Tuesday, March 29, 2016
Seminar 5 Position Statement: Lachlan Urquhart
My position on transparency and non-state actors is framed in the context of European Data Protection (DP) Law. A key component of the upcoming EU DP reform package is the concept of data protection by design and default (DPbD). Designing privacy protections into a technology has long been considered best practice, and soon it will be mandated by law. It requires privacy concerns to be considered as early as possible in the design of a new technology, taking appropriate measures to address concerns. Such an approach recognises the regulatory power of technology which mediates behaviour of a user, and can instantiate regulatory norms.
Concurrently, regulation, as a concept, has been broadening and moving beyond notions of state centricity and increasingly incorporating actions of non-state actors. I'd argue privacy by design is a context where technology designers, as non-state actors, are now regulators. How they build systems needs to reflect their responsibilities of protecting their users’ rights and personal data, through technical and social safeguards.
However, the nature of their new role is not well defined, leaving open questions on their legitimacy as regulators. They are not normally subject to traditional metrics of good governance like public accountability, responsibility or transparency. Furthermore, the transnational nature of data flows, as we see with cloud computing for example, adds an extra layer of complication. The new DP law will apply to actors outside of EU, e.g. in US, if they are profiling or targeting products and services to EU citizens, meaning there are national, regional and international dimensions to consider. Overall, the fast pace of technological change, contrasted with the slowness of the law has pushed designers to be involved in regulation, but without appropriate guidance on how to do so.
This is a practical problem that needs to be addressed. An important component is the role of nation states. State and non-state actors need to complement each other, with the state often ‘steering, not rowing’. The model of less centralised regulation cannot mean dispelling with traditional values of good governance. Instead state regulators need to support and guide non-state actors, on how to act in a regulatory capacity. How can transparency, legitimacy and accountability be reformulated for this new class of ‘regulator': the technology designer. Much work needs to be done to understand how designers need support as regulators, and how the state can respond to this.