By Gail Crawford and Amy Taylor

Privacy professionals from more than 20 countries are gathered in Cambridge, England, to discuss privacy challenges in today’s world at the 25th annual Privacy Laws & Business conference.

Professor Michael Birnhack, Professor of Law at Tel Aviv University and Visiting Associate Fellow at the Institute of Advanced Legal Studies, University of London, kicked off the conference on Monday–day one of the three-day event–aptly setting the scene with a session on the challenges of compliance given the increasingly rapid changes in technology and the ways organisations use data. Birnhack provided an overview of some of the advanced, covert data collection technologies in the pipeline, including technologies which allow for remote, real-time collection of biometric data without any input from the individual and profiling using advanced social media analysis technology. He emphasised the practical difficulties of applying current privacy rules, such as the requirement for the provision of clear information to end users (the so-called transparency principle) and obtaining informed consent where necessary, given that data is less likely to be obtained directly from end users. Instead, Birnhack emphasized, there will be a clear move towards “hidden” data collection which requires no knowledge or participation by the individual. Data processing also is becoming more complex, with collection, processing, transfer and distribution merging into a simultaneous process rather than operating as a linear progression, thus making it more complicated to accurately explain processing to individuals in simple terms. 

This new era presents valuable opportunities for businesses that can provide new services and tailor existing ones accurately to the individual. Maintaining transparency and control for individuals, and complying with other rules better suited to linear uses of data (such as export requirements) will only get harder in the face of increasingly complex data technologies. 

The current EU legislative framework and the new draft EU framework set out rules better suited to simple, linear uses of data and are arguably not fit for purpose given the technologies on the horizon. More context- and user-driven approaches to compliance will be required, to account for new data uses and rapidly changing levels of individual awareness and control of data, rather than static compliance solutions for an entire organisation or industry. Flexibility will be key, but does not feature greatly in the new draft EU framework.

Wednesday at the conference is devoted to discussion and analysis of the draft framework. We expect a lively debate as to whether the new framework adopts a workable approach.

See the full schedule for the three-day conference, available here.