Check-in and access this session from the IGF Schedule.

IGF 2019 WS #187
Knowing me, knowing you: is our data still personal?

    Subtheme

    Organizer 1: Olga Kyryliuk, The Influencer Platform
    Organizer 2: Lucena Claudio, Georgetown University, USA
    Organizer 3: Salvador Camacho Hernandez, Kalpa Proteccion.Digital
    Organizer 4: Varsha Sewlal, ISOC NCSG

    Speaker 1: Lucena Claudio, Technical Community, Western European and Others Group (WEOG)
    Speaker 2: samara khalid, Technical Community, Asia-Pacific Group
    Speaker 3: Silveira Beatriz, Intergovernmental Organization, Intergovernmental Organization

    Moderator

    Olga Kyryliuk, Civil Society, Eastern European Group

    Online Moderator

    Salvador Camacho Hernandez, Private Sector, Latin American and Caribbean Group (GRULAC)

    Rapporteur

    Varsha Sewlal, Civil Society, African Group

    Format

    Other - 60 Min
    Format description: Open Fish Bowl - the key requirement would be to have primary speakers seating in semicircle in front of the audience with no physical barrier between them (no stage, or tables, or tribunes). One chair near the speakers should be left unoccupied for anyone from the audience to join at any point during the discussion.

    Policy Question(s)

    How much is personal data actually worth, and how high are the stakes of each respective stakeholder in controlling such data?
    How various stakeholders monetize personal data?
    Do ethical considerations matter when it comes to processing of personal data?
    How possession of data by technology companies reshaped the sustainability of law enforcement?
    How do technology companies decide when to assist and when to resist law enforcement requests on access to data?
    Who is the one to have the final word - the state carrying investigation, or the company entrusted with protection of data?
    How efficient are territorially designed laws to regulate transborder data flows?
    Do technology companies perceive national/regional data regulations as an obstacle for their transborder operations?
    What mitigation measures do such companies undertake to protect data of their customers, gain their business profits, and comply with the state legislative requirements?
    How do international banking and financial services institutions manage personal data responsibility?
    What should be done to achieve international interoperability in privacy and data protection?

    SDGs

    GOAL 9: Industry, Innovation and Infrastructure
    GOAL 12: Responsible Production and Consumption
    GOAL 16: Peace, Justice and Strong Institutions
    GOAL 17: Partnerships for the Goals

    Description: There is virtually no institution, company or organisation that can - or will – perform its ordinary tasks and develop its regular activities without processing personal data in some way. This trend is followed by a global wave of reframing / redesigning / strengthening or simply building data protection legal frameworks in jurisdictions that seek to uphold this interest as a fundamental right. This wave attempts, if not to regain control, because the idea of regaining absolute control over one's data seems unfeasible, but at least to place the citizen back to some extent into the chain of control that comprises the use and processing of his/her personal data. It is not that this data belongs to the individual; this data is the individual insofar as it is data that comprises concrete and observable aspects of his/her personality. Moreover, the digital format in which data is currently provided, collected and processed allows the availability of this aspect of the personality to grow in scale and availability in digital format. Individuals are subjected to the highest degree of exposure, while data brokers, controllers and operators that leverage the data as input for businesses and institutions do not show the desirable level of accountability. Trying to reposition the individual at least to some extent in the chain of control of the data that represents relevant, evergrowing and readily available aspects of his personality is by no means an easy task, among many other reasons, because of the lack of transparency in the way this data is collected or obtained, processed, analyzed, parsed and how the results of these operations are interpreted and impact in the sphere of rights and obligations of this individual.

    Data scientists, whether scholars or working for civil society players have often been contributing with relevant studies, which help to enlighten the community by trying to understand and explain the mechanisms that cause these effects and impacts. The techniques, which are available at the cost and with the resources that are possible in this kind of work often provide a fair estimation of how the processing is taking place. Validation of the facts is never a simple issue. Only in very rare times this understanding develops the way it should: in a face-to-face dialogue, with stakeholders with confronting interests discussing limits and boundaries, legitimacy and abuse, working together to tap into this asset in a way that brings better balance to competing interests at stake. This proposal aims to fill this gap.

    Speakers representing private sector, law enforcement authorities, banking and educational institutions will present on the ways and policies they apply for use and protection of respective data. Once uses in different domains have been shortly exposed, the audience will start exploring the issues together with the speakers, exchanging views, attempting to tackle weaknesses and trying to highlight the best practices. The interactive format of fish bowl will perfectly serve for open and inclusive exchange of ideas between the audience and the key speakers. Remote participation will be strongly encouraged in the discussion phase, which will take the major part of the workshop.

    The speakers will present their perspectives on the policy questions raised above based on both their professional expertise, and experience as regular Internet users. Coming from different stakeholder groups the speakers will present pros and cons of stronger and inclusive cooperation in data governance field giving food for thought to onsite and online participants. The moderators will keep an eye on timely welcoming the interventions from the audience (both onsite and remote).

    Expected Outcomes: We believe that the idea behind this workshop - to have various stakeholders disclose some of the data uses in an open dialogue with private sector, law enforcement authorities, banking and educational institutions, and civil society aimed at deepening the debate on the basis of facts that can be disclosed and taken and such, rather than estimations - is an innovative, promising approach to this issue. We understand that the dialogue is not easy, and that not all procedures can be disclosed due to a number of reasons, including, but not limited to a legal protection of secrecy and confidentiality, but we also believe that a reasonable amount of goodwill to share, listen and interact can definitely contribute to an exchange that will enrich the discussion in a loyal and frank way, and that is worth the effort. A frank exchange could not only increase transparency within a sector, it could also help disseminate best practices across different sectors and stakeholders, identify common vulnerabilities, find points of contact from which a better level of understanding can rise, and create an environment of cooperation which is key to tackle data protection issues in a healthy, effective and legitimate way.

    The issue we discuss has relevance to each and every of us, and, therefore, the most interesting ideas might come from the least expected places. We will make sure that onsite and online moderators are working in tandem, notifying each other about the interventions from the audience. By opting for an open fish bowl format we will make discussion as inclusive as possible, giving participants the possibility to jump into discussion at any point, without dividing the workshop into classic presentations and Q&A parts. After a short intro speech by primary speakers any participant from the audience will have a chance to take an empty chair near the speakers and present his/her perspective. Throughout the whole workshop one of the chairs has to be kept free for new people to join and speak. Thus, once new person joins the semicircle of speakers, one of the presenters who has already spoken should free his/her chair. The moderator will facilitate the process and explain the rules in the beginning of the workshop.

    Relevance to Theme: The objective behind the workshop is to promote dialogue among a number of different stakeholders dealing with data governance, and to encourage them through an open discussion to come to a shared understanding that to provide proper protection to data they need to cooperate and balance their respective interests and powers We do not exclude, though, that the speakers might come to different conclusions. We aim at bringing together representatives from different sectors that reportedly make different uses of the data, which they have available, including security and law enforcement authorities, Internet service providers, government and enterprise network operators, registry and Internet exchange point operators, registrars, resellers and domain name infrastructure operators, banks and private financial services, academic institutions, and get them to showcase personally an instance of how they use data to perform their daily duties and activities. By identifying potential risks and best practices in actual uses of the data, the workshop will be contributing to an interdisciplinary approach and to a perspective of actual interaction and exchange among stakeholders in the search for an adequate level of protection for personal data, considering the environment in which they are processed by promoting trust, transparency, accountability and legitimacy.


    Relevance to Internet Governance: Shift to global information society has blurred territorial boundaries between the states, thus challenging the grounds for application of territorially constructed regulations. Nowadays, the data is being collected, stored, transferred, and processed in the amounts that have been never seen before. The governments faced the regulatory and power crisis, which pushed them for adopting even stricter regulations towards technology companies requiring data localization and closer cooperation with the law enforcement authorities. In its turn, private sector while occasionally abusing users' data, often finds such requirements burdensome, cost inefficient and sometimes contradictory with its own policies for data collection, storage and processing. At the same time, the civil society organisations are launching campaigns empowering individuals to assert their rights and holding data controllers accountable for their actions. They are responsible for both the law and rights awareness among a broader public. Therefore, we strongly believe that only through collective effort and joint cooperation of all stakeholders in their respective roles it is possible to provide proper global and universal protection to personal data. When stakeholders agree to talk and work together, it would become possible to build a proper system of checks and balances, as well as eliminate rudiment regulatory practices of applying territorial laws to transborder phenomena.

    Online Participation

    We make a strong focus and expect extensive online participation. For that purpose, we will share in advance the information about the session and possibility to join remotely with our professional networks. The online moderator will notify the onsite moderator whenever there is an intervention from a remote participant, and we will read it out and provide comments if any from the onsite participants. We truly want the most diverse voices to be heard.

    Proposed Additional Tools: We will use Twitter and other social media pages administered by the workshop organizers. We will also ask the participants and speakers to make tweets and share the most interesting ideas via social media directly during the session.