There's an excellent blog post by security guru Bruce Schneier on Privacy and Control, explaining very clearly why legislation is needed to protect privacy by giving people control over their personal data (see his talk on privacy and security). When internet household names and NGOs too have united in calling for updated laws, in the Digital Due Process coalition, hopefully legislators will take note and act. Perhaps even in the forthcoming proposals to revise the EU Data Protection Directive?
But as I've said before, personally I don't think laws (or PETs) will do much good without better monitoring and enforcement, and meaningful penalties for breach.
Talking about control over personal data, and in particular its use for different purposes, see also the 33 Bits of Entropy blog post by de-anonymization expert Arvind Narayanan on whether it's a privacy violation to make "public" data even more public. He makes the point that "We need to figure out some ground rules to decide what uses of public data on the web are acceptable." Which is the most difficult issue. The aims have to be clear before laws can be made or privacy policies enforced whether by machines or humans.
The "public vs. more public" issue seems to have become more topical after danah boyd's SXSW keynote speech Making sense of privacy and publicity. E.g. see Broadstuff's comments on the speech and his interesting final observation:
"the people who are heading the companies espousing Public Living the most, are also ensuring their own privacy the most - to the extent that I think we are seeing the emergence of "Privacy Feudalism" - there is a risk that in the future only the rich/powerful will have privacy, life will be lived in a public bubble except for those who can live behind the gated online communities."
©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.