Whew, Just got back from EuroDIG 2009 where I was a speaker in the Personal and Professional Privacy session.  I had a tremendously good time.  The session was largely organized as a round table discussion with 6 speakers, a moderator, and a large and active audience.  The other speakers were great, as was the discussion from the audience.  Naturally we ran out of time, and were only able to include a small portion of what was discussed in our summary report back to the main EuroDIG body.  Because of the structure of the EuroDIG site I cannot link to the session outcome, so I will include it here below the jump. Oh, and a lesson learned: have excellent people take notes during workshops and then post the outcome immediately.  I think we don’t do this enough in the academic community.

We had a multistakeholder panel, with a very dynamic discussion… • It was stressed in this workshop that the following issues should be discussed on a European and on a global level: Need for a user-centric approach: • The general approach to applications requires that the environment and development of issues must put the User in control of their privacy (user-centric). In order to achieve this, informed consent is necessary: This is on two levels: 1, the user clicks and has no idea what happens, where his information goes, and who is collecting his information, where it is linked to, and how much he is giving away, to which and how many companies, entities or governments. On a second level: if the user does not read and understand the terms of service, and even if they do understand, do they have any real choice? Options must be provided that offer a realistic possibility that does not require an exchange of your data for the desired service. Need for a user-centric legal regulation: • While online advertising plays a critically important role in the Internet and Web 2.0, the majority of users are not well-informed about the potential impact personal data collection will have on their daily lives. • The advertising revenue model has not been addressed as yet adequately by policy makers. Furthermore, increasing vertical consolidation between search engines and online advertising companies give them unprecedented control over large personal information databases, and the issue between competition and privacy should be addressed. • The principles of privacy, data protection and self-determination must be included in the concept and design of applications and IT projects, whether they be private or governmental, national or transnational processes. This also includes fostering open standards and open design. • We are more and more constructed by world data collectors outside of our influence. We are not only leaving our information behind: our identity is actually being constructed by other players in the online world. The environment is producing information about us, creating our identity without the participation and awareness of the data subject. • Priority must be given to privacy of the body in Internet discourse both from a medical viewpoint as well as in the workplace, where RFID or other kinds of locators may be inserted into workplace ID or clothing, as well as medical apparatus. • Employees have a right to privacy at the workplace; existing rights must be enforced. Basic rights such as freedom of speech and freedom of assembly must be strengthened in the Information Society. Online communications between employee associations and employees must be facilitated and free from monitoring. • Best Practice: In many European countries, any introduction of technology that can serve to monitor workers must be co-determined by workers’ representatives. • Access to online services must be possible in an anonymous way. • Data retention must be considered a threat to privacy and to basic human rights such as freedom of expression, freedom of press and freedom of association. • We call upon countries to adopt and enforce data protection laws covering all sectors, both online and offline, based on International Privacy standards that are built on the rule of law, that support democratic institutions, and safeguard human rights like the EU Data Protection Directive and the Privacy Convention 108.