SRI Associate Director Lisa Austin joins our weekly Seminar Series to discuss a draft paper on data protection laws concerning the regulation of personal information, co-authored with SRI Research Lead David Lie, and SRI Faculty Affiliates Nicolas Papernot and Aleksandar Nikolov.
Austin is a professor in the University of Toronto’s Faculty of Law and co-founder of the IT3 Lab, which focuses on interdisciplinary research on privacy and transparency in technology. Her research focuses on legal theory as well as law and technology. Austin’s extensive privacy work has been cited numerous times by Canadian courts, including the Supreme Court of Canada. In 2017, Austin received U of T’s President’s Impact Award.
Talk title:
“Why we should regulate information about persons, rather than ‘personally identifiable information’”
Abstract:
Data protection laws modelled on the Fair Information Practice Principles (FIPPs) share the same basic legal architecture in that they regulate the processing of personally identifiable information (PII). Although privacy is one of the main interests protected by FIPPs, there is a growing mismatch between many technical approaches to the protection of privacy—like differential privacy—and legal understandings of PII. For example, differential privacy focuses on how data is processed to extract aggregate information (the algorithm) rather than on data manipulation (such as in many “de-identification” techniques) and it measures whether we can infer data about a specific individual rather than determining whether that individual is “identifiable.” The resulting misalignment will impede efforts to create better technical standards, as well as make it difficult to enforce the legislation given that there is no technical mechanism to achieve what it requires. In this paper we address this misalignment and propose several major reforms to the FIPPs framework. In particular, we argue that data protection law should impose a comprehensive privacy risk minimization obligation that applies to the processing of all “information about persons,” rather than PII, and also embrace new regulatory tools to ensure compliance with this obligation. While our claim is that this alternative legal architecture can better protect individual privacy, we further argue that it can also better accommodate other emerging data concerns that are not about individual privacy.
Suggested reading:
L. Austin, D. Lie, N. Papernot and A. Nikolov, “Why we should regulate information about persons, not ‘personal information,’” Schwartz Reisman Institute for Technology and Society, February 12, 2021.
About Lisa Austin
Lisa Austin is a professor of law at the University of Toronto, and an associate director at the Schwartz Reisman Institute. Prior to joining U of T, she served as law clerk to Mr. Justice Frank Iacobucci of the Supreme Court of Canada. Austin is a co-founder of the IT3 Lab, which engages in interdisciplinary research on privacy and transparency. In 2017, she received a President's Impact Award from the University of Toronto.
Austin's research and teaching interests include privacy law, property law, and legal theory. She is published in such journals as Legal Theory, Law and Philosophy, Theoretical Inquiries in Law, Canadian Journal of Law and Jurisprudence, and Canadian Journal of Law and Society. She is co-editor (with Dennis Klimchuk) of Private Law and the Rule of Law (Oxford University Press, 2015), in which distinguished Canadian and international scholars take on the general understanding that the rule of law is essentially only a doctrine of public law and consider whether it speaks to the nature of law more generally and thus also engages private law.
Austin's privacy work has been cited numerous times by Canadian courts, including the Supreme Court of Canada. She is also active in a number of public policy debates in Canada. Most recently, she collaborated on a report for the Office of the Privacy Commissioner of Canada entitled Seeing Through the Cloud: National Jurisdiction and Location of Data, Servers, and Networks Still Matter in a Digitally Interconnected World. Previous policy work includes consulting for the Canadian Judicial Council on their Model Policy for Access to Court Records in Canada.
About the SRI Seminar Series
The SRI Seminar Series brings together the Schwartz Reisman community and beyond for a robust exchange of ideas that advance scholarship at the intersection of technology and society. Seminars are led by a leading or emerging scholar and feature extensive discussion.
Each week, a featured speaker will present for 45 minutes, followed by 45 minutes of discussion. Registered attendees will be emailed a Zoom link approximately one hour before the event begins. The event will be recorded and posted online.
Lisa Austin