Viktor Mayer-Schonberger and I have been debating privacy since the early 1990s. We both had chapters in Technology and Privacy: The New Landscape, which remains a seminal book on technology and privacy, published in 1997. Just last month, we continued our conversation at IGF in Bali. He was not so forthright in Bali, but now he is putting into words what we have been kicking around in our internal discussions.
At the just-concluded IAPP Data Protection Congress in Brussels, the audience heard a bold proposal from closing keynoter Viktor Mayer-Schönberger: “The naked truth is that informational self-determination has turned into a formality devoid of meaning and import.”
Contemporary ideas of notice and consent, he argued, are a farce.
In the moment, he was quite compelling. It is important that we as privacy professionals from time to time question the underpinnings of our training and, especially, our industry and profession.
In the early days of data privacy as a regulated activity, putting people in control of their information was thought to be what mattered the most. From the 1980 OECD Guidelines to the latest version of the EU e-Privacy Directive, consent has been a cornerstone across legal regimes and jurisdictions. EU data protection law is based on the principle that an individual’s consent is the most legitimate of all legitimate grounds to use information about people. But does this approach still hold true? Can we—as individuals—really have a meaningful degree of control over the vast amount of information we generate?