Interview: Senator Yves Detraigne on data privacy
From tracking technology trends to launching a gallic version of gov2.0…
…
In a recent post, I have reviewed some of the views that French Senators Yves Detraigne and Anne-Marie Escoffier published in their joint report, Private Life in a Time of Digital Memory, which questions how effective we all are – including local authorities – at protecting data privacy.
Taking it further, Senator Detraigne (pictured) has kindly spared some time to answer some of my questions – which I am grateful for.
I wanted to understand how involved the legislator is in the assessment of technological solutions to keep up with data privacy protection. But a mixed picture came out in which the legislator sets the frame around the canvas but hands out the paint brush to industry insiders. In other words, the European government will ensure that the legislation in place encompasses every possible aspect but leaves the technology choice to the private sector.
Call me naive, but I cannot figure how the legislator can come up with the most relevant pieces of regulations without a sound grasp of the ins and outs of technology. In the data privacy field, the gap between regulation and innovation is clearly narrowing, especially if you consider the rapid pace of adoption of new web-based tools and how intensely they can affect our lifestyle. I would imagine that a government must share some sort of devotion to support its private sector to safely invest in the right innovation that will provide the country with a certain “edge” over the international stage.
So I asked the Senator what was his take on the US and Japanese initiatives to support technology standards such as OpenID – which I discussed in a recent blog post. Senator Detraigne agrees that OpenID is a clever system which facilitates the management of multiple user accounts and data privacy. However, he added that such solution will only be successful if it is widespread as a technology standard across the Internet (which at the moment it is not), but more importantly, if it meets the French regulation requirements.
Then I have been told that the French government has undertaken a similar initiative using the Liberty Alliance technology. France’s mon.service-public.fr is a portal that allows users to access various administrative services and to store personal data. Senator Detraigne explained that:
Within the portal, two areas deserve a high level of security and scrutiny: firstly, the management of shared identities between the portal itself and its partners’ websites; secondly, users’ personal data storage. On the first point, the website has been certified by Liberty Alliance technology which makes all websites within the portal interoperable whilst keeping users’ different login details and personal data under closed doors. On the second point, each administrative service access is restricted to its own service – there is no generic data grouping – and users can decide which data they want to share with the various services.
The Liberty Alliance Project was formed in 2001 by approximately 30 organizations to establish open standards, guidelines and best practices for identity management. Today it holds a global membership of more than 150 organizations, including technology vendors, consumer-facing companies, educational organizations and governments from around the world.
Via this example, the Senator wanted to demonstrate that the French government – and by extension the European Union – can interact with the private sector to develop mainstream solutions, the same way the US or Japanese governments are supporting OpenID strategic moves.
Nonetheless, my follow-up question aimed to further understand how pro-active local authorities are at anticipating technology trends. In that case, Senator Detraigne shared his concerns by taking me on a tour of the CNIL (Commission Nationale de l’Informatique et des Libertes – France’s local authority on data privacy). He explained that:
The proliferation and diversification of personal data mining is forcing us to raise security levels and boost the CNIL’s expertise. We recently found that the CNIL is portrayed as a legal entity – too “administrative” – which negatively affects its credibility. At the moment, the CNIL holds an “expert department” which employs four highly-qualified engineers who can identify and possibly anticipate technology trends. It is critical for local authorities to develop their capacity to lead and intervene in more technical fields.
By reinforcing its expertise capacity, the CNIL could boost its control activity, too low at present. In 2008, it has processed 280 controls against 1.250 from its counterpart in Spain.
In France, no scandals have yet revealed personal data security leaks the way it happened in neighboring countries in recent years. But we are not in a safe position either. Security risks are high and hackers constantly come up with more and more sophisticated tools to compromise digital security.
Finally, in my last question to the Senator, I asked what was his opinion about the White House efforts to encourage transparency and interaction with citizens – the so-called gov2.0. Senator Detraigne explained that France was moving in the same direction, and already launched its blog contest within the Senate. Similarly, Mme Kosciusko-Morizet – French MEP in charge of digital economy – has invited politicians to get involved in the web2.0 area (notably throughout social networking), and also pushed for the migration of the administration’s web portals and services to the mobile space.
Incidentally, I do hope that France’s gov2.0 strategy looks far beyond social networking.