My statement for todays’ panel on privacy. For today’s panel, I want to talk about data privacy in the context of the notion of accountability.
Imagine you browse the web, looking for shoes. For the weeks to follow, whenever you visit a web page, adverts of shoes will be presented to you.
Have you ever asked yourself why these adverts are shown to you, who has information about you, what information they have about you, and how did they decide to serve this advert to you?
A system able to answer such why/who/what/how questions is accountable. Being accountable means being able to provide explanations or justifications for decisions and actions.
To be able to provide accountability, there is a need to be able to trace flows of data (traceability), tracing data across systems enables explanations to be provided about the transformations, operations, and decisions made about such data. Several names are available for such notion, traceability or provenance. Provenance of a decision helps explaining factors that affected the decision, data involved in it, etc. The word is common for food: provenance of food is a sign of its quality; likewise, provenance of a piece of art enables its authenticity to be asserted. Over the last 15 years, I have been leading research activities around provenance of data, and led a standardisation activity for provenance on the web.
The European GDPR General data protection regulation coming in 2018 has a component dubbed the “right to explanation”. There are still some uncertainty about what it entails both legally and technically.
What has it got to do with privacy? Privacy and accountability have an interesting relation that I want to discuss.
Consider expense claims, a topic well understood by this audience. Imagine that Alice and Bob have a business meeting conducted over a meal. Bob has to make his expense claim public. This may indirectly make the presence of Alice at the restaurant’s location public. Alice’s privacy is in tension with Bob’s accountability/transparency requirement.
So, there is a tension between privacy and accountability. 100% private doesn’t give you accountability, 100% accountable doesn’t give you privacy.
Privacy is important, so is accountability! These are values that we want to promote Technically, legally and as a society, we are still learning to understand these values and how they should be protected.