IGF 2023 Lightning Talk #29 The Trouble with Transparency in Data Privacy Regulations

    Time
    Tuesday, 10th October, 2023 (05:30 UTC) - Tuesday, 10th October, 2023 (06:00 UTC)
    Room
    SC – Room H
    Subtheme

    Data Governance & Trust
    Data Privacy and Protection

    University of Southern California
    Rohan Grover, University of Southern California, Academia, WEOG (United States)

    Speakers

    Rohan Grover, University of Southern California, Academia, WEOG (United States)

    Onsite Moderator

    Rohan Grover

    Online Moderator

    Rohan Grover

    Rapporteur

    Rohan Grover

    SDGs

    9. Industry, Innovation and Infrastructure
    16. Peace, Justice and Strong Institutions

    Targets: This topic contributes to SDG 9 because data governance is an important level of infrastructure in the digital economy. This topic also contributes to SDG 16 on two levels. On the state level, this topic supports developing regulatory frameworks that ensure public access to information and a participatory approach to data privacy. On the organizational level, this topic promotes transparency and, more importantly, accountability from companies subject to data protection regulations because they participate in the data economy.

    Format

    Lightning Talk + Discussion

    Duration (minutes)
    30
    Language
    English
    Description

    ***NOTE: This Lightning Talk has been cancelled because remote/hybrid presentations are no longer supported. Please feel free to read the paper found at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4577409 and reach out to Rohan Grover ([email protected]) for more information.***

    -

    States are shifting data governance regimes in response to concerns about widespread datafication and its implications for AI, surveillance, and economic and human rights. One important trend is to uphold an individual right to privacy by regulating companies through data protection policies—such as the General Data Protection Regulation (GDPR) in Europe or the California Consumer Privacy Act (CCPA) in California, which serve as policy models for an increasing number of states around the world. However, empirical research and audits have found widespread problems with corporate compliance, indicating a gap between the expectations of policymakers and the experiences of data practitioners and, ultimately, users. As data protection strategies are increasingly adopted, it is important to define this gap between expectations and experience more precisely. In this lightning talk I will describe findings from research that examines the specific expectation of transparency in data protection compliance work—which I define as technicians’ labor to translate data privacy regulations from law into code. I will draw on interviews with software developers to identify four common forms of transparency expectations under data protection regulations: personal data transparency, consent transparency, external compliance transparency, and internal compliance transparency. I will illustrate how this matrix of simultaneous transparencies provides a more precise way of diagnosing the feasibility of “compliance” of data protection regulations, and how it demonstrates the important value that data technicians play in data governance. This talk will thus open up new questions and policy interventions for enacting data governance and ultimately refining what "data privacy" will and can be.

    The session will begin with a 15–20 minute remote presentation by the organizer, and then a 10–15 minute discussion among all participants