It’s possible that you haven’t heard of the International Telecommunications Union (ITU). However, it is likely that the ITU affects your life in some way. The ITU is the UN agency responsible for information and communication technology. One of their key functions is standard-setting. They set the technical standards that make it possible to send a text message to an overseas phone without having to get some kind of complex adaptor; they also help to assign satellite orbits so that you don’t get abrupt service interruption from two (or more) satellites crashing into one another.

I spoke at the ITU’s conference in Tunisia last month, when I was in Marrakech my role as chair of the International Conference of Data Protection and Privacy Commissioners (ICDPPC). The ITU conference was the Global Standards Symposium (GSS), a one-day event held prior to the World Telecommunications Standardisation Assembly (WTA-16).

I was invited to speak at the GSS because the theme was “Security, Privacy and Trust in Standardisation”. These are topical issues as the world becomes more connected; it is increasingly rare for information to stop moving when it encounters a border, or to even slow down.  This means that there are circumstances where international standards around security and privacy are more important than any one nation’s laws, as they apply regardless of where your data starts and ends its international travels.

Here are a few of the points I made in my talk to the GSS:

• That there should be international standards governing state agents collecting data from telecommunications networks. These standards should set a lawful authority, and only give access when it is necessary and proportionate. These legal standards should be consistent across jurisdictions. Without these standards, authorities in a more “lax” nation could easily access information pertaining to someone from a nation with stricter standards, thus nullifying that second nation’s data protection.
• The ITU should develop and promote standards for de-identification of individuals. There’s a significant amount of potential public benefit from telecommunication data. Examples include the movement of refugees or the spread of a disease. A set of standards to ensure that this data is used in a de-identified way would unlock this benefit without compromising the trust individuals place in their telecommunications providers.
• Algorithmic transparency should be developed and standardised. This is an emerging issue as artificial intelligence and machine learning put more decisions in the hands of computers, not individuals.

Speaking to the ITU was a good opportunity to strengthen the connections between that organisation and the ICDPPC, as both work in the similar, growing spaces of cross-border information transfers.

You can read my full speech here.

Global Privacy Assembly (GPA), International, technology