Of a Privacy Compliance Toolkit,Glitter and #IFF5

By Francis Monyango

When I walked into the Visual Room of Las Naves building, I expected to see faces from the global south. But the attendees present were from all over the world. I took a deep breath and I smiled. I welcomed them to the session then I asked them to introduce themselves.

“Hi, I am… .I am from Spain.”

“Hi, I am… I am from… in Brussels, the home of the GDPR”

As the introductions went on, it hit me that privacy compliance is not only a worry in countries without data protection laws but it’s a real headache in countries with privacy laws. It seems that there was no one off formula for compliance.

Privacy Compliance for Techies Toolkit.

For the past few months, I have been working on a Privacy Compliance for Techies Toolkit. My motivation has been technologists in countries without data protection laws  such as Kenya who I felt should revise their data privacy assumptions because the global changes in law and norms will eventually require them to do so.

I proposed a feedback session for the #IFF5 Valencia and I was accepted as a DIF grantee 😀. (Thank you very much IFF) I hoped to get feedback from the participants on the draft Privacy Compliance for Techies Toolkit that I am working on.

My approach to compliance by technologists is through the concept of privacy by design. I believe it is a proactive way to protect of the right to privacy. Privacy by design is encoded in the G.D.P.R Article 25 and countries which have had data protection laws for a while have technical expertise in creating systems that protect personal data. Other countries, especially in the global south are enacting data privacy laws similar to the GDPR and soon their technologists will be in a compliance quagmire. It is these crop of technologists that I hope to reach and impact eventually.

Before the session, I had imagined that the toolkit would comprise of a handbook that would assist technologists to understand privacy concepts. I hoped that the session would enable us (me and the participants) to create a very practical breakdown of privacy concepts and law to technology processes for the handbook. I expected participants from jurisdictions without data protection laws to flock my session because those from countries probably have an understanding on how to comply.

What I learnt

https://pad.internetfreedomfestival.org/p/1258

1. The participants in my session opined that there was too much legalese in privacy policies online. The writers of these policies should ensure lay people able to understand what is being communicated. The general feel was that technology service providers thrive in the legalese and vague terms in the privacy policy and cookie policies.

2. Technologists should have a course on law and ethics in their curriculum so as to embed privacy concerns in their minds while they are still training.
Some participants suggested storytelling and working with creatives may help technologists understand these situations. The conversation on privacy compliance should involve other people.

3. The masses need to be educated on data privacy. This will enable them care about privacy and to protect themselves from the evils of surveillance capitalism.

4. Never forget the business motive. Technologists and lawyers need to create compliance solutions that do not kill businesses.

5. Some participants shared some resources that maybe used in the preparation of the tool kit. These sites are :

Next Steps
We agreed to collaborate (working open) in creating privacy compliance methods which factor in business models. More of this will be shared on this blog soon.

P. S: #Glitter

An image of yours truly with Glitter on his face 😁

I was curious on how Glitter would look on me and I ended up having my face painted. It was a fun experience I must say though I probably ended up looking like a witch doctor 😂.

Thank you Internet Freedom Forum for everything.

Leave a Reply

Your email address will not be published. Required fields are marked *