Bio:
Caspar Bowden is Chief Privacy Adviser for Microsoft in Europe, Middle-East and Africa. His goal is to ensure that users of Microsoft products and services are in control of their personal data and that fair information practices are respected. He is a specialist in data protection policy, privacy enhancing technology research, identity management and authentication. He was formerly director of the Foundation for Information Policy Research, an independent think-tank that studies the interaction between computers and society, and promotes public understanding and dialogue between UK and European civil society and policy-makers in the fields of e-commerce, copyright, law enforcement and national security, e-government, cryptography and digital signatures. He was appointed expert adviser to the UK parliament for the passage of three bills concerning privacy issues, and was co-organizer of the influential Scrambling for Safety public conferences on UK encryption and surveillance policy. His previous career over two decades ranged from investment banking (proprietary trading risk-management for option arbitrage), to software engineering (graphics engines and cryptography), including work for Goldman Sachs, Microsoft Consulting Services, Acorn, Research Machines, and IBM.
There’s no information self-determination without information self-awareness, or - why you should have a right to access all your data all the time
Abstract:
The EU Data Protection Directive 95/46 embodies the principle that a person may access data which exists about them, but encumbered with exemptions which mean it is not useful in the age of cloud computing and behavioural advertising. Theoretical considerations suggest that being able to access "all your data, all the time" is an indispensable 21st century human right, but it may also eliminate malignant externalities in economic competition for online services, by correcting the market failure of innovation in privacy enhancing technologies. Traditional exceptions and exemptions to subject access are largely obsolete if we look beyond “Privacy by Design” to embrace “Transparency by Design” for the data subject. In particular, user-centric identity management can provide strong mutual authentication between data controller and subject, however some architectures claimed to be "user-centric" may actually exacerbate privacy risks. However the possibility of systematic surveillance over the exercise of transparency rights creates a human rights antinomy, and should categorically be prohibited