In the first of a Newsroom series of interviews with New Zealand’s “watchdogs”, Shane Cowlishaw talks to Privacy Commissioner John Edwards about his role and why we shouldn’t fear Facebook.
John Edwards knots his fingers, leans back and points out that most people don’t think about their privacy until the worst happens.
“You don’t sit around saying ‘oh, I’m really enjoying my privacy at the moment.”
But as the internet and the rise of social media has connected society through a spiderweb of friend requests, food tweets and baby photos, privacy has become a rapidly evolving and increasingly talked-about aspect of our lives. Edwards, as Privacy Commissioner, is at the pointy end of the changes.
Since taking over the role three years ago he’s led a rapid modernisation of the department, introducing new tools and trying to reach as many parts of the country as possible.
The workload is growing and Edwards is increasingly sought for comment as technology changes the way we share information and how personal details are collected and stored.
Despite criticism that society is oversharing, Edwards says there’s absolutely no merit to the argument that in today’s digital age privacy is dead.
“I absolutely rebut the sort of increasingly common assumption that people who use and enjoy the benefits of technology abandon or trade off their privacy. They simply don’t.”
People are selective, he argues, about what they publicly post, choosing what they do and don’t want the world to know.
Indeed the Commissioner himself is a prolific user of social media, with thousands of Twitter followers. He has tweeted more than 20,000 times.
He is also quick to defend Facebook, which he believes is well-aware of privacy considerations.
“By no means does Facebook signal the end of privacy and if Facebook doesn’t understand and respect people’s privacy, they will lose their dominance.”
Edwards is slightly gloomier when discussing the future of analytics and “Big Data”.
Collecting and crunching citizens' details is increasingly on the agenda of governments around the world, not least our own.
In New Zealand a data-driven social investment approach was spearheaded by Bill English as Finance Minister, and is aimed at making better spending decisions and targeting funding.
But that approach hit a snag when the Ministry of Social Development (MSD) announced it would demand detailed client information from contract holders before awarding funding.
The blow-back was loud and a decision from the Privacy Commissioner about the move is imminent.
Edwards won’t talk specifically about MSD, but says, while information sharing is not evil in itself, there are big risks in being ruled by automated decision-making and algorithms.
“What I am here for, I think, is to be a word of caution about overconfidence and to say 'well, you say you’re going to get that result, are you sure?' There’s a lot of snake-oil salespeople out there promising that data can have your baby or that the blockchain is going to save the world – it’s not true, there’s a lot of overselling of this stuff.
“There’s also enormous risks of selection bias of hard-wiring underlying prejudice, of misallocating resources, of causing people great harm without a solid evidence base - so I worry about a level of overconfidence about what the technology can deliver.”
What does the Privacy Commissioner do?
Other than investigate big data and providing comment to the media when a government department discloses something they shouldn’t, what does Edwards’ office do?
It’s a question, Edwards admits, most New Zealanders wouldn’t know the answer to. But that is something he’s trying to change.
The Privacy Commission receives about 800 complaints a year, which they investigate, attempt to mediate and, failing that, come to an opinion on.
By far the most common complaint is about an organisation refusing to release personal information.
Many people are unaware they have the ability to request their personal information from almost anyone, whether it’s a dentist, a bank, or the police.
“We’re really trying to crack that thing of how do we reach those people who don’t know what their rights are, who don’t understand they’ve got a remedy when something goes wrong, who don’t know they’re entitled to call out their gym or insist their school give them information.”
Aside from the complaints, there’s the 8000 annual inquiries from companies and government departments seeking advice about how to design new policies with privacy in mind.
This keeps his office busy as they respond within the framework of the Privacy Act.
The law needs changing
First introduced in 1993, there’s little doubt the Privacy Act needs a refresh for a modern age.
The need for an overhaul was signalled by the Government seven years ago, but despite a range of proposals and a review by the Law Commission nothing has happened.
Justice Minister Amy Adams has stated she wants a Bill introduced this year and Edwards continues to wait patiently.
He wants a see a raft of tweaks, including mandatory reporting of privacy breaches.
“If there are these other non-compliant organisations just thumbing their nose at it because there’s not hard consequences, it diminishes trust,” Edwards says, referring to the inability of the Privacy Commission to impose any real penalties for privacy breaches.
This is something he’d like to see changed, although when asked if it’s frustrating being a “toothless tiger”, he bristles slightly.
“I was asked that question when I was first appointed and I said I may be a toothless watchdog but I can assert quite a lot of pressure with my gums.”