Transparency of Non-State Actors? The Case of Technology Designers and Privacy by Design
Lachlan Urquhart
Mixed Reality Laboratory & Horizon Digital Economy CDT, University of Nottingham
My position on transparency and non-state
actors is framed in the context of European Data Protection (DP) Law. A key
component of the upcoming EU DP reform package is the concept of data
protection by design and default (DPbD). Designing privacy protections
into a technology has long been considered best practice, and soon it will be
mandated by law. It requires privacy concerns to be considered as early as
possible in the design of a new technology, taking appropriate measures to
address concerns. Such an approach recognises the regulatory power of
technology which mediates behaviour of a user, and can instantiate
regulatory norms.
Concurrently, regulation, as a concept,
has been broadening and moving beyond notions of state centricity and
increasingly incorporating actions of non-state actors. I'd argue privacy
by design is a context where technology designers, as non-state actors, are now
regulators. How they build systems needs to reflect their responsibilities of
protecting their users’ rights and personal data, through technical and
social safeguards.
However, the nature of their new role is
not well defined, leaving open questions on their legitimacy as regulators.
They are not normally subject to traditional metrics of good governance like
public accountability, responsibility or transparency. Furthermore, the
transnational nature of data flows, as we see with cloud computing for example,
adds an extra layer of complication. The new DP law will apply to actors
outside of EU, e.g. in US, if they are profiling or targeting products and
services to EU citizens, meaning there are national, regional and
international dimensions to consider. Overall, the fast pace of technological
change, contrasted with the slowness of the law has pushed designers to be
involved in regulation, but without appropriate guidance on how to do so.
This is a practical problem that needs to
be addressed. An important component is the role of nation states. State and
non-state actors need to complement each other, with the state often ‘steering,
not rowing’. The model of less centralised regulation cannot mean dispelling
with traditional values of good governance. Instead state regulators need to
support and guide non-state actors, on how to act in a regulatory capacity. How
can transparency, legitimacy and accountability be reformulated for this new
class of ‘regulator': the technology designer. Much work needs to be done to
understand how designers need support as regulators, and how the state can
respond to this.
No comments:
Post a Comment