Returning to the privacy field after a break of more than 10 years, I was struck by how inappropriate the old notice and consent approaches would be for what was actually happening on the ground. Here is an attempt to evolve new principles. Not had time to fully digest yet.
Traditional approaches are no longer fit for the purposes for which
they were designed, for several reasons:
• They fail to account for the possibility that new and beneficial uses
for the data will be discovered, long after the time of collection.
• They do not account for networked data architectures that
lower the cost of data collection, transfer and processing to
nearly zero, and enable multiuser access to a single piece
of data.
• The torrent of data being generated from and about data
subjects imposes an undue cognitive burden on individual data
subjects. Overwhelming them with notices is ultimately
disempowering and ineffective in terms of protection – it would
take the average person about 250 working hours every year,
or about 30 full working days – to actually read the privacy
policies of the websites they visit in a year.8
• In many instances (for example, while driving a car or when
data is collected using many M2M methods), it is no longer
practical or effective to gain the consent of individuals using
traditional approaches.
Comments are closed.