Debbie Reynolds “The Data Diva” talks to, Dr. Ann Cavoukian, Executive Director at Global Privacy & Security by Design Centre. Dr. Cavoukian is the creator of the “Privacy By Design” framework that has famously been incorporated into the EU’s landmark General Data Protection Regulation. We discuss how Dr. Cavoukian created her Privacy By Design framework in the 1990s while she was the Information and Privacy Commissioner of Ontario Canada, the tension between technology and law, third party data risks highlighted in privacy regulations, the relationship between privacy and freedom, the future of Privacy as a profession, Smart Cities, privacy as a human right, privacy and consent, the need for transparency and her hopes for data privacy in the future.
privacy, data, design, personal identifiers, privacy laws, people, companies, law, freedom, technology, individual, information, identification, harm, enormously, grandfather, transparency, world, credit scores, terms
Debbie Reynolds, Ann Cavoukian
Debbie Reynolds 00:00
Personal views and opinions expressed by our podcast guests are their own and are not legal advice or official statements by their organizations. Hello, my name is Debbie Reynolds. They call me "The Data Diva". This is "The Data Diva Talks" Privacy podcast, where we discuss Data Privacy issues with industry leaders around the world with information that they need to know right now. Dr. Ann Cavoukian is recognized as one of the world's leading privacy experts. Dr.Cavoukian served an unprecedented three terms as the Information and Privacy Commissioner of Ontario, Canada. There she created a privacy by design framework that seeks to proactively embed privacy into the design specifications of information technologies, network infrastructure, and business practices, thereby achieving the strongest protection possible. In 2010 international privacy regulators unanimously passed a resolution recognizing privacy by design as an international standard. Since then, privacy by design has been translated into 40 languages. In 2018, Privacy by Design was included in the sweeping new law in the EU, the General Data Protection Regulation. Dr. Cavoukian is now the executive director of the Global Privacy and Security by Design Center. She's also a Senior Fellow at the Tim Rogers Leadership Center at Ryerson University and a faculty fellow of the Center for Law Science and Innovation at Sandra Day O'Connor College of Law at Arizona State University. Nice to have you here.
Ann Cavoukian 01:46
Thank you very much. It's my pleasure.
Debbie Reynolds 01:49
Well, so we were talking a bit before the show, in terms of your work, so you had a massive amount of work, a body of work in academia and private, and the private sector, and you were very influential. You were Commissioner in Canada of privacy. You've done a lot of academic work in terms of publishing and speaking. Your work with people in the private sector and public sector about privacy issues. But it occurred to me I was doing research on privacy by design. And it occurred to me as I was doing this research that a lot of people in privacy, or who had gotten into privacy, like after the GDPR came out in May of 2016, right? That they associate privacy by design with the GDPR. People have a misconception that privacy by design was created as a result of GDPR. And we know that's not true. So I would love for you, you are the creator of the framework of Privacy by Design is really fascinating if anyone wants to look at the fundamental principles of this framework, but I would love for you to tell me about your trajectory and how you sort of created this in a minute, actually what was happening in the 90's that made you think that this was necessary.
Ann Cavoukian 03:18
And don't get me wrong, I was delighted that they included privacy by design in the GDPR. That was such an honor. So I was delighted. But I created it some 20 years earlier. So in 1997, I was appointed as Privacy Commissioner of Ontario, Canada, and I served for three terms 17 years. But at the beginning, when I joined, I wanted something different. You see, I'm not a lawyer, I'm a psychologist. So when I joined, I noticed that the way the lawyers, they're all lawyers in my office but protected privacy was after a data breach or after a privacy infraction. They applied the law. And they got a wonderful solution. And that was very important. But I wanted something proactive. I wanted something that could prevent the harms from arising ideally, like a medical model of prevention. I wanted a privacy model of prevention upfront. And so we created privacy by design at my kitchen table over three drinks. Because this wasn't something the lawyers ran to, I did it myself, given my background. And then I took it into the office, and I literally sold them on it. And it took a few weeks to do but then they came around because I wasn't saying forget about privacy laws. Of course, we need privacy law. It's very important. I just wanted privacy by design to complement the privacy laws which come after the harm. And I wanted to prevent the harm proactively. I wanted to create a model where you could, you know, create privacy-protective measures and embed them into your operations, bake it into the code into all of your design so that we couldn't forget to do it that it was always there as the default setting. And that was the game-changer. And it took off big time. And I'll tell you on 2010, it was Internet unanimously passed as an international standard by the International Assembly of privacy commissioners and data protection authorities. We always have a conference once a year, usually in Europe, in 2010, it was in Jerusalem. And at the end of a three or four day conference, we have a half day closed session devoted to commissioners introducing resolutions that they'd like the assembly to vote on. And I introduced a resolution that privacy by design should complement regulatory compliance that come in proactively. And to my amazement, it was unanimously passed. So I was delighted. And I should add, since then, it's been translated into over 40 languages. And all around the world, it's followed, and Brazil just introduced a new privacy law, they've got privacy by designing. So not a week goes by when I don't hear from some jurisdictions around the world as to what they're doing.
Debbie Reynolds 06:15
That's fascinating. That's amazing. Also, I mean, I think when the GDPR came out, that was very much a breath of fresh air because I'm very much a proactive person, right? So my advisory is proactive, you know, to me, you know, the best way to solve our problem is to prevent it. So I love the fact that was in the law. But I think that, to me, that is the part of GDPR that made it a game-changer, in my opinion. Because, you know, you're looking at like to, say, a preventive, where law, a lot of laws are about, you know, what redress or recourse happens after sort of a harm, and especially when you're dealing with data of individuals, and the harm that can happen to people, you know, there may not be any adequate redress, right, for the harm that can happen. So being able to look at things at a design level early on is really, it to me is critical, especially when you're dealing with kind of a life or liberty of individuals.
Ann Cavoukian 07:22
Yes, I couldn't agree more. I mean, it really was a game-changer. And the fact that the EU added privacy by design and privacy as the default into the GDPR was just huge because then it meant it was going to be followed globally, all around the world, because everyone wants to achieve essential equivalents with the European laws. So they can engage in trade and business without any problems arising, including privacy by design, huge. And in, I think it was 2015, one of the online publications, Information Age, they said, If you follow privacy by design, then you're going to you're going to satisfy the rest of the GDPR. And I want to be clear. There's much more to the GDPR than privacy by design. But I think what she was reflecting was the fact that privacy by design is proactive and addresses so many areas that you are most likely to satisfy many of the other GDPR articles as well by having full privacy by design.
Debbie Reynolds 08:31
Yeah, I think right now, there's sort of a, I guess, a tension between, in my view, sort of data and technology and the way things are going and also kind of law regulation. It's where I feel like, you know, I'm very much for data minimization. So for me, part of privacy by design is not putting so much data out there, to begin with, right? So you have less data out there. You have less data to protect in the first place. But then we have all these technologies, especially you know, I was talking about the other day about the metaverse, and it's kind of the spatial Internet where these technologies will require even more data and we give now so how are you seeing that tension where you know, we know that we know for sure as a low tech solution, putting less data into systems definitely helps that. But then also having you know, advancements in technology that are really requiring will require more information about individuals.
Ann Cavoukian 09:33
The key is to anonymize the data. De-identify the data. And we have so many protocols now, strong de-identification protocols combined with a risk of re-identification framework that minimize the likelihood of re-identification to less than .5 percent. That's less than the odds of being hit by lightning when you go outside on it when it's raining out. Amazing odds. You see privacy by design, one of the essentials of it is abandon zero-sum pursuits, meaning, either or win-lose zero-sum means you can only have one thing, privacy versus security, or privacy versus data utility. And I can assure you, it's never privacy that wins in that exchange, nor should it be, but I sure as heck, I'm not going to have it lose out. For the other interests, we reject that model. Privacy by design is all about positive-sum, meaning you can have multiple positive gains, at the same time, when when it's privacy and data utility. And you can achieve that by doing very strong de-identification. Now, there's something called synthetic data, which is amazing, which takes de-identification even further and removes all personal identifiers. And you see, once you no longer have personal identifiers linked to the data, then you don't have any privacy issues. Because privacy laws only apply when there's personally identifiable data, you remove the personal identifiers, and you're golden, then you can have data utility, you can enjoy the value of the data for a variety of purpose purposes without placing the individual's privacy at risk. Win, win.
Debbie Reynolds 11:17
You know, what do you think about third-party data? So to me, they're allowing the privacy laws, rightly so have really pinpointed this whole third party data risk, where they're putting more onus on first-party data holders in terms of what data they give to people and what responsibilities they have, and also what responsibilities third parties have. And then we're saying big companies really trying to limit that risk by saying, okay, third parties, we're not going to share this data with you, or we're going to minimize the data we share with you, or we're going to have you try to create a really a first-party relationship with individuals if you want more data than we would give you.
Ann Cavoukian 12:02
I have a real problem with unauthorized third parties gaining access to people's personal information. It's, first of all, it's not their data. They weren't even involved in the initial exchanges with the data subjects. So I do have a real problem with third parties. They don't tend to uphold the privacy-protective measures that may have been introduced by the first party. And they placed the data at risk and privacy at risk. So I'm not a supporter of that at all.
Debbie Reynolds 12:35
Yeah, you talk in your work. And I would love for you to kind of draw this out a bit, which is the the idea about privacy and freedom, privacy is freedom. So we hear I hear people who say, well, we have no privacy. So we should just give up everything that says zero something?
Ann Cavoukian 12:54
Oh, Debbie, it drives me crazy.
Debbie Reynolds 12:57
But I feel like I love the way you're talking about privacy of freedom. And then I don't know, to me, I think about it as agency, right? Having some control, right?
Ann Cavoukian 13:08
Privacy forms the foundation of our freedom. It's absolutely essential. You cannot have free and open societies without a solid foundation of privacy. And I can tell you, historically, this is everywhere. And it's nonsense to suggest that somehow freedom is going to be impacted negatively by privacy. It's the exact opposite. Privacy breeds freedom. It breeds creativity, innovation because you don't have to worry about looking over your shoulder at who's doing what you know. You want to you want to do blue-sky thinking when you're creating things without any fear of repercussion. You need total total privacy, total freedom to do that. And I always like to give the example of Steve Jobs, the brilliant creator of Apple, and he used to buy a new white Mercedes every six months, less a day, then he would take it in to the dealership, get another white Mercedes say makes a model, bring it home six months, less a day and take it in. He did that until he died. Why would he do that? Because in California at that time, you had up to six months after you bought a new vehicle to get a license plate number put on. He didn't want a license plate number. You know, I mean tracked, surveilled like they are nothing. It's that idea of total freedom blue sky thinking. It's critical, and privacy breeds that in terms of freedom. I will tell you a personal story. I'm Armenian. My grandparents just barely escaped the Armenian genocide in 1915. Like this close, they were in the prison. They're going to be killed the next day. And my grandfather, who was an artist, wonderful painter. You might think, what does that have to do anything? My grandmother told me the story that my grandfather always carried with him parchment paper and charcoal because he loves to etch. During the day, he saw the general, the ruling general, and he etched a portrait of the general that night when my grandma was holding the candle from memory he etched a portrait of him in the morning when they let him off to be killed, loaded up, gave it to the soldier and said, please give this to General Pasha with my regards to the soldiers. Don't be stupid. What do we even want this on my grandpa's. I thought that was it, and we're going to die. My father was three years old, then on horseback just before they're being killed on horseback comes riding, General Pasha waving the parchment paper and said, who did this? I want to know who did this. And my grandfather says FMD. That's so in Turkish. I did it. He said I like it very much, you and your family, you're free to go, I wouldn't be here. Now. If it wasn't for the wild, crazy thinking of my grandfather, thinking you're free his family. And the stories that my grandma told me when they were in prison, that people were always whispering, looking over their shoulders. If you dared utter a word in favor of Armenians, you were killed on the spot, everyone went inward. Do not underestimate freedom never give up on that it is essential to our survival. And you need privacy in order to have freedom.
Debbie Reynolds 16:12
Yeah, what are your thoughts? You know, I think that this conversation comes up a lot, or maybe it doesn't come up enough, right? So countries that have privacy as a fundamental human right, your laws are broader, right? Then maybe places like the US where privacy is more seen as a consumer right? And there are a lot of exceptions to that. What are your thoughts about just in general, like privacy laws and countries where they have privacy as a human right versus kind of a consumer, right?
Ann Cavoukian 16:42
I think it has to be as a human right, which includes consumer rights, of course, but it's much broader, and applies to the example I just gave you, that, that freedom and privacy apply broadly. And this is our lives we're talking about; we want to preserve the freedom in our lives so that we can engage in whatever behaviors we want to do. And unless we harm another individual, we should be able to prevail in our views, think what we want, have discussions with different points of view. We have to be able to have that.
Debbie Reynolds 17:15
Yeah. How do you feel about privacy as a professional, so you've been doing privacy for a really long time. And as have I, back in the days where no one really was thinking about us? Right? And now, because of technology and all these kind of, you know, extraterritorial laws, you know, become more mainstream privacy. What do you think the future of privacy will be in terms of kind of a profession? You know, it's like you said, You're, you're a psychologist. Correct. And I'm a technologist. So I'm not a lawyer. Right. But I think in some ways, I feel like the privacy can do is help break down walls or break down those silos?
Ann Cavoukian 17:58
Yes, absolutely. And there is a greater call for privacy professionals. Now. Privacy training is growing enormously. There are jobs posted everywhere for privacy professionals. So I think it's growing. But we need this because surveillance is mounting, as well, enormously. So I think of it as a chess game point, counterpoint, surveillance makes two-four steps forward, privacy pushes it back three steps, then I mean, this is going to be an ongoing exchange, the online world exemplifies this. But then we have things like encryption, which are enormously protective, and both security and privacy. We knew we had decentralized identity. Now we actually have a decentralized identity foundation, consisting of all the major tech companies like Intel, and IBM, etc. So I don't give up on privacy. Whenever people say, lady, give it up. That ship has sailed. I say, Are you kidding me get another ship. For God's sakes, we cannot give up on privacy. I'm not saying it's easy. Technology is mounting in insurmountable ways at times. That's the perception, but so is privacy. So we just have to persist in both areas and ensure that we have people out there who are keeping their eyes on the tech and ensuring that the legal community and others are all coordinating this,
Debbie Reynolds 19:20
So how do you feel about this, I feel like we're turning a corner in a way, and I think Apple may have helped with this a bit where some people were thinking about privacy as a tax on companies, right? Like, Oh, my God, this is like another regulatory thing that we have to deal with, which obviously there's regulation, right. But I think that privacy can be a benefit, right? It can be profitable for companies. So I think we're turning the corner there. What are your thoughts?
Ann Cavoukian 19:46
I couldn't agree with you more. As I said, I created privacy by design a long time ago. And since I formed my own consulting firm, we now certify privacy by design in conjunction with KPMG. So companies come to me for a certification of privacy by design that they're doing with their consent I sent KPMG in to review what they're doing. And then we issue certification if they're doing it properly. And companies that have gotten certified have called me and said, We love this. We love this. It has built trusted business relationships that we're just walking out the door. As I said, there's such a trust deficit. Now, privacy builds trust back. Business relationships rise, you keep the customers you have the clients you have, it attracts new opportunity. They love it. And things like, you know, ensuring that customers have access to their information. I mean, that should be a basic. I always tell companies and governments, you may have custody and control of someone's personal information, but doesn't belong to you belongs to the data subject. So give them a right of access to their data. And companies have told me when they do that, and they love it. Because the quality of their data goes up, accuracy increases, they say, look, we have data on 1000's of customers 1000's of pieces of data, we don't know what's accurate, what's not at the latest. But if you're given individual access to their own information, they tell you right away, they said no, no, that was two years ago, it's changed to this. And it increases the accuracy of the quality of your data. So once again, we want to make it a win-win for both companies and individuals. If both groups will win.
Debbie Reynolds 21:23
Yeah. What is your thinking about a lot of I know that you do Smart Cities or Smart technology things, as do I? What are your thoughts about kind of what's coming next in the future for Smart Cities in terms of not only that the technological innovations, but how that will impact privacy because I feel like a lot of those things are just, you know,
Ann Cavoukian 21:50
I don't buy it. I was retained by Sidewalk Labs A few years ago because they were going to build a Smart City here in Toronto, Canada, which is where I live. I said that's great. They wanted me to embed privacy by design into the Smart City. Perfect. So after I studied for a while, I said, look, you can have Smart Cities, but with all of the technology that's going to be on 24, 7 sensors, cameras, everything, you have to de-identify data at source, meaning the minute the data are collected, you have to scrub it of personal identifiers, right, then there, we can do this. And they said yes, originally, then they walked away from doing it, and I left. And since then, it's falling apart for them. They're no longer here. So what I say to companies I work with now on Smart Cities is this is eminently doable and will be very beneficial to citizens. But you have to make protecting citizens privacy an absolute priority. If you do identify the data at source, meaning any data that's collected from anywhere, you immediately strip it of all personal identifiers, then you can use it in any way that you wish you get enormous value out of the data without placing any risk to privacy when we're going to do this.
Debbie Reynolds 23:02
Yeah, not only that, the identification process can help greatly in cyberattacks, right? Because that's a way that you proactively protect the data.
Ann Cavoukian 23:14
I couldn't agree more. Cyber attacks are growing enormously, fishing expeditions, everything. And the problem is, once they get your data, it's gone. It's not personally identifiable, they may gain access to data through a company, but they're not going to know it's linked to me or you or anyone. Therefore the risk to privacy is greatly minimized. The harms will still arise for companies etc. We don't have sufficient security, but the hacks to privacy will be eliminated.
Debbie Reynolds 23:46
Now, yeah, that's interesting. You mentioned that, so I think consent is going to be a big deal. As you know, a lot of companies are even in, even in the GDPR, let's juxtapose the GDPR, push Canada, the new China, Data Privacy regulation in China, where consent is very high on their list, with GDPR internal legal basis, kind of like the last resort, right? You're supposed to give us other things.
Ann Cavoukian 24:13
Debbie, if I may say something, though, about the Chinese act with due respect, consensus, it is a strong law, but it only applies to the public to the private sector. It doesn't apply to the Chinese government, my dad, the ones perpetrating all the privacy fraud, and other social credit scores. My God. You know, you jaywalk, and you got a low number. I mean, it's ridiculous. And this little example, there was this brilliant student apparently in China, who graduated from high school with all the pluses and he was brilliant and destined to go to great heights. You apply to several universities. What happened? He was rejected from all of the universities. Why? Because his parents social credit scores were too low, they can walk too much or whatever. That's what I find so outrageous and offensive about China, and the social credit scores they develop, and they determine what kind of person you are.
Debbie Reynolds 25:12
Yeah, that's very much the danger of data, right? The danger of people making inferences and taking action against people that is harmful, and then them not being able to, like we say, talking about freedom and agency being able to have the agency to say, you know, this isn't right, or, you know, they didn't used to be used. And then so that concerns me too, and kind of credit rating agencies, because a lot of what has been so you know, it hasn't been transparent over the year. So hopefully, that feedback becomes more transparent. Yeah. So we're about to wrap up here. I would love to talk with you a little bit about transparency. So I feel like transparency is the wave of the future. Like companies that aren't transparent, I don't think will thrive kind of in the next decade. What are your thoughts?
Ann Cavoukian 26:03
I couldn't agree with you more transparency is absolutely critical. And I always tell people, look, you always have to look under the hood, trust, but verify companies may say this, or governments may say this. And we know as government's half the time, they're doing the exact opposite. So you have to examine what's going on. Transparency enables you to do that, or enables other people to come in and audit the systems review that accompanies the government departments are actually doing what they promised they would do as opposed to the opposite. Without transparency, you have nothing. So that is absolutely essential.
Debbie Reynolds 26:44
What is, I ask everyone this question, so if there was a world, according to Dr. Caboukian and we did everything you said, what would be your wish for privacy anywhere, whether it's law, technology anywhere in the world?
Ann Cavoukian 27:02
Freedom, with respect to personal control, privacy revolves around control, an individual's ability to control the use and disclosure of their personally identifiable data. It's all about you, the data subject, deciding where you want to share your information, where do you want to give it to, etc. And you know, I always tell people, look, privacy is not a religion, you want to give away your information, be my guest, as long as you make the decision to do so. It has to rest with an individual deciding how they want to share their personal information, and to whom they wish to have it disclosed, etc. If you want to gain some monetary value from it from some company, by all means, do it as long as you know, what you're doing, what you're going to get in return, what restrictions are going to be placed around that? And the protections associated with that? That's what that'll be my wish
Debbie Reynolds 27:55
Yeah, I totally agree. I totally agree. Well, this has been fantastic. Thank you so much for joining me. And I'm sure that the audience will really love this, especially the backstory of privacy by design. So you heard it here first, for anyone who isn't clear about privacy by design and GDPR that Graham stated first many years ago, and I love to have you on the show. Again, from here. We'll talk more about for what's happening.
Ann Cavoukian 28:21
That would be my pleasure, Debbie.
Debbie Reynolds 28:24
Alright, thank you.
Ann Cavoukian 28:26
Okay. Thank you. My pleasure.