Privacy, digital identity and digital innovation were key themes at the recent "Identity Conference" co-hosted in Wellington by Victoria University, the Department of Internal Affairs and the Office of the Privacy Commissioner.

The conference, featuring both overseas and local speakers, brought together a number of interesting perspectives on the interplay between technological invention, human rights and regulatory response. We outline the broad scope of the discussion.

Protecting privacy in a digital world

The key question for the conference was how to maximise the benefits and minimise the risks around identity and privacy in our increasingly digitised and connected ways of living, working, socialising, shopping, and playing.

Smart use of digital data has huge potential value:

  • individually focussed services
  • service integration and ease of access
  • better policy and product design (based on better information), and
  • limitless scope for technological innovation.

But there is an essential tension between these benefits and maintaining privacy for our digital identity (which is increasingly removed from our traditional sense of "self"):

  • the digital world lacks the visual cues of risk/threat/danger that stimulate our use of privacy protections in the physical world
  • a lot of data about individuals can be inferred, reverse engineered and re-identified from apparent anonymity, and
  • we are losing control over our digital identity (as perceived).

A person's frame of reference in relation to privacy may shift over time. Evidence is emerging that we become less willing to disclose our digital identity as we gain experience of how our data, even apparently non-sensitive data, can be used (and connected, reverse-engineered, etcetera).

However the picture is far from simple as, although we are unwilling to give up privacy protections, once granted, we are also unwilling to give up the benefits which can be accessed through greater disclosure – an inconsistency which suggests that it is very difficult to capture the value of privacy.

This tension could be managed by introducing an ethical framework for use of digital data that allows organisations to unlock the value of the data they hold while maintaining consumer trust. Such a framework might include such components as:

  • giving individuals greater control over their own data and how it is shared - with whom, when and for what purpose
  • transparency reporting of data disclosure
  • visceral stimulants to make users more conscious of what they are sharing online and of the possible later implications for digital privacy and identity.

Companies could make digital data security a competitive advantage. Some guidance in framework design is available in the Privacy by Design principles - user-centric, pro-active, embedded privacy by default, control to individual, full functionality potential, end to end security, and transparency.

But no system is perfect:

  • transparency on how companies use data can be quickly forgotten when separated out from immediate data collection for even a short period
  • it is impossible to have full privacy/security and full innovation, so trade-offs will be needed to avoid a win-lose outcome
  • it is unnecessary to make an absolute choice in favour of digital privacy or innovation – we can (and should) balance and tier the emphasis depending on the data involved
  • it is essential to plan for security failure and to build more robust networks that can detect and cope with failure, learn, respond and recover.

The conference papers are now available on line - keynote speakers here and panel contributors here.

The information in this article is for informative purposes only and should not be relied on as legal advice. Please contact Chapman Tripp for advice tailored to your situation.