This story is part of Governing's annual International issue.
Ann Cavoukian doesn’t sit still for long. When speaking, she’d rather pace back and forth than be constrained behind a podium that blocks out much of her 5’2” frame. She constantly uses her hands to punctuate her rapid-fire speech. She demands that her office, which is in charge of protecting the privacy of citizens in Canada’s Ontario province, conduct investigations “in record time.” Even in her downtime, she completes paintings, which line three walls of her office overlooking downtown Toronto, each in just a few Sunday sessions. “Everything in my life is fast,” she says.
Cavoukian’s rapid-result style has allowed her to leave a clearly defined imprint in her nearly 20 years as Ontario’s information and privacy commissioner. It’s a job that’s part consumer advocate, part transparency auditor and part in-house thorn in the side of the provincial government -- and it is a role Cavoukian has fully embraced. She has issued dozens of scathing reports unveiling abuses of power in her own government; among the most recent was a report that named several high-level officials for illegally deleting emails to cover up the estimated $1 billion cost of a gas plant closure.
But Cavoukian’s most important influence is not provincial: It is global. From her post in what might seem like a backwater office, she has become a worldwide commentator and advocate on privacy questions affecting countries on every continent. Her policy vision for privacy standards in the digital world -- that citizen privacy does not have to come at the sacrifice of security or any other interests -- has been largely accepted by major players everywhere, including the Federal Trade Commission (FTC) in the U.S. and the European Union.
To Cavoukian, the notion that personal privacy is sacrificed for the greater good -- from health reporting to communications tracking -- is the lazy way out. She has developed what she calls Privacy by Design, the idea that personal privacy protections and new technology advancements can actually live in harmony. “Why do we have to look at it as one interest versus another?” she asks. “I always call it the power of ‘and.’ Get rid of the word ‘versus;’ substitute the word ‘and.’ I want privacy and security.”
Privacy by Design, or PbD, as it’s commonly called, is essentially the policy of building in consumer privacy protections as a default when designing new technology rather than following certain privacy rules after the fact. “The future of privacy cannot be assured solely by compliance with regulatory frameworks; rather, privacy assurance must ideally become an organization’s default mode of operation,” says the policy’s core document, 7 Foundational Principles of Privacy by Design. When considered at the onset, privacy is “baked in,” as Cavoukian likes to say. This makes it easier on engineers who are tasked with building new programs. It’s far simpler -- and cheaper -- to write in protections when designing a program than after it’s been built.
Put into practice, Privacy by Design can be as simple as the “off the record” chat function in Google’s Gchat, which allows users to send instant messages to each other without having their chat history saved. Or it can be as complicated as protecting biometric data (such as facial recognition information) through encryption by default. When a digital key is the only thing that will render the data readable, then even if there is a data breach the information stolen is useless to the thief.
In recent years governing bodies have sought to iron out clear privacy laws and have turned to Cavoukian’s brainchild. The FTC included Privacy by Design as a best practice in its 2012 final commission report on protecting consumer privacy and is advocating for an American consumer privacy law based on that document. Even more significant, the European Union incorporated the principles in its recently approved data protection legislation.
With the growing acceptance, however, has come detractors. The overarching criticism is that the concept has impracticalities when put into actual use. Some worry that Privacy by Design could undermine law enforcement techniques that trace criminals’ data trails to find them. Additionally, privacy as part of the underlying design requires that those in leadership positions take on the role of consumer advocate when working with engineers to develop a new program -- a tall order that can have varying results.
Some question the financial benefits, too. Earlier this year, the interim privacy commissioner of Canada, Chantal Bernier, issued an order that found Google’s online advertising service violated Canadian privacy law by using sensitive information about individuals’ online activities to target them with health-related advertisements. In response, Google agreed to take steps aimed at stopping the practice, including increased monitoring for possible violations of the policy. But Sarah Spiekermann of the Vienna University of Economics and Business says that sort of enforcement is bad for business. On the whole, she says, privacy protections that mask user data squash opportunities for effective, targeted advertising -- and hinder revenue potential.
“PbD proponents hardly embrace these economic facts in their reasoning,” Spiekermann wrote in a 2012 critique. She went on to criticize PbD for telling companies they risk bad press if they don’t comply, saying that there is still too little evidence pointing to the real damage done to brands and a company’s reputation when privacy breaches occur. “[Privacy by Design proponents] take a threat perspective arguing that low privacy standards can provoke media backlash and lead to costly legal trials around privacy breaches.”
Certainly there is no dearth of data breaches for Cavoukian to point to as an example of why the world needs Privacy by Design. “Do I even need to mention Target?” she asked during a recent presentation to the Congressional Bi-Partisan Privacy Caucus in Washington, D.C. The retailer endured a torrent of negative press and consumer backlash after it announced in December it had been victim of a massive credit card data breach potentially affecting tens of millions of consumers. Target’s stock price fell by 13 percent in the month following the revelation, and the company is spending millions in free consumer protection services.
Target’s stock has since rebounded, but other recent major breaches reported at Michaels, Neiman Marcus, Sally Beauty Supply and Kickstarter have attracted media attention. To Cavoukian, whose main concern is consumer privacy, the lesson for companies is the hassle they will endure cleaning up a data breach after the fact. “The way I sell this to companies, it’s not a hard sell,” she says. “The cost you will incur protecting privacy on the front end and embedding it in design is a fraction of the cost you will incur when you have a data breach or a privacy infraction.”
Even after nearly two decades in office (this is her final term), Cavoukian still finds fault with many of the privacy practices in her home country. She has been a vigorous defender of Edward Snowden, the American who leaked classified national security data. Snowden’s revelations prompted debate in the U.S. about the appropriate level of information tracking that a federal government should pursue. President Obama has called for a review, and congressional hearings have delved into the issue. In Canada, Cavoukian says, that kind of open dialogue has been completely lacking. She is using her post and reputation to sound off on what she sees as an injustice. “I have been very vocal in my criticism of the government for the silence,” she says. “We have to demand greater transparency because we have to hold the government to account. And you can’t hold the government accountable if you don’t know what they’re doing. This whole ‘trust me’ model? Trust me based on what?”
This is a little ironic, since Canada has a national privacy law and the United States does not. Still, some say that Cavoukian has been able to maximize her influence because she comes from a country that takes a middle-of-the-road position on privacy and information. Canada in some ways is a bridge between the U.S. and the more rigid European Union views of privacy. While Canada has a privacy law, it is viewed by many as a more reasonable and practically applied law than the stricter European version. “Businesses [in Canada] don’t usually moan and groan,” says Jules Polonetsky, who heads a group called the Future of Privacy Forum. “It’s helpful sometimes in a global atmosphere to be viewed as not locked in to the U.S. or European Union point of view.”
Would the United States be better off with a privacy czar? On balance, Cavoukian thinks it would be. She believes the creation of such an office would make for more uniformity and accountability here in U.S. policy disputes. Privacy oversight in the United States is now sprinkled among different sources, including the inspectors general of various agencies, the FTC and privacy officers in corporations that choose to have them. But there is no overarching privacy law. That can make for inconsistency. States have their own laws on privacy enforcement, for example. Meanwhile, the Obama administration has composed a Consumer Privacy Bill of Rights that envisions a stronger role for the FTC and actually contains the phrase “privacy by design.” But it was first introduced two years ago and has made little headway in Congress.
Polonetsky argues that government and businesses in the U.S. should at minimum be dedicating more resources to privacy issues. “With or without a law, many of the decisions we need to make are ethical and challenging,” he says. “You need trained, sophisticated, independent voices who can say [we] shouldn’t or should do this. Ann is a great example of how if you have authority and a bully pulpit, you can have a real impact.”
This story has been corrected to reflect that it was Interim Privacy Commissioner of Canada Chantal Bernier, not Cavoukian, who determined that Google’s online advertising service violated Canadian privacy law .