Dr. Ann Cavoukian receives dozens of tweets each week arguing that she should throw in the towel and give up on her pursuits. As the former Information and Privacy Commissioner for the Canadian province of Ontario, she is often recognized as one of the world’s leading privacy experts.

She created Canada’s “Privacy by Design” framework which has since been translated into 39 languages, giving it a far reaching global presence. The framework sets out a path to proactively embed privacy into the design specifications of information technologies. Even so, floods of people on Twitter and beyond think it’s time for her to move on.

They’re saying “data privacy is gone”. With governments, clouds, and corporations mining and pooling our data, must we simply move on from the idea of digital privacy and focus our energy elsewhere? 

Dr. Cavoukian says this is not so. As a descendant of survivors of the Armenian Genocide, she relates privacy to the mass surveillance that occurs during genocides. Anyone who spoke out against the government faced imprisonment and even death, but that doesn’t mean they gave up. In fact, she relates that a world without privacy is not a world that we want to live in. 

“Just because something may seem like a monumental task, we must keep pressing. We simply cannot let a government or corporation decide our fate.” She adds, “Giving up is untenable. You cannot give up. You keep plodding forward. You can make enormous gains when you least expect it.”

Plus, she points out that we have many reasons to believe that the opposite trend is now occurring. Between government policies such as CCPA, GDPR, and others, the tides are turning. There is momentum through regulation and consumer pressure driving companies and organizations to prioritize privacy. 

“You must have hope. Even though the odds of succeeding may be infinitesimally small… but if you look historically, there have been countless times where the odds were impossible, and success was achieved.”

Taking this back to present day issues, Dr. Ann Cavoukian brought us back to COVID-19 Contact tracing and framed a simple question. Can privacy be protected with something as seemingly anti-private as COVID-19 contact tracing? 

Is Privacy-Preserving Contact Tracing Possible?

Will we be able to protect privacy with one of the biggest joint projects between Apple, Google, and world governments?

“Privacy and security are not trade offs” Dr. Cavoukian points out. “You can’t have security without privacy. It’s frustrating that people treat them as tradeoffs, they are not.”

Google and Apple released an Exposure Notification system that claims to be “privacy-preserving” contact tracing. With something that aims to trace contact, location, and exposure, is the idea of “privacy” a thing of the past.

Dr. Ann Cavoukian, took a position on these during the Nonconformist Innovation Summit and shared insights on where the world is going.

Across the planet, governments, corporations and health authorities are working in collaboration to find solutions to the COVID‑19 pandemic, much of which threatens the very nature of our privacy.

Talking about the Apple and Google joint venture of Contact Tracing, Dr. Cavoukian had the opportunity to review the technical specifications of their privacy-preserving contact tracing system. She shares her approval: “They’re doing a good job of protecting privacy” 

“It is possible, it can be done” she confirms. 

How Does Decentralized Identity Fit into Privacy by Design?

The landscape is finally shifting. Companies and organizations are forming consortiums, conferences, and major initiatives around decentralized identity. 

Fundamentally, Dr. Cavoukian points out that she “loves that Microsoft and large players and groups are entering this space”. This is a positive trend and she points out that these consortiums and groups are making a renewed push at engineering privacy by design. 

With Microsoft, IBM, Accenture, Evernym, Sovrin and others pushing forward with decentralized identity projects, how do these fit into Dr. Cavoukian’s Privacy by Design framework? She’s a big fan of decentralized identity as a concept, and believes that this is the necessary direction towards protecting consumer data. Decentralized identity allows both parties to share necessary information without compromising on privacy and security. 

Privacy by Design is based on seven “foundational principles”:

1. Proactive not reactive; preventive not remedial
   
2. Privacy as the default setting
   
3. Privacy embedded into design
   
4. Full functionality – positive-sum, not zero-sum
   
5. End-to-end security – full lifecycle protection
   
6. Visibility and transparency – keep it open
   
7. Respect for user privacy – keep it user-centric