Can telcos set a positive example for how to protect ordinary people from invasions of their privacy? Executives and public relations staff usually say the right things, especially after something has gone wrong, but it is often tedious to watch telcos dragging their feet on privacy matters until forced to act by government. That is why it is so encouraging to learn that TELUS, one of the major national networks in Canada, has decided to drive the privacy agenda forward whilst guest editing IEEE Consumer Electronics Magazine.
The TELUS edition of the magazine will focus on Privacy by Design (PbD) and Security by Design (SbD), two concepts that have gained a lot of traction over the last decade, but which still leave me hazy about the specifics. We can all intuitively agree that ‘designing in’ privacy and security sounds like a better approach than leaving them as an afterthought. However, the ‘designing in’ concept can appear thin when we attempt to transition from a high-level principle to the detailed difference the approach will make to the actual design. Consider article 25 of the European Union’s GDPR privacy rules:
Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.
This is how the EU mandates Privacy by Design, after telling everyone to ‘take into account’ a whole lot of variables. In the real world we need greater specificity when constructing something more palpable than the words that legislators write on paper. That gap can only be filled by practical people who are willing to tackle the real challenges involved in satisfying and protecting living human beings, with all their nuances and flaws. In other words, we need businesses like TELUS to lead the discussion and steer industry towards answers that can and will be widely adopted.
The guest editors for the IEEE Consumer Electronics Magazine special edition on privacy and security by design are Ibrahim J. Gedeon, Pam Snively and Carey Frey, all of TELUS, plus Wahab Almuhtadi of Algonquin College, and Saraju P. Mohanty of the University of North Texas. The deadline for submissions is 30th September and the magazine will be published between March and May next year. More information is given by the following LinkedIn post from Pam Snively, Chief Data & Trust Officer at TELUS.
