership and a core group of global businesses.  It has a lot of promise for taking domestic, within-jurisdiction law and giving it cross border impact.

As I have observed in past blogs here, here & here, these efforts have resulted in steady, albeit disparate progress, in discussions on privacy involving multiple jurisdictions.  Almost all of this progress has taken place on either side of the Atlantic with the honourable addition of the work of APEC.  However progress on the global front has remained very slow and the end point unclear.

This is why the recent news that privacy will be on the agenda of the next G8 meeting is so exciting.

But first, a little bit of background about G8.  The G8 is a forum for eight of the world’s major industrialised democracies: Canada, France, Germany, Italy, Japan, Russia, the UK and the US.  These countries wield enormous influence, representing about 60% of the world’s GDP and 70% of military spending.

The responsibility for hosting the summit and setting the agenda rotates among the members each year.  A range of topics of mutual and global concern are discussed.  This year France is hosting the summit on 26-27 May in Deauville.  The President of France, as this year’s G8 president, has placed privacy for the first time on the agenda at a global summit where major world leaders will be in attendance.

I must confess that at times I thought it would take much longer than this.  However, the Wikileaks saga along with a series of global privacy ‘incidents’ recently has delivered a huge wake-up call to governments around the world.  I have discussed previously what a momentous year 2010 was for pushing privacy issues to the fore.

Of particular interest in discussions between leaders will be the oft-remarked duelling dynamics of the US-approach and the European-approach to privacy.  The EU has sought to balance free speech with rights of privacy, personality and dignity, as enshrined in Article 8 of the European Convention on Human Rights, placing a much stronger emphasis on these rights based constructs than economic growth and innovation.  Its attitude to data protection is shaped by this: witness the strong reaction to Google Street View’s Wi-Fi debacle.

On the other hand, the US gives an extremely wide scope to free speech through the First Amendment to its Constitution.  It is also the home of many powerful transnational corporations, all with a vested interest in keeping data flows as open as possible.  For them, privacy regulation should be based primarily upon commercial considerations, encouragement of innovation and consumer protection but tempered by “human rights” considerations.

The answer that will be acceptable globally, of course, will be somewhere in between – a ‘mid-Atlantic’ approach.

Will this dichotomy complicate matters? Of course.  But a conversation at the leader level will open up new ideas and options that haven’t been previously available.  One of the reasons why progress on a global approach to privacy has been so laboured has been the lack of leader level focus, with each side not bothering to venture outside their respective squares.  Finally there is an occasion to do so.

This is much like the 2001 changes to the Privacy Act in Australia: a start had to be made somewhere in order to cut through the endless talk and no action.  It was negotiated on the basis that there be a formalised review process with a view to accelerating that learning process.

I hope something like this will happen at the G8 summit.  If establishing a global privacy framework is like scaling Everest, then even though the G8 meeting is a ‘summit’, in privacy terms it be that it eventually is seen as having arrived at base camp.  There will be false starts and retreats, but in the end the only direction is up.  This will not be the last time that privacy will appear on agendas at the leader level .  If not this time, eventually it will be addressed fair and square by the world’s leaders.




Malcolm Crompton is Managing Director of Information Integrity Solutions (IIS), a globally connected company that works with public sector and private sector organisations to help them build customer trust through respect for the customer and their personal information. Malcolm is a former  Australian Privacy Commissioner. He was also foundation President of the International Association of Privacy Professionals, Australia New Zealand,