“You have got leaders in Government who come to the data protection debate with a little bit more optimism about the ways that technology can support the values and goals that we want for society, by putting data protection roles in place that support those goals,” he said.
He added that there were countries and regulators that had a much more sceptical approach to the dangers of technology, which did everything to block, shut and limit technology.
“Ireland has a sophisticated privacy regulator in Data Protection Commissioner Helen Dixon,” Dr Polonetsky told Gazette.ie.
“It has a Government that is eager to support the development of tech jobs and the use of data to improve life in the city, but in a way that is respectful of rights, respectful of discrimination and respectful of community input."
Dr Polonetsky, chief executive of the New York-based Future of Privacy Forum, said Dublin’s highly-engaged tech community – both global and start-up – combined with a thoughtful regulatory environment, could be very good for jobs in Dublin, for privacy, and for improving the quality of city life.
The public viewed privacy issues in terms of fairness, and what they perceived as “creepiness”.
“We see that when people are upset, they leave, they move to other platforms. They increasingly are using privacy settings.
“Tech needs to tread carefully because, with one click, most of us can make choices that are just as good.”
The author of A Theory of Creepy: Technology, Privacy and Shifting Social Norms, said last night that consumer behaviour around privacy was often odd, nuanced and unpredictable, citing very different reactions to the same products from different companies.
Google Glass and Snapchat Spectacles essentially did the same thing of uploading a continuous video feed to the internet.
But while Google was seen as a creepy tech overlord, Snapchat was a hip young start-up. However, both products eventually failed, discarded by the public as boring, uninteresting gimmicks.
“What might have been creepy one year, is ‘old school’ and not all that interesting a year later,” Dr Polonetsky pointed out.
Cities as platforms
Cities increasingly see themselves as platforms for technology, he said.
“LA has a terrible transportation problem, with gridlock and smog, and entire areas where lower-income populations can’t easily get to jobs, so they are locked in to only certain areas.
“The transportation department there has a really thoughtful programme to create a platform where they can leverage scooters, bikes, ride-shares and public transportation – using data about how they are used.
"So they can come up with better ways to get people to where they need to go – to hospitals, to jobs, to their needs.”
Used wisely, tech data could come up with ways to work around or solve these societal problems, he said.
He pointed to the Los Angeles’ motto that ‘code is the new concrete’.
City authorities need information about how auxiliary transport services are working. Are they only serving rich areas, are they adding to traffic congestion or not, are they integrated with public transportation?
This requires data, but the privacy consequences are interesting and challenging, Dr Polonetsky said, in terms of both surveillance and marketing opportunities.
The LA city authorities are driven by a public health and equity mandate, and the need to solve societal challenges, he said.
“It behoves all of us to figure out how to put the rules in place that facilitate those goals, while making sure that we don’t build an Orwellian society,” Dr Polonetsky warned. “There are competing values here,” he said.
“Every time one of these technologies becomes ascendant, it creates a set of new stresses,” he added.
The digital advertising business model was in a particularly challenging situation. This was driving new tracking of consumers, as well as changed business models.
Many ad practices were increasingly reviled, he stated, and even market research was viewed with scepticism.
He pointed out that internet use was not yielding ads that are loved and remembered by viewers, as TV did in the past.
Dr Polonetsky said that the now widespread use of mobile devices was very challenging to digital marketers, in that consumer identities were now split across several devices, and mobile web and apps.
The use of smart speakers and podcasting to consume news and commentary was creating further strains on the ad marketing system.
Increasingly, the goal is to maintain a stable connection with the consumer, he said, and that current efforts to pin personal identities together, across mobile and desktop, create privacy stresses.
Dr Polonetsky said that this event precipitated a demand for more data tracking, with the public asking why the catastrophic events of that day had not been predicted by tying datasets together.
“The next couple of years were spent tying together data systems to try to ensure that that sort of intelligence could be captured,” he commented.
Then came the backlash as fears grew of a disproportionately gigantic surveillance system. The broader consumer interest, therefore, receded or expanded, according to the political situation and privacy tensions.
Polonetsky said that data privacy lawyers in the US had a very difficult job, in that each state had different data laws, requiring different notifications in response to breaches.
Thoughtful design embeds privacy
Consumer expectations of privacy were becoming more sophisticated, he said.
The vehicle data layer for driverless cars was being built now, and we had an opportunity to embed privacy through thoughtful design, he said.
Wearable health tech showed extraordinary promise, he added, such as being able to predict that a user was developing Parkinson’s Disease.
Ultimately, Dr Polonetsky said he was optimistic that data collection will be minimised because the academic research community was working co-operatively on artificial intelligence.
Regulators, however, should give further guidance on the distinction between academic research and product development, he warned.
Under GDPR, research was treated somewhat more favourably [than product development], but how exactly should research be defined, he queried – pointing out that, in some countries, research had a very clear legal definition, with a requirement that it be published in an academic journal.
On the other hand, some companies simply published their research as a white paper, he pointed out.
GDPR was a substantial piece of legislation, he added, and Europe was setting the global agenda in the field.
City privacy counsels
Certain individual cities were beginning to take the lead by appointing privacy counsels, which he described as a positive trend. The city of Los Angeles sued Weather.com for selling location information about its users, for instance.
“Companies eager to be based in Ireland for a whole range of reasons are appointing their data protection officers here,” he said.
What might this mean in the long term for DPOs, who acted as independent watchdogs, but who, personally, might miss out on senior management roles as a result?
“In some countries where they have had DPOs for years, it wasn’t considered the most senior and heavy-hitting job,” Dr Polonetsky said.
But Ireland was about to become the home of the DPO, he concluded.