The 40th International Conference of Data Protection and Privacy Commissioners (ICDPPC) was held in Brussels, Belgium, 22-25 October 2018.
With headline speakers like Apple CEO Tim Cook, the event brought together accredited data protection and privacy authorities, industries, and civil society organizations, working to advocate for the highest data protection standards.
Privacy Analytics’ Chief Methodologist Luk Arbuckle chaired a panel to discuss how health research can be conducted in the context of GDPR: what are the challenges, and what are the remedies?
Panelists discussed how organizations determine the lawful basis for their health research activities, and how they applied pseudonymization and anonymization as privacy protective measures accordingly. Mr. Arbuckle provides his perspective on the conference:
What was ‘the big idea?’
“When Joe Cannataci, the United Nations Special Rapporteur on the Right to Privacy, spoke about how mobile has completely revolutionized the lives of people in emerging economies, it hit me because those devices have such global reach and impact: we’re talking about 60% of the world’s population. Our conversations around data privacy are usually localized to our own experiences and concerns, but there’s a whole other world out there! I had a similar reaction when Pansy Tlakula, the Chairperson of the Information Regulator of South Africa, pointed out how a vulnerable and impoverished population was exploited in her country, when personal data was processed by an agent working on behalf of the government, and how they were manipulated into signing up for services without necessarily being aware of the consequences.
“So one of the focal points was how people are being manipulated, regardless of economic background or country of origin. Where the letter of the law may be consent or ‘opt-in’, the spirit or intent of the law may be much broader; that there is greater need for an ethical interpretation. And the ethical view of data privacy compels us to advise people not only how their data is being used, but to protect them from misuse when it’s contrary to their best interests.”
Who was the audience?
“The audience was international and diverse, with chief privacy officers, data protection officers, privacy/data protection lawyers, relevant policy makers and technologists (including privacy engineers).”
(Illustration from THE CARTOON INTRODUCTION TO DIGITAL ETHICS, courtesy The European Data Protection Supervisor/EDPS and ICDPPC)
What value did Privacy Analytics bring to the conference?
“There was talk of creating a consortium of companies in the privacy industry, to support the ethical debate initiated at the ICDPPC. My sense is that, given Privacy Analytics’ track record as a leader in responsible data sharing, and our involvement in areas of social improvement such as healthcare, the potential is there for us to play a pivotal role. Data privacy policy is being re-shaped around the world, and the work we have done in consultation with policy makers, means that we can continue to make a difference.”