Ethics in the digital space - the basic rules of international digital relations
The post-release on ICDPPD 2018 (International Conference of Data Protection and Privacy Commissioners), which took place last October in Brussels, codenamed “Debating Ethics”, was released the other day .
ICDPPD 2018 is an international platform for discussing legislation in the field of personal data protection. Last year, amid the entry into force of the GDPR, the event reached an unprecedented scale - more than 85 participating countries and 1,100 registered delegates, Tim Cook personally came to the opening ceremony in the European Parliament , and among those who virtually attended the conference was Mark Zuckerberg and the King of Spain Felip IV.
1. Why did the conference of regulators attract so much attention that guests like Tim Cook came to her personally?
2. Where was international publicity before?
In this article, a brief description of the last conference, and personal reflections on why the topics covered on it are important.
Inside the article:
- 1. ICDPPD conference, creation history and mission
- 2. digital ethics or what the conference has in mind
- 3. conference results
- 4. Meanwhile in the Russian Federation
- instead of conclusion
1. About the conference
The ICDPPD conference has been gathering for the 40th time (!), Starting in 1979. This was first done as a reaction to the increasing pace of development of the world economy and the challenges of information technology, but the farther away, the more the technical side was replaced by more global issues. Starting from the 21st convocation (in Hong Kong), the conference took on a global character and became a platform for creating international agreements in the digital sphere.
The conference’s mission is to bring together all regulatory organizations involved in data protection at the country level. But in fact, the event has ceased to be a meeting of regulators, and has acquired a wider format of the business negotiation platform (as well as scientists, philosophers and lawyers) with the legislators.
The conference comprises 125 accredited organizations from 78 countries, Russia is not in their list of members. We have Roskomnadzor in the list of observer members in the last three conferences. It's funny that registered members are called Authority and are mainly involved in data protection, but in our case it is surveillance, but not the essence.
Question 1 : Why did the conference of regulators attract so much attention that guests like Tim Cook came to her personally?
Partly because this is an anniversary conference.
Partly because the GDPR came into force last year (Habr has already spoken a lot about this law, for example, here , here and here). By the way, precisely because of this exemplary law on the protection of personal data, the 40th conference was held in the capital of the European Union.
Partly because the critical mass of world changes has reached its limit - the topic of behavior in the digital space is occupied by world philosophical thought (many scientists were personally present at the conference).
The main thing, because the main participants in the digital space today are not states. These are companies that provide services on the Internet: Facebook, Google, Amazon, etc. The day will come, and they will invite government regulators to their conferences, and not vice versa, and this day is not far away. For example, it is known that Zuckerberg actively participated in the discussion of the GDPR, trying to convince regulators to reduce the age of data subjects to 14 years, and regulators tried to find ways to do this.
Question 2 : Where was everyone before? Is it really only with the advent of GDPR that the international regulations on the protection of personal data appeared?
Of course not. Conversations were conducted a long time ago and the first acts, agreements and regulations were adopted already in the early 90s. In 2009, at a conference in Madrid, the basic international principles for the protection of personal data were developed , which generally repeat the basic principles of the GDPR.
The difference is that before the GDPR there was no mechanism for assessing the correctness of adherence to the principles and punishment of those who violate them. Once the principles of good intentions in relation to the data were subjected to material evaluation and consolidated at the official level, the gold standard for data protection was defined.
Now in the international arena, among the list of UN organizationsThere is no universal authority for data security or “digital economy”. Therefore, ICDPPD assumed the function of an international ( European ) regulator for the first time.
So the 40th ICDPPD Data Protection Conference was dedicated to Digital Ethics.
2. Digital Ethics or what the conference has in mind
ETHICS (Greek ethika - custom, character), a philosophical discipline that studies morality, morality.
On Habré a lot of reasoning about the modern development of ethics. We live in an amazing time, everything changes, and the issues that occupy people change. We are talking about opensource ethics, free copying ethics, ethics for robots and robots.
Roughly speaking, with the development of new spheres of the economy, new spheres of human relations appear that require regulation - official and unofficial.
A simple analogy is car traffic. There are official traffic rules, and there are "concepts" and the politeness of drivers.
According to the official traffic rules, the driver should not create an emergency on the road. According to unofficial concepts, if a driver sees an emergency situation ahead on the road, he also gives a signal to an emergency signal to warn drivers from behind.
It was about such everyday rules, the peculiar ground rules of behavior in the digital world that there was a conversation in Brussels.
As an introduction to the topic, the organizers saluted Erzhe and made a basic razdatku in the form of a comic book., very sweet and not without humor.
A brief retelling of the brochure:
In the ordinary world there are laws that are drafted in accordance with the norms of morality and ethics. But the farther, the more life goes into the digital sphere, where the concept of universal ethics is still missing.
In the digital world, you can do what is impossible in the physical. (Total surveillance, profiling, contextual advertising). In addition, your data is worth the money. Big money. Companies are ready to provide any services for free, just to collect data.
The Internet knows and remembers everything. And this leads to new risks: loss of confidentiality, the risk of fraud and disinformation, the risk of spreading extremism, government supervision, a monopoly on service from large corporations (google, facebook)
You can try to adapt the old ethical rules for the new reality, like this: treat the data of other people as you would like them to treat yours. But besides this, we need new concepts (we want not only ethical behavior of people, but also ethical behavior of machines and software).
The task is to taste the fruits of technical progress, but to minimize problems. It is necessary to create the right laws, but besides the laws, ethics is needed.
3. Conference Results The
questions discussed in the panel discussions were close to rhetorical:
- Should technologies be designed for the benefit of people?
- Ethics vs Society
- How technologies change our thinking, behavior, interaction
- How to instill ethics and who is responsible for this?
It is clear that such questioning is possible to disperse the discussion and no one expects ready-made answers in a couple of hours of discussion. What is important is the symbol of openness to dialogue, a sign that all participants (read: Big Businesses - Facebook, Microsoft, Apple, etc) are ready to make contact. As an outside observer, I sometimes thought that there was a hidden battle on the scene: regulators accuse global services of manipulating information, and business gets into a pose - if it were not for our services, then you would not be sitting here and there would be nothing to discuss.
This raises the question 3
- is it ethical to demand a free service from a corporation without giving anything in return?
As Yaron Lanier said, joining by teleconference:if the cars were not sold for money, but were offered as a free service, they would only drive along a given route past the stores that they paid the developers for advertising.
In general, both participants and organizers agreed that the conference was more than successful. For business, free visitors and the press one day out of six was allotted, in the rest target groups and committees worked, developing new rules for our matrix.
Resolutions adopted include the
Declaration on Ethics and Data Protection in the Field of Artificial Intelligence . Some moments:
- in fact, in this declaration, the legislators applied the principles previously enshrined in the second chapter of the GDPR to artificial intelligence: privacy by design in AI, limiting the purpose of working with data on AI, user safety, transparency of operations, non-discrimination in data processing
- An interesting emphasis was placed on the fact that when developing AI, it is necessary to consider not only the protection of individual users, but the groups of users: "taking into consideration ...
- the resolution enshrined the term ethics by design , which was not in previous laws on the protection of personal data. In essence, it implies the compliance of AI with the basic principles of data protection.
- reading also creates the feeling that lawmakers are planning to introduce some kind of “fostering collective and joint responsibility” blockchain when dealing with personal data - everyone in the data processing link should be responsible for what data they work with.
- Finally, the legislators' desire to understand AI is clearly felt a little more - it is planned to invest in a clear AI: “investing in artificial intelligence”
Declaration on the regulation of online education
- in short, online education should comply with the principles of the GDPR.
Plans for the development of the ICDPPC conference into an independent organization were also formalized .
Full list of accepted documents.
And what is in the Russian Federation
? As I said above, Russia at the conference was only in observer status, but still we are participants in world relations, and sooner or later we will have to subscribe to these resolutions. Already, the GDPR affects us as participants in European relations (interacting with citizens from the EU or processing their data).
In addition, we have our own personal data protection law.from 2006, with an updated base of responsibility. True fines, frivolous - what is 75 thousand rubles for a company?
I am really tormented by the question of how soon the general whirlpool of digital law will drag Russia into itself and how “burning” do we get into the global data protection movement? Maybe we will quietly sell databases for another ten years .
To oblige the company to establish clear rules for working with personal information, to do regular monitoring - I am afraid that this will not happen tomorrow, but I would like to keep up.
Instead of conclusion
Imagine that less than 100 years ago, the norms of international law were very different, for example, it allowed the possession of colonies and even slavery in some countries. The declaration of war, the exchange of prisoners, the rules of the demarcation lines and the principles of the (un) use of nuclear weapons — all this was once voiced and once for the first time entered on paper by the first states that had agreed among themselves. Subsequently, other members joined the agreements.
Against this background, the new rules of behavior in the digital world look quite legitimate and not only timely, but even belatedly - we have long been in the digital economy, the world's largest corporations- These are corporations involved in the processing of data on a global scale. At the same time, the whole digital economy is regulated by treaties on international economic cooperation. Whereas in my opinion this is a completely new space.
The GDPR can be compared to the storm and thunder, which was formed a long time ago, rumbled away, gradually picking up the sound, and, finally, trusts with a peal just above our heads, announcing the transformation of world relations and a new era in international law. In this era,
digital ethics goes from discussion fields to international treaty pages.