Last week I was in Athens to attend the Annual Privacy Forum, jointly organized by a mixed set of organizations: ENISA (the European Union Agency for Network and Information Security), the European Commission (Directorate General for Communications Networks, Content and Technology), and the University of Piraeus (the Systems Security Laboratory).
The different nature of the organizations involved (a regulatory agency, a governmental body, and a university) betrays the underlying aim of this conference, quite different from that of most academic conferences: bridging a gap between the worlds of research and policy. I don't know if the aim has been or will be achieved, but having established such a series of conferences (the next one will be probability hosted in Luxembourg) is certainly a needed step in that direction. The impact of a research effort must be measured not just by the support it gets in the scientific community alone but also by the impact it makes on our life. And in privacy matters, that impact is certainly mediated by the policies adopted by national and international legislations.
The conference was organized through a well balanced mix of research paper sessions, panels, and keynote speeches (see the detailed programme here). I enjoyed all the three components, though I found some panels could be more interactive. There were 4 paper sessions (on "Privacy by design", "Analysis of architectures", "Identity management", and a session of opinion papers) and 4 panels ("Privacy for the Cloud", "Software defined and Information-Centric networks", "Privacy and confidentiality of communications in the EU", and "Privacy by design").
Among the most striking issues that were hotly debated during the forum are:
- the Anonymization vs Pseudonymization debate, with supporters of a stronger privacy tilting towards the former and institutional representative going rather for the latter
- the EU vs USA issue (exacerbated by the leaks related to the Snowden case), with problems ranging from data placement, extension of national jurisdiction, discrimination by nationality, etc.
- the challenge of reconciling globalized data and national protection (somewhat related to the previous item)
The forum has been enlivened by the frequent spicy interventions by Caspar Bowden. Caspar is a well known independent privacy advocate, who worked in the past for Microsoft (as its chief privacy advisor). Though his views may be considered by somebody as extreme, we must recognize that he had not an easy task in standing up nearly alone against any limitations to privacy right or any lack of privacy protection. And his views were always supported by a deep knowledge of the field at the maximum level. In the course of the two days, we have seen Caspar arguing with a number of people (what follows has no pretensions of being an exhaustive list or suggesting some ranking):
- Peter Fleischer (Global Privacy Counsel, Google)
- Peter Schaar (Chairman, European Academy for Freedom of Information and Data Protection), whose blog is, sorry for you, in German
- Ilias Chantzos (Symantec)
- Nicolas Dubois (EC DG Justice)
All in all, I must say that I have appreciated the mixing of views coming from the computer science world and from the policy and legal worlds, though I found somewhat difficult to find my way around the intricate tangle of Articles, Opinions, and relationships among normative bodies. See you next year, probably in Luxembourg.
