ITBusiness.ca

Taking privacy mobile: Embedding the principles of Privacy by Design

Mobile technologies are increasingly ubiquitous, and provide us with growing opportunities to stay connected and informed from anywhere, at any time.

But these same technologies can raise significant privacy concerns. Some concerns arise from the general means of engagement with mobile phones – such as users’ propensity to always leave them on. Of course, this enables incoming phone calls and text messages to be received, and many other applications that are central to the functionality of mobile devices. But it may also enable activities such

Ann Cavoukian, Information and Privacy Commissioner of Ontario

as location tracking, which can provide very accurate information about where the device’s owner goes over the course of the day, and when.

Happily, privacy need not be a casualty of our desire to stay connected wherever we may roam. By applying the principles of Privacy by Design – which takes a proactive, preventative approach to embedding privacy into the architecture of systems and technologies – we can achieve a positive-sum, win-win outcome, and enjoy both privacy and mobile connectivity.

Recently, my office and Arizona State University’s Privacy by Design Research Lab teamed up on a paper that addresses precisely this issue, mapping the way forward for meaningful privacy protection in the mobile space by providing practical advice for embedding the principles of Privacy by Design (PbD) into mobile technologies and applications.

Our report builds on the findings of original research conducted by ASU’s new PbD Research Lab.  Researchers convened an expert panel of top executives from leading mobile organizations to identify and rate privacy and security challenges in their rapidly-expanding field, and propose potential solutions grounded in real-world experiences.

Using the solutions identified by this expert panel, our Roadmap for Privacy by Design in Mobile Communications outlines key privacy responsibilities for each major stakeholder group in the industry – while noting that parties will have to collaborate to develop the most effective solutions.  For example, device manufacturers must ensure that the requisite privacy tools are built-in, using potential solutions such as automatic, seamless encryption of device data, the development of privacy wizards, and safe disposal and secure destruction mechanisms. Similarly, OS and platform developers must work on possible approaches such as the integration of fine-grained, cross-application privacy controls, reporting mechanisms and regulating the access that applications have to device data.  However, neither can fully implement these protections without the other party.

The responsibilities of network providers, application developers/data processors, and users are also addressed, as are areas in which full-sector collaboration is required in order to, for example, develop privacy standards, develop and deploy consumer-facing privacy icons, and build user awareness of potential privacy issues through education efforts.

In addition to tracing the way forward for privacy in the mobile sector, the Roadmap also demonstrates the extent to which “Privacy by Design is a team sport.”  All parties have a role to play, both on their own and in partnership with others.

In the context of mobile communications, if device hardware does not allow for the implementation of a given privacy measure, the OS or platform does not support it, or the user does not know about it, then that protection cannot be effective.  This message will hold true for every implementation of Privacy by Design, regardless of industry sector – collaboration is essential, and will benefit all involved.

Exit mobile version