IGF 2023 Lightning Talk #29 The Trouble with Transparency in Data Privacy Regulations

Time
Tuesday, 10th October, 2023 (05:30 UTC) - Tuesday, 10th October, 2023 (06:00 UTC)
Room
Room H
Subtheme

Data Governance & Trust
Data Privacy and Protection

University of Southern California
Rohan Grover, University of Southern California, Academia, WEOG (United States)

Speakers

Rohan Grover, University of Southern California, Academia, WEOG (United States)

Onsite Moderator

Rohan Grover

Online Moderator

Rohan Grover

Rapporteur

Rohan Grover

SDGs

9. Industry, Innovation and Infrastructure
16. Peace, Justice and Strong Institutions

Targets: This topic contributes to SDG 9 because data governance is an important level of infrastructure in the digital economy. This topic also contributes to SDG 16 on two levels. On the state level, this topic supports developing regulatory frameworks that ensure public access to information and a participatory approach to data privacy. On the organizational level, this topic promotes transparency and, more importantly, accountability from companies subject to data protection regulations because they participate in the data economy.

Format

Lightning Talk + Discussion

Duration (minutes)
30
Language
English
Description

States are shifting data governance regimes in response to concerns about widespread datafication and its implications for AI, surveillance, and economic and human rights. One important trend is to uphold an individual right to privacy by regulating companies through data protection policies—such as the General Data Protection Regulation (GDPR) in Europe or the California Consumer Privacy Act (CCPA) in California, which serve as policy models for an increasing number of states around the world. However, empirical research and audits have found widespread problems with corporate compliance, indicating a gap between the expectations of policymakers and the experiences of data practitioners and, ultimately, users. As data protection strategies are increasingly adopted, it is important to define this gap between expectations and experience more precisely. In this lightning talk I will describe findings from research that examines the specific expectation of transparency in data protection compliance work—which I define as technicians’ labor to translate data privacy regulations from law into code. I will draw on interviews with software developers to identify four common forms of transparency expectations under data protection regulations: personal data transparency, consent transparency, external compliance transparency, and internal compliance transparency. I will illustrate how this matrix of simultaneous transparencies provides a more precise way of diagnosing the feasibility of “compliance” of data protection regulations, and how it demonstrates the important value that data technicians play in data governance. This talk will thus open up new questions and policy interventions for enacting data governance and ultimately refining what "data privacy" will and can be.

The session will begin with a 15–20 minute remote presentation by the organizer, and then a 10–15 minute discussion among all participants