Conclusions
Many privacy experts cheered when the new European privacy law, the General Data Protection Regulation (GDPR), was adopted on April 14, 2016. The general public, however, hardly seemed to take notice. Yet when the law finally went into effect on May 25, 2018 (after a preparation period of two years), it was hard to escape the many news stories and TV specials discussing its implications. Inboxes across the world filled up with emails from companies and organizations who updated their privacy policies to comply with the new law, or asked recipients to confirm long-forgotten subscriptions. Is this the watershed moment for privacy, when it finally moves from legal niche into mainstream public policy, leading to the widespread adoption of privacy-enhancing technologies in everything from Web servers to mobile devices to smart toys and smart homes?
As we laid out in this synthesis lecture, easy solutions for addressing privacy in mobile and pervasive computing might be hard to come by. Privacy is a complex topic with a rich history, a complex socio-political underpinning, and challenging interactions and dependencies between technical, legal, and organizational processes. While the GDPR has brought the concept of “privacy by design” into the spotlight, developing a systematic practice for integrating privacy measures into systems is still an ongoing challenge. What are the right privacy defaults? What is the absolute minimal data needed for a particular service? How can one limit the use of data without restricting future big data services? How does one make complex information and data flows transparent for users? How can one obtain consent from indviduals that is specific and freely given, without inundating users with prompts and messages? Or should we abandon the idea of “notice & choice” in a world full of mobile and pervasive computing? What is the right way to anonymize data? Is anonymization even possible in practical applications, given the ability to re-identify people by merging multiple innocuous datasets? How can we organize a fair marketplace around personal data, and what is the value of my data—today, and tomorrow? Who owns my data, if an “ownership” concept even makes sense for personal data?
The ability of mobile and pervasive computing systems to collect, analyze, and use personal data are ever increasing, with each new generation of technology being smaller, more power-efficient, and more ubiquitous. Despite the already substantial body of research in that area that we discussed here, ever more research and engineering challenges regarding privacy in mobile and pervasive computing continue to emerge. However, the welcome thrust from the policy side through the GDPR may help to further unify the often diverse research efforts in this space. An interdisciplinary approach, combining research in psychology, economics, law, social science, and computer science, stands the best chance to make progress in this complex field. Some of the key challenges that we see are the following.
• Refining privacy primitives. At the outset, research needs to continue investigating the fundamental principles of privacy-aware systems and privacy-enhancing technologies, with a particular focus on big data and anonymization.
• Addressing system privacy. The increasing interconnection of mobile and pervasive computing systems requires effective means of regulating access and use of both personal and anonymous (but potentially re-identifiable) data.
• Supporting usable privacy. Privacy solutions too often place a burden on users. How can privacy be understandable (and controllable) for end users, not just lawyers? How can legal requirements be reconciled with user experience requirements?
• Personalizing privacy. Will we be able to create systems that can adapt to individual privacy needs without being paternalistic? Can we find solutions that scale to millions yet provide the right support and effective assistance in managing privacy for an individual?
• Establishing privacy engineering. While early proposals for a privacy-aware design process exist and privacy engineering is developing as practice, we need to better understand which process to use when and how to tailor privacy solutions to the characteristics and requirements of specific applications and their context. There will certainly be no “one-size fits all” solution.
• Improving privacy evaluation. Understanding what users want and how well a particular solution is working are key factors for establishing a rigorous scientific approach for privacy.
We hope that this Synthesis Lecture provides a useful starting point for exploring these challenges.
Marc Langheinrich and Florian Schaub
Lugano and Ann Arbor, October 2018.