We live in times of profound technological impacts and accelerating history. Technology is increasingly influencing fundamental aspects of societies. Some technologies have great potential but their impact in the long term is difficult to imagine in advance by most.
My background is compounded. I have experience in security engineering, walked a path leading to industry and academic research. I was happy to see some of it helpful in practical ways. My research and work happened at the time where it was directly applicable in standards-setting and regulation baking environments. I worked in privacy and cybersecurity technology and tech policy; was fortunate for instance having the opportunity to pursue matters relevant to the norms of cybersecurity. That the matter is gaining in relevance in international relations, and may be applicable to cyber conflict.
As distinct the matters are, opportunity to see and experience existing links in between is fascinating. I was able to experience how the broad awareness and knowledge of specialized and narrow aspects of technology and tech policy helps working comfortably, and understand the big picture concepts. It’s handy for foresight strategic analysis. The evolution of cybersecurity, privacy, data protection, digital ethics, machine learning models, automatic decision making, fairness, but also the grander impact of technology on humanitarian aspects will grow - but in very specific ways. There are existing links both between technologies, and technology regulations. Their influence potential is broader than that initially seen. The fact that advertisement networks enable disinformation operations had no place in the debate just few years ago. Who would expect the ensuing debate on fighting disinformation and other harmful content to reach principles such as freedom of speech?
That’s why I am delighted that starting soon I’ll be advising the European Data Protection Supervisor. With the challenges ahead and new data protection principles emerging, I hope my broad body of skills and experience will be helpful in these times of fascinating changes. I’ll be happy to keep my involvement in the technical and regulatory front. Especially since we can increasingly see the desire of pursuing the “do something the quick & easy way” approach to complex problems which in fact merit from deeper analysis.
I find this a nice opportunity to look at some select things I did during the last year:
- I advised at the International Committee of the Red Cross in matters of cyberwarfare. Some of the work is to be public soon. I am confident it will be relevant in the negotiations within the United Nations over the next years.
- As a W3C Technical Architecture Group member I focus on high-level aspects of security and privacy aspects in web standardization, notably also the Security & Privacy questionnaire, a device meant to help thinking about security and privacy early during the design of standards.
- Some research progress: I demonstrate the aspects of privacy risk of Web App Manifests, the tech behind the Progressive Web Applications evolution. I’m wondering how the matter evolves.
- I coined the term GDPR hysteria (1, 2), on the occasion of GDPR entering into force.
- I presented my opinion on designing technology with privacy, at the Council of Europe’s plenary meeting of Committee of Convention 108+.
- I participated in the cool Dagstuhl Seminar on web application security. We discussed what’s ahead in web security (and privacy).
- I critically assessed the European Commission back-the-envelope plan on fighting disinformation (analysis, recent Spiegel article).
- I authored opinion pieces: on Do Not Track affair and the lost opportunity of ePrivacy regulation in Europe in Wired, and on cyberconflict at Council for Foreign Relations Net Politics.
- I spoke on the occasion of first kinetic strikes on a cyber offensive unit in the context of armed conflict (1, 2).
- I was/am in Program Committee of: Hack.lu, Workshop on Privacy Engineering 2019, Annual Privacy Forum 2019, W3C Workshop on Permissions and User Consent.
- Some security and privacy consulting and advisory work I won’t discuss in detail here.
Data protection is increasingly about modern and future technologies. I am happy that recently DPAs decide to be more open to expert advice, as recently the case in the UK (ICO) and Belgian (APD) data protection authorities. I hope to be able to function at EDPS in the daily out-of-the-box analysis and activities.
As excited as I am about what’s to come, I’ll strive to keep my involved as an advisor, at W3C TAG, or Oxford’s Center for Technology and Global Affairs. In this and next decade, to be effective, research, standardization, regulations, and policy need to be close and seen in a broad picture. So I’m looking forward to keeping in touch and working with researchers & Co. Do you?
*PS. 2019 will be exciting for tech policy in Brussels. However, I realize that when it comes to chocolate, Brussels is not on par with Geneva (cheese is not comparable). I’ll live with that. *