#RSAC: The Lasting Impact of the COVID Pandemic on Privacy

Written by

The pandemic has forever changed people's relationship with technology, and with it their expectations of user privacy, according to a pair of privacy experts speaking at the 2021 RSA Conference on May 19.

Julie Brill, chief privacy officer at Microsoft, noted that during the pandemic increasing numbers of people came to realize that they can work from home, learn from home, and socialize and still be deeply productive. With that increased reliance on technology has come growing awareness and concern about the privacy implications of different technologies and online services.

"People are saying more and more that they're concerned about how their data is being used and that they want more privacy," Brill said. "They want companies to do more, and they want governments to do more, to ensure that their data is well protected."

While access to online services has been a way of life during the pandemic, Brill emphasized that the pandemic should not be the reason why people are being asked to give up their privacy. In her view, it should be the case that companies that are providing online tools to schools, community groups and other end users need to be thinking about ensuring they are providing trusted technology.

In the absence of a comprehensive privacy law, which is still the state of affairs in the US, Brill said that it's critical that groups and individuals can trust the technologies they are using to go about daily life.

People's relationship to who they are and how they want to be portrayed has often been framed in the context of control, empowerment and engagement.Julie Brill

Defining Privacy Harm

A key challenge with privacy is precisely determining how it is violated in the eyes of the law, in terms of harm that can occur that is quantifiable, according to Danielle Citron, Jefferson Scholars Foundation Schenck Distinguished Professor in Law at the  University of Virginia.

Citron observed that existing privacy laws in the US are not well suited to the problems of the 21st century. She noted that privacy laws that exist were made in an era when there was mass media publishing stories about people and advertisers using someone's face without permission.

"Now so many of our 21st-century problems are about the collection, the use and the sale of information," Citron said. "Tort law and civil claims haven't quite caught up, and courts really insist upon really tangible harms that are financial and physical."

The Promise of Privacy Laws

In Brill's view, emerging standards and privacy laws such as the European Union's GDPR are positive steps.

While there isn't yet a national data privacy rule in the US, there are currently multiple rules in different states, including California and Virginia, with more to come in the months ahead. Brill said that she sees a lot of hopes and aspirations for privacy laws for a few reasons.

Brill commented that privacy laws are about choosing when the individual wants to engage and having the ability to choose how their personal data is used. In her strong view, privacy is a fundamental right and foundational to other basic human rights.

"People's relationship to who they are and how they want to be portrayed has often been framed in the context of control, empowerment and engagement," Brill said. "And when you really think about it, that's what privacy laws are about."

What’s hot on Infosecurity Magazine?