privacy, law and portability

1 view
Skip to first unread message

Jan 29, 2008, 5:25:14 AM1/29/08
to DataPortability Workgroup
Hello all,
Firstly, thanks (Paul Jones I think it was) for inviting me to join,
and apologies for taking a while to write this.

I'm wondering what steps are being taken to explore the privacy
implications of data portability. There are some significant social
and legal concerns that I believe require addressing early on in the
conceptual design.

JP Ragaswami picked up on some of the issues here.

When I posted on Robert Scoble's "scraping" incident in relationship
to the EU data protection directive, I felt I was raising a reasonable
concern, at least from a European legal and cultural position. Many
folks (especially Americans) didn't agree with me, but free speech is

Those that didnt see the post,

I would strongly advise that the data portability group place the
privacy issues at the centre of the design and concept. If not, it is
likely to create significant social and legal backlash at a later
date. It is not easy to retrofit PET (privacy enhancing technology)

(Also a minor point, at least in Europe, the abbreviation DP is
commonly used to refer to Data Protection, so perhaps using it for
data portability will create some confusion.)

In terms of my background.
I have a post graduate law degree (LLM) in this field, a number of
years' experience in privacy and enterprise applications, and I'm in
the middle of a PhD looking at privacy and enterprise applications. I
work at SAP as a Chief Business Solution Architect. I work with our
major customers on their SAP related strategies. I will though, be
leaving SAP and heading to Gartner Research from next month.

I would suggest that the group involve some leading heavyweight
privacy expertise. Given Microsoft's membership I'd propose talking
to Kim Cameron, he is one of the world's foremost experts on privacy
and identity. This is a complex field, but there is a lot of good
prior art that can be used.

I'm involved with an academic and EU project which partly looks at
building privacy and other compliance concepts into application
design, so I'm relatively well connected with privacy academics both
in the UK ,Germany and the US. The demands of both my new day job and
academic work mean that I can't really devote significant time to the
workgroup, but I would be more than happy to help make introductions
with the experts, and add my 2 cents' worth where I can. At this
stage it may seem I'm raising issues without suggesting a solution,
but that is not my intention. I simply don't want to set expectations
of my involvement levels that I can't keep.

Personally, I reckon the w3c involvement should be welcomed. We all
owe them a significant debt of gratitude for getting the Internet to
where it is today.

Elias Bizannes

Jan 29, 2008, 7:08:16 AM1/29/08
to DataPortability Workgroup

I've been waiting to for people like you to start posting. I
completely agree, and I look forward to exploring this with you over
in the policy group, as I have had some privacy act experience in
Australia and the whole concept of privacy has fascinated me for
several years when I first made the realisation of its impact on
online advertising. I call it the "inflation" of the information
economy [1] :)

However please repost this in the Policy Blueprint group, which is
tasked with solving the very issues you present. We are trying to move
all discussions to their respective action groups.

and by the way, agree with everyone you say - look forward to the


Reply all
Reply to author
0 new messages