On May 10, 1997, a group of 200 protesters descended on Brighton’s city center to rally against an unwelcome addition to its streets—CCTV.
It was the first public demonstration in England of its kind, with protestors’ antics ranging from plastering bright yellow and black warning stickers on walls to placing paper bags and blow up dolls on top of camera poles.
Among the demonstrators was Simon Davies—a privacy advocate who seven years earlier founded the watchdog organization, Privacy International. Mr. Davies was in attendance to advise the protesters, which was just as well: his involvement proved pivotal in preventing mass arrests that day.
The Brighton protest was one of many campaigns for privacy in which Davies participated, and his pioneering efforts—which led to the founding of Privacy International—have since snowballed into many initiatives and organizations.
This year sees the launch of a new initiative to help citizens in the EU organize class action lawsuits against companies and institutions that break data protection policies.
In our Q&A with Mr. Davies, we delve into the details of the EU class action claims, the battle for individual privacy, and how anyone can take action against invasive surveillance.
1. You’ve recently launched a new EU initiative, to accelerate class action claims for breaches of privacy and data protection. Could you explain how it works?
It’s a simple legal issue. In many countries, it is possible to bring a claim on behalf of many people against organisations that breach their rights. This means that it’s possible to make a claim that represents the interests of thousands or even millions of people. So let’s say that a company has created a data breach that compromises the information of an entire population. We can make a class action claim on behalf of all those people, even if they are not named or identified in the claim.
2. What are your hopes for the foundation once it’s fully formed? Are there any details you can disclose about its progress so far, or the people and organizations involved?
The initial work was supported by the U.S.-based Electronic Privacy Information Center (EPIC). Since then we have been working with privacy officers from several companies and universities to develop a constitution for the organisation. We want to centre this initiative in the Netherlands because that country has the best legal instruments to make class actions possible. Our ultimate aim is to create a legal infrastructure that makes organisations more sensitive to the rights of people—and the consequences of ignoring those rights.
3. The forming of such an initiative looks quite timely, with the EU’s General Data Protection Regulation (GDPR) coming into effect in May. How will your initiative help people seeking greater accountability from organizations that don’t comply with GDPR?
This is a correct interpretation. The GDPR is central to our work, though not exclusively so. There are already data protection laws in place throughout Europe, and those laws will form the foundation for this initiative. However, GDPR will place a greater imposition on organisations to deliver rights for people. These rights will obviously be enforced via the national regulators, but I do believe our initiative will create an additional incentive for them to adopt good practice in their information systems.
4. In the thirty years you have been campaigning for the privacy of citizens, what has struck out the most to you about the debates surrounding individual privacy?
So much has changed in thirty years. When I started in this work – pioneering the international privacy movement – almost no-one understood the importance of privacy. Now it is pub talk. You can talk to anyone in any bar in any country and have a conversation. And people understand that this is about core elements such as the hypocrisy, secrecy, and deceit of organisations.
5. What keeps you hopeful amidst the barrage of news surrounding encroaching surveillance laws, unsecured IoT devices, data leaks and the general erosion of individual privacy?
It can be quite depressing working against all the new technologies that compromise our rights, but I am hopeful that the emerging generation of enabling IT will help balance that. For example, I’m currently working with a U.S. company called Senzing that will allow people to know exactly what information any organisation holds on them. This is positive. And when you add all the other layers such as the ToR Browser, (some) blockchains and VPNs. The future isn’t too bleak. We just need to be vigilant!
6. What would be your one piece of advice to people who want to get involved in privacy advocacy but don’t know where to start?
Oh gosh, I would suggest working locally. Pick an issue that fires you up, no matter how minimal it is. Camera surveillance at work, companies that demand information when you buy their products, bad contracts. These fights can inspire you and eventually move you on to bigger battles!
7. And finally, what’s a good online privacy habit that we can all start doing right away?
At a fundamental level, use disinformation. Never give anything away. Even on social networks don’t give away your real birth date, your location or your real name.
Simon Davies now runs his own blog, The Privacy Surgeon, where he covers affronts to privacy in its many forms.