Microsoft bats for data privacy reform
MICROSOFT Corporation is investigating how icons and rating systems could complement lengthy individual consent forms presented to users in the digital space.
Almost everywhere, users are presented with long and complex privacy notes routinely written by lawyers in legal jargon, and individuals are asked to either consent or abandon the use of the desired service, according to the Microsoft Global Privacy Summit Report.
What’s more, statistics show that it could take 76 days a year to read privacy statements users are asked to review and approve for Internet service.
Consent notices have over the years been the means by which entities lawfully process data, but don’t necessarily result in their intended purpose.
That binary choice is not what the privacy architects envisioned four decades ago when they imagined empowered individuals making informed decisions about the processing of their personal data, the report said.
So when it comes to making data protection and privacy laws, a critical balance needs to be struck between regulations that protect and allow for innovation, efficient business fluidity and social benefits, Microsoft reckons.
“They (regulators) need to first ask if they need to regulate the collection of data, regulate the use of data, or both,” said Laura Lemire, a regulatory affairs attorney with Microsoft.
“They should also question whether they are putting the burden on businesses or consumers,” she added.
Lemire said this balance can be implemented even in Jamaica. She was the main presenter at a public forum on data privacy and cloud computing held at the University of the West Indies’ Mona Campus on Wednesday.
Giving an example of how individuals may be unaware of the implications of some of their most routine activities on the Internet, Lemire noted that many flashlight applications users download over the Internet on their phone actually save their photos off the device.
If there was a rating system to make it easier for consumers to learn the consequences of using certain services, that would reduce the burden of the consumers having to read through everything, said Lemire.
And the question of the ease at which persons can read and understand will come up, especially in areas where there is a low literacy rate, she said.
As for the icons, they could work like nutritional facts that guide a consumer’s decision to purchase an item — they could present graphical representation of the consequence of using a website or an application.
“So it should be clear to the consumers what their data is being used for,” said Marcelle Smart, Country Manager, Microsoft Jamaica.
But these options are only being researched, Smart emphasised.
Even so, getting standards for the digital industry will take some time to ensure that data collection is fair.
“There are certain considerations that are needed before any regulations can be made,” Smart said.
But it’s early days yet.
Equally challenging is the fact that in the age of big data, which is the mining of huge amounts of data to discover new patterns and insights, much of the value of personal information is not apparent at the time of collection, when notice and consent are normally given.
Another reason for balanced reform of data privacy laws is that future use of data that have significant benefits may require going back to the individuals for their amended consent and this may be too costly to undertake, according to the Microsoft report.
On the other hand, “notice and consent leave individuals’ privacy badly exposed, as individuals are forced to make overly complex decisions based on limited information, while data processors can perhaps too easily point to the formality of notice and consent thereby abrogating much of their responsibly,” said Microsoft.
Microsoft Jamaica partnered with Mona ICT Policy Centre at the Mona School of Business and Management to present Wednesday’s lecture.