Abstract
This CETaS Research Report explores the implications of privacy-by-design (PBD) technology for UK security, and provides evidence-based recommendations for how future policy can achieve a long-term, beneficial outcome on this issue over the next 10 years. The findings have been gathered from a range of experts and organisations across academia, civil society organisations, industry, law enforcement agencies, and UK Government departments.
The widespread introduction of data encryption over the last three decades has resulted in significant benefits for citizens and the state, from both a privacy and cybersecurity perspective. At the same time, however, the latest designs being embedded into user devices and Internet architecture pose new challenges to lawful data access for the tackling of criminal activities – from the circulation of child sexual abuse material and terrorism planning, to financial fraud and cyberattacks. The implications of future privacy features for human rights will therefore be complex, with a need to recognise that there will be trade-offs involved with any decisions made between individual privacy and wider public safety.
However, with the current debate over the future of this technology being polarised, meaningful progress is being stifled. A lack of clarity on key concepts of security and privacy contribute to narrow views of public good, safety and security risks. Meanwhile, as industry continues deploying new PBD features unimpeded, the UK Government threatens to respond with legislation to set standards for wider societal safety that, critics say, risks fatally undermining user privacy. In parallel to these challenges, certain standards developing organisations (SDOs), which are dedicated to the vital task of ensuring the development of robust and interoperable technologies, are contributing to this polarisation.
Seeking to move beyond this divisive situation, an ideal vision for the future of the privacy landscape was articulated out to 2035. Reflecting a truly multistakeholder industry design process, the views of various communities are taken into account before any new features are implemented. Using this scenario, the report's recommendations provide an overview of how different sectors can work together to advance progress towards the vision. Across all actions highlighted, three clear objectives emerge which should be placed at the heart of future policy efforts: 1) achieving clarity over concepts; 2) ensuring inclusive stakeholder input in the development of all PBD technology; and 3) identifying areas of compromise and alignment of interests over any new digital privacy proposals.
This publication is licensed under the terms of the Creative Commons Attribution License 4.0 which permits unrestricted use, provided the original authors and source are credited.
Watch the Panel Discussion
Authors
Citation information
Sam Stockwell, Andrew Glazzard and Alexander Babuta, "The Future of Privacy by Design Technology: Policy implications for UK security," CETaS Research Reports (September 2023).