Jules Polonetsky is the CEO of The Future of Privacy Forum (FPF), a think tank based in Washington DC. FPF aims to serve as a platform for policymakers, industry leaders, and academics to come together and discuss emerging technologies and the privacy challenges that they pose.
Rina Shainski: You have been such a visionary with The Future of Privacy Forum. What was your vision when you started it in 2008?
Jules Polonetsky: When I started as a Chief Privacy Officer years ago, I thought that my friends, other CPOs, didn’t really have a place to meet and discuss best practices, hear about new technologies, interact with regulators, learn from academics, etc. My goal was to create a space in the center of the privacy debate bringing together CPOs, academics, and civil society from companies all over the world. I wanted a place where we could discuss all sorts of technological advancements while keeping in mind that privacy rights are often challenged because of the risks that data sharing and data leakage bring about. We want to advance the new technologies while building protections around data that keep individual data safe and create benefits for our society.
Shainski: Something that is very interesting to discuss is the role of technology in protecting data privacy.
Polonetsky: So, I think that law and technology have equal and critically important roles to play. At the end of the day, we’re talking about the rules that set the stage for what companies, governments, institutions, and researchers do with our data. With that being said, technology can set the guardrails. The decisions that companies make define a precedent for other companies. For example, when Apple makes a decision about how apps can use data, it’s the equivalent of setting law for those companies.
Shainski: I want to ask how much technical knowledge do you believe the CPOs of today and the future should have to be able to contribute to their data-driven organization?
Polonetsky: I think that the Chief Privacy Officer is going to become an irrelevant figure if they don’t become deeper experts on how data moves through different ecosystems and how technology works. We’re seeing that many of our stakeholders, who are CPOs, senior partners doing privacy at law firms, or government institutions, are really struggling to get comfortable having a smart enough conversation with their counterparts. They need to be able to ask probing questions and assess whether or not their technologies meet legal standards.
Shainski: It’s really becoming fascinating how technology needs to evolve to protect data as more and more data is being aggregated and used. Protecting data is really becoming a discipline on its own.
Polonetsky: One interesting note that comes to mind: in Israel in particular, usually it’s startups that are moving first to new technologies. The government and some of the older institutions can be extremely slow. You’d think that the private sector would be the fastest to start advancing some of the privacy enhancing technologies. We’re actually starting to see interesting demand from government agencies because they have lots of diverse data, wanting to analyze their data in a privacy preserving manner. There’s been almost this second wind in the demand for privacy enhancing technologies (PETs) where governments are now joining in.
Shainski: That is very interesting, and Duality has also experienced the same thing where governments are becoming interested in exploring the possibilities of PETs. Finally, I want to talk about another important stakeholder: the data privacy regulators. What we’re seeing is an elevated level of activity of the regulators in expressing interest in privacy enhancing technology. They’ve started offering prizes and challenges in the field. Do you see data privacy regulators embracing or encouraging the use of PETs in the near future?
Polonetsky: Yes, we do see them embracing these new forms of technology, but there’s something missing still: a clear guidance as to which technologies are suitable for which particular uses, and how, given those uses, do those technologies meet the legal standards? Often, what’s stopping a company from using a PET is that the regulator cannot tell them exactly what the risk is. We need regulators to provide more certainty about which technologies are suitable for what uses. One of our big goals this year is to work with regulators around the world and help them understand what they need to do. They need to give a clear definition that can incentivize companies to adopt privacy enhancing technologies. Organizations never know if they’re doing exactly what’s needed, and regulators should in the future be able to provide this answer. There is a need for an international network of regulators who focus on cooperating to advance, promote, evaluate, and give guidance so users of PETs have an easier roadmap.
Shainski: Do you expect something along the lines of this to happen this year? What’s the timeline?
Polonetsky: Stay tuned and I guess we’ll see.
Shainski: I have no doubt that more concrete and specific guidance is absolutely necessary to increase the adoption of privacy enhancing technologies. Thank you so much for speaking with me today.
To watch the entire interview, click below.