Q&A: Striking a Balance Between Privacy and Security

Mar 06 2017
By B. Rose Kelly
Source Woodrow Wilson School

This Q&A is part of a series featuring panelists who will participate in the Princeton-Fung Global Forum. This public event, to be held March 20-21 in Berlin, is being organized by the Woodrow Wilson School of Public and International Affairs. Register here.

Given the enormous amount of data collected worldwide, regulations must strike a careful and unique balance between privacy and security.

In the Q&A below, Martin Eifert, a panelist at the upcoming Princeton-Fung Global Forum, explains data protection quandaries and how different cultures weigh the risks and benefits.

Eifert is a professor at the Law School of Humboldt-University in Berlin, holding the chair of public law, specifically administrative law. His main research interests include constitutional and administrative law, media law, information and data protection law, regulation, law and innovation and environmental law. 

Q. Your work focuses on information and data protection law. What are today’s most pressing issues in this area?

Eifert: In the field of data protection, we are facing major challenges at different levels at the same time. Data protection has become a global issue. However, we lack a globally shared understanding of both the aim and the adequate level of protection. Thus, we observe major differences between the European and the United States’ approach to privacy and data protection. Apart from this fundamental issue of conceptualizing privacy, we need to develop an appropriate regulatory framework to effectuate the chosen data protection regime. As data processing is ubiquitous, the regulatory approaches need to be flexible and easy to implement.

As far as public administration is concerned, every jurisdiction needs to strike a balance between privacy and public security. Regulations on data protection need to reflect that balance. With respect to the private sector, it is particularly difficult to set a one-size-fits-all level of data protection. In face of a great heterogeneity of interactions and business purposes, it is extremely difficult to draft adequate approaches. General rules often do not fit. The most promising approaches are threefold: first self-regulation that itself is embedded in a regulatory framework, second data protection by design and third data protection by default. So far, however, we have little knowledge how to implement these approaches effectively. Furthermore, in times of “big data” we need to define more precisely which purposes of data processing and use of data should be prohibited in which kind of specific interaction.

In the area of information law, the focus of attention lies on the profound changes of individual and public communication on the internet and the consequences for individual rights as well as for public discourse that arise from these changes. Some particularly pressing issues relate to the legal responsibilities of communication intermediaries and to the piercing of so-called filter bubbles. An eternal problem is balancing transparency as a means of accountability on the one hand and the protection of legitimate public and private interests of confidentiality on the other hand.

Q. You’re part of the law faculty - and chair of public law - at Humboldt University. What current research projects are you working on?

In the field of data protection and information law, I am currently working on how to balance the right to privacy and the protection of personal information and the freedom of expression on the internet. I am also interested in finding out how conventions emerge in the digital world and how the emergence of “appropriate” conventions could be facilitated.

Q. Why is the intersection of law and technology so important in today’s world?

Eifert: In the digital world, freedom of the individual is as much affected by legal rules as by technological design. Patterns of behavior are strongly influenced by technological options. In the digital world it is algorithms that both create and delimit options of behavior. The more technology pervades every day life, the more it exercises its influence on all kinds of social interaction. In modern societies, we use law as a crucial means to regulate social life. We have built a complex set of institutions, which aim at ensuring sound legal rules and their rational application. As technology further shapes our social interactions and individual freedom, the design and development of technology has to be put in law’s focus. The intersection of law and technology is so important because here is the starting point for all regulatory efforts to unfold the tremendous potential of technology in a way that is compatible with our basic values.

Q. How do different cultures attempt to draw lines of what is and is not acceptable in the digital world? How do the lines between state actors and private corporations blur in today’s digital world?

The distinction between what is and what is not acceptable in the digital world has been modeled according to the offline world. Content, which is not acceptable in offline communication, is not accepted online either. However, not every aspect of online communication has a counterpart in the offline world and dynamics as well as effects of communication heavily depend on the type of media used for its dissemination. For example, dissemination, impact and mutability of a comment posted on a social media platform have no thoroughly fitting equivalent in traditional media. However, in the face of uncertainty about such effects, there is a strong inclination to align judgments in the digital world with established precedents in traditional fields. As the lines have been drawn differently in the various jurisdictions of the offline world, we are facing a tension between a global communications infrastructure, which provides access to content across borders on the one hand and jurisdictions with different judgments with regard to acceptable speech on the other hand.

There are three basic options to mitigate the tension: ignorance, geo-blocking/filtering or convergence. Each of these options has only limited power. Ignorance refrains from implementing traditional values with respect to internet-content at the expense of an erosion of these values and the obvious danger of a race to the bottom. Geo-blocking and filter systems tend to strictly implement fragmented jurisdictions at the expense of a free exchange of ideas. There is a valid expectation that globalized communication, in the long run, will align standards of acceptability, but it is questionable whether patiently waiting for convergence is the right response to pressing issues today. All options need to address not only providers of content but also intermediaries, which have become powerful private actors with enormous influence on what and how content becomes accessible.

Q. In your opinion, what is the future of the internet? What role will law and policy play in this arena?

In the United States as well as in Europe, the internet has become an additional dimension with regard to virtually every human activity – business, political discourse, science and private communication. The internet can no longer be seen only as merely an incubator of innovative ideas which should unfold without regulatory restrictions. Regardless of its particularities, the internet needs a mode of governance that is accountable to the public. Due to its global nature and the importance of technological options, a suitable governance framework imposes responsibility on powerful actors and relies on procedural arrangements and fosters institution, which monitor the developments and allow for public discourse. It is a valid and necessary matter of public policy to bring forth such a governance structure at both the European and global level. Law is an important means to establish this kind of governance framework.