The first panel was moderated by Channel 4's Peter Snow, and made up of broadcaster Peter Bazalgette, Privacy International's Simon Davies, and google privacy engineer Alma Witten. It kicked off with a video presentation, the main message of which was - we produce as much information per week as the entire information production of humanity up to 2003. I've not yet been able to find a verifiable source for this, so I'd advice caution before repeated (it was heavily retweeted on wednesday).
Peter Bazalgette suggested that in any circumstances where we have given personal data, we should be able to wipe it - using an example of David Cameron apparently buying copyright to a photography of him in the Bullingdon club as a control strategy. Anybody who has voluntary given up privacy should be able to get it back. He called this the tabular rasa principle. He couldn't say with confidence that this process happens in large organisations. He also wanted commerce and public benefit discussed whenever privacy was debated. He gave a first example of NHS release data in order to improve health care more broadly, and a second (slightly more shakey) example which assumed that targeted advertising was (in itself) a great service to us which we happily give up information to get it - The more we give in the more we get social benefits. The NHS anonymisation protocol was seen as a good practical example of the way to get benefit out of data whilst still protecting the individual. This principle could be applied in the commercial world, and individuals would sell personal data in return for content.
Simon Davies spoke about the relationship between privacy and innovation, and the way that they are often rhetorically opposed. He said this was a denial of history. Every time there had been an evolution of human rights and thought, there had always been a claim that innovation and commerce will suffer, due to interference of rights. Never have. Strengthen trust, which sparks innovation, public behind, then markets. He asked if anybody could come up with an example where privacy had prevented innovation. He identified the hypocrisy of any company that talks about how privacy can stifle growth of innovation, when innovation is more routinely stifled by corporate practices leveraging the law(presumably copyright practices). Heather Brooke later argued that privacy had stifled investigative journalism quite frequently. Privacy was not enforcable for individuals, but if you have enough money and power, it could be used against the public interest.
The question and answer session was fairly active. When asked what any national government could practically require of a global organisation (such as Google), Witten suggested this was practically limited due to the nature of net services. Google would desire (and be supportive of) globally consistent standards and expectations. China's position was seen as a particular challenge. Davies stated that privacy regulation in Europe was a 'dog's dinner' - inconsistent, uncoordinated and not understanding of the technology involved. His desire would be for a regulatory environment that did what it said it would, that was coordinated, resourced and innovative and took its job and public interest seriously. Systems were inevitable going to be fragmented across the globe, but countries like China see this fragmentation and its allows them to boycot more easily. We don't need more codes, but we do need national regulators who understand and act. His path to this was to get people angry about funding regulators who are not doing their job. The public has been angry at providers for some time, but should be angry at the regulators who don't use laws already in existence - for example the pressure on ICO to reform itself.
The discussion then moved to the interaction of superinjunctions and twitter, and in doing so displayed more of the dominance of privacy discussion in the uk by the antagonism between journalists and celebrities. Bazalgette's comments suggested he beleived people had power over their own lives and didn't need major regulation on this issue, but that there would be data on the internet that would be in conflict with domestic law. Davies said he had no objection to people tweeting injuncted material, and that this simply demonstrated a flaw with the injunction law, which had recieved very little attention from parliament for some time, and might be redrafted. He also critised the way that the injunction process was largely secret and could be opened up and made more transparent and accountable. It was suggested that the law is an ass in this respect and out of synch with public sensibilities, which change over time. If a law is not respected then the public will flaunt it. John Snow suggested that the solution to the superinjunction lay with this - if they were functionally broken by the internet, then nobody will seek them in future.
Regarding the idea of a European right to be forgotten, Alma Witten made some very useful points that were almost entirely absent from the Westminster Media Forum event I attended recently. She said that it was obviously impossible to delete all copies of a piece of information on the internet - for example if an external actor had scrapped a copy of your Facebook profile. However, this absolutist/perfectionist position stopped discussions of practical ways in which individuals could be given more control, and ways in which legitimate organisations could enact data deletion if requested. Google has itself pushed for this through the google dashboard and data liberation movements. She also linked this to threat modelling in information security - where you don't plan for the attacks of the omnipotent, omniscient attacker, with infinite resources and time, but the likely threat. Davies felt that the right to privacy was a natural part of the progressing evolution of privacy law. Witten later added in response to a question about data portability, that Google wanted people to stay with the company because they wanted to, rather than because they had made it too difficult to leave.
Jim Killock from the Open Rights Group asked about the economic benefits of privacy, and raised the difference between 'big facts in the public domain' and data processing - in which the economic power of individuals vis-a-vis large companies is small. Infomation about us increasingly exponentially – and weneed some strong rights around controlling that, and an economic incentive to start controlling that – we should reassert some of our privacy and get economic benefits from it. He pointed out that privacy often a fundamental fact for our transactions with socity.
In discussion of the problems of the Playstation Network, Bazalgette pointed out that there will always be accidents in the future, and that part of being media literate is anticipating and understanding this. This is contextual however, and whilst you should expect sharing of your information on facebook, this should not be the case with online banking or commerce.
In response to a question from a representative of Mydex, asking about ways to technially control individual personal information online on individuals terms, Simon Davies praise the mydex project stating that technology trumps the law, and if you can find technological solutions to problems like privacy, then you don't need legal ones. He stated he regarded online contracts as one of the biggest jokes of recent legal history. Witten believed that it was important that such tools were being built, but also important that it was not google who were building them.