Elizabeth Denham CBE
In 2024, privacy and data-protection professionals across the globe are grappling with unprecedented advancements in technology. Add to that rapidly evolving risk and an onslaught of new regulations, which are sometimes misaligned. At the same time, we face increasing demands from the C-Suite to help leaders navigate a host of new digital-age challenges. It’s a lot or too much, depending on the day. And yet, there has never been a better or more interesting time to be in our profession. We sit at the intersection of technology, policy, and law. That unique vantage point lets us skillfully shape responsible business practices and, moreover, the policies and regulations that will guide innovation going forward.
As the Chief Strategist of the Information Accountability Foundation, I believe we have a major opportunity that is also a weighty responsibility. Working together, we can ensure that the ability to innovate with data is not unduly stifled by well-intentioned but misguided policies or by industry failures that undermine trust and confidence in companies and technologies. I see that work as an exciting prospect.
Assessments Must Expand
One thing is clear: we can no longer focus exclusively on traditional privacy issues that may arise from the processing of personal data. Our assessments and investigations must expand as we described in our 2022 report on a Principled Approach to Rights and Interests Balancing https://informationaccountability.org/2022/12/a-principled-approach-to-data-protection-riskbalancing/
We must learn to evaluate a broader set of impacts, both positive and negative, to all relevant stakeholders. That includes groups of people. Think communities, societies, nations and other interests people have. Even our planet.
If we are to succeed – and we will succeed – we must first forge a collective focus on evolving our roles beyond the pre-set functions of days gone by. Only when we address current challenges and bolster the governance needed will we effectively manage data in our contemporary world. Our profession needs nothing short of a modern-day Renaissance to maintain our relevance and lead global organizations through the current environment.
Since joining the IAF last year, I have felt inspired by our members and uplifted by our community. The main message, heard loud and clear, is that privacy leaders are now working beyond the traditional borders of data protection. This necessary mission creep has come from increased demands for supporting data-driven companies in a highly competitive world. Today, data-governance professionals face never-before-seen levels of policy and ethical expectations.
The Clamour to Meet AI Requirements
When it comes to the power and risk of algorithmic tools, the future has arrived early. Predictions have fallen short. Advanced AI and machine learning capabilities expected in five years’ time are already here and thriving. Scrambling to keep up with technology, legislators have produced new laws and guidelines: the EU AI Act, an Executive Order in the US, Canada’s AIDA, new US state laws, on-line safety regulations, and coming-soon codes and conventions. These measures reflect the public’s increased level of awareness and expectation that governments will manage the public and private sectors’ newly minted, tech-enabled capabilities. Similarly, advocates, analysts, and regulators require new parameters, renewed skills for our work, and a recommitment to ambition.
Privacy Leaders’ Renaissance
Privacy leaders need a veritable Renaissance in how we think about roles within our organizations and what activities regulatory bodies should oversee. We must evolve out of siloed policy thinking and narrowly specialized skills sets. A massive undertaking, undoubtedly. But it’s been done before. If we managed to revive Leonardo da Vinci in our current moment, he may have found our world—poised on the brink of massive change—oddly familiar.
We live in fascinating times. And just as Europe’s Renaissance saw a break from the strict theological and societal structures of the Middle Ages (more than six-hundred years ago) we must once again embrace rebirth and rediscovery. We have an imperative not only to protect but to explore. To innovate. To be as curious and progress-oriented as the scientists and artists of Europe’s 14th and 15th centuries.
Such epochal descriptions sound grandiose, sure. But this is exactly what philosophers, opinion leaders, and technologists are thinking and writing about today.
How does advanced AI change the status quo?
Does it transform what it means to be human, when AI links with other advanced technologies in biotech, materials development, and climate science?
In our own profession, what do information and data specialists need to do within and beyond our organizations?
How can we ensure we have the right skills, the capacity, and the capability to make our mandates meaningful?
Can we think beyond protections for individual dignity and autonomy rights to societal and global impacts?
Data Professionals Have Long Worked as Cultural Translators
The IAF shares an optimistic view: that answers to such questions are coming clear. We believe that our profession can make the necessary and responsive adjustments, as long as we recognize the sea change in front of us. But we do need research-backed, consensus-led guidance for the kind of wholesale cultural, structural, and practical overhaul needed today. This renaissance has already begun at leading companies the IAF studied in our 2020 Report on The Movement Towards Demonstrable Accountability.
What does the future of our profession require? For starters, we need to internalize the truism that you cannot separate data and privacy from culture and society. That is to say, we need to change along with technological transformations. We need to bring creative strategy and multidimensional skills to the table—or desktop, rather. It will be important to connect and work with those who develop new technologies, strategically manage data governance, address opportunities and risks with solutions, and understand the wider economy and society in which their technologies operate. We must read broadly about policy development to move beyond our own expertise. When we do that en masse, we will create a convergence of regulatory and compliance efforts. Organizations cannot afford to have their policy people working in a disjointed way.
Infrastructure that Enables Cultural Change
Second, we need to implement infrastructure that will enable cultural change. Commitment needs resources to be effective. We must rethink our contemporary situation in a comprehensive way, not in a silo or as specialists. Data-protection regulators who take on direct AI oversight will need to operate in both an agile and strategic way, so that they can work beyond the boundaries of individual agencies, sectors, and jurisdictions.
The IAF can help members with the policy infrastructure needed to build out truly modern organizations. To ask the difficult questions. To uncover practical solutions. Our support enables policy leaders and change makers to be fearlessly forward thinking. In this day and age—which is now a version of “tomorrow”—we need to think well beyond the relatively limited offerings of privacy notices and SCCs. Negotiating privacy statements and formalizing web forms are important actions, certainly. But without the capacity to robustly assess and defend against AI systems, your organization will struggle to meet contemporary needs. They’re a swiftly moving target.
Toward Sustainable Data Policies
To create truly sustainable data policies, companies must make commensurate investments when they develop AI capabilities and when they renew their strategic policy and governance functions. If these investments fall out of balance, both efforts will fail. Checking boxes on the paperwork of privacy’s yesteryear just won’t cut it anymore. We must study the magnitude of change in the present and on the horizon, then take inspiration from it.
The IAF can help our members re-create their roles within organizations, giving them the strategic clearance necessary to do contemporary policy and oversight work. We support advanced assessments and interrogations of AI solutions, which then gives companies the ability to process data in a strategic and sustainable way. IAF is also well-placed to lead cross-industry discussions on how to integrate these issues into current risk assessment practices.
If this blog post has become something of a manifesto, my apologies. But I must speak stridently to properly convey the urgency of this acute moment in our profession’s long history. And we can continue to take inspiration from that history, too, while we look to the future. Data professionals have long worked as cultural translators. We interpret legal text to guide operational requirements. We have been diplomats of a sort: bridging the gaps between the page and the world, between raw numbers and real people. That position has made us highly mobile, flexible, and innovative in our approach. Those traits will be needed as long as there are technologies that evolve and people who will benefit from their responsible deployment.
2024: A Renaissance for the Privacy Profession
January 2024
Home / Publications /