Once, Arthur C. Clarke, the author of the famous science fiction novel “2001 – A Space Odyssey”, stated:
“Any sufficiently advanced technology is indistinguishable from magic .”
Each day, we are amazed by new and new wonders of science and technique which are becoming part of our everyday life. Things such as the Internet of Things, tablets, smart phones, mobile applications, drones, analytics software, online tracking tools and geolocation tools, self-driving cars, storage in the cloud, Google Street View, etc., are taking their place in our vocabulary and, often, in our habits.
For some of us, fans of the Star Trek series (among which I include myself), the news about NASA announcing the creation of a Tricoder which can collect medical data about the patients and diagnose possible illnesses is an opportunity to get enthusiastic. However, for famous Stephen Hawking, helped by technology to survive and interact with those around him for many years, the technological bloom is a matter of gloomy forecasts.
Legal advisers cannot keep dreaming too much about the magic of new technologies, because of the legal challenges they encounter. Often, the question is whether legislation can keep up with it and if/ how it should be changed in order to reflect the new realities.
Since on January the 28th we celebrate the Personal Data Day (called Data Protection Day in Europe or Privacy Day outside of Europe), I have decided to try stepping out of the “technological daydreaming” and use this good opportunity to reflect a little bit upon some of our favorite technologies which can collect and use our personal data in the most various ways.
The protection of personal data gathered by means of the mobile applications (app privacy) remains a fresh subject which deserves the developers’ attention.
Many mobile applications collect and use the users’ personal data. This implies the answer to a series of questions, such as: is it a worldwide application or not?, what information and data is being collected?, where is it stored?, how is it used?, if and to whom can it be revealed?, etc. Taking the possible legal risks into account, a well prepared policy regarding the personal data (Privacy Policy) in order to be accepted by the user is not a fad, but a necessity.
In these circumstances, more and more often it is recommended to implement the concept of Privacy by Design – which implies taking the possible legal risks into consideration right from the incipient steps of developing the applications (for instance, before implementing a geolocation feature into the application).
You can read more details about this concept and the types of personal data that can be collected via mobile applications in the article “The developers of mobile applications and the personal data. Any connection?”, published in the 21st issue of Today Software Magazine.
Nowadays’ technology produces and facilitates the access to a huge amount of information and data. And those who are somewhat familiarized with the concept of “big data”, probably already know that big data = big business. Some even dare to state1 that personal data (even in their anonymous form) can be considered “the new petrol”, having also an advantage: they can be “extracted” from the most varied sources.
In this respect, analytics software, online tracking and geolocation tools play an essential role, as they are powerful instruments that can systematically track the users’ activity. They are capable of dealing with an enormous amount of data, analyze them, combine them and look for patterns – basically, in view of turning them into value for the companies.
But the value resulted from using these data is accompanied by a potential abuse risk. Therefore, from the legal point of view, the activities carried out in an inappropriate manner through the analytics software, online tracking and geolocation tools may represent a major threat to the clients’ data and to those of the users in the online environment and, thus, to the concept of data privacy.
In most of the cases, the perspective of the analytics industry may be that the user/ client is the one who decides on how to use the tools that are available to him and what data he wants to offer access to. Nevertheless, there are certain rules and recommendations that need to be taken into consideration, so as to try preventing the risk of abuse (for instance, by correctly informing the users about the operations where their data can be collected and their online activity can be tracked, so that they can make an assumed decision – whether to accept it or not).
Drones can be commercial, of surveillance, but also light drones of small sizes, used as a hobby.
They can all be intrusive, since most of them have embedded filming or data transmission devices which allow them to take pictures or shoot videos – most of the times, without the consent of the targeted people to be photographed or filmed.
Since the image or the voice of a physical person is personal data, we understand why this activity is not exactly ok without the agreement of the respective person.
In his report, TMT Predictions 2015, Deloitte estimates that the total incomes of the drones industry will increase to 200 – 400 million dollars in 2015 (the equivalent of the list price of a medium plane for passengers). However, in the short and medium term, it seems that the usage of drones will be limited, a key factor being the legislation. In some countries, there is no legislation in force or it is not certain; in others, they still apply the general rules regarding planes.
In Romania, theoretically, the drones of a maximum take-off weight smaller than or equal to 1 kg can be freely used if:
They are operated in an open, non-populated area (with no buildings meant as residence);
They do not have devices for filming or data transmission mounted on them; and
They do not go beyond the visual range of the person controlling the drone from the ground (but no more than a 150 m distance horizontally and a 100 m distance high).
Self-driving cars are a “hot” topic. But, besides some attractive advantages they present (efficiency, safeness, the reducing of accidents, etc.), they also give rise to controversies and risks regarding the usage of the data of the people travelling in these cars.
As they will permanently have a wireless connection, the self-driving cars can be constantly tracked. And the location data and other information collected through such a car can be considered personal data of the people who are using these cars. Therefore, questions such as: Who should own or control the data collected by these cars?, What kind of data is stored?, Whom can they be transferred to and in what way?, To what purposes could they be used? – are relevant and should be taken into consideration when we put into balance the advantages and disadvantages of this new technology.
In this context, it is natural that the public opinion asks itself whether, in exchange for these advantages, we are not actually giving up our freedom of movement to become followed on every step. In the media abroad journalists draw our attention to the fact that we should be interested in the way these cars are developed in the present, since – otherwise – it is possible that in the future they may not be a symbol of individual freedom, but, on the contrary, a means of monitoring the individuals.
This points to the fact that, until there is a specific law for this technology, the Privacy by Design procedure seems suitable to be applied also in the case of self-driving cars, attempting the implementation right from the first phases of the development of the car.
Happy Data Protection Day 2015 and… Let’s be private out there!
by Ovidiu Mățan
