Online privacy and security have become a central part of our new digital reality, so it was a great honor to track down Leonardo Cervera, the man responsible for the first “Data Privacy Day” event in the United States. We chatted about data privacy and his overall background and interest in keeping people safer online — he even pointed out that “as a consumer, I am concerned that business considerations might prevail over my dignity as a human being.”
We also learned about his book focused on keeping children safe online and heard his views on proposed “Do Not Track” federal legislation, among other important issues.
1. Share a bit about your educational and professional background. Specifically, what led to your interest in data privacy?
I practiced law in Spain and joined the data protection unit of the European Commission in 1999 as a civil servant. Since then, except for a brief period where I worked on intellectual property rights, I have been working on data privacy issues for the EU institutions.
2. Describe your work as the Head of Human Resources and Administration at the European Data Protection Supervisor (EDPS) in Brussels, Belgium.
The EDPS, the smallest of the EU institutions, is an independent supervisory body devoted to protecting personal data and privacy and promoting good practices in the EU. The EDPS is a young and dynamic institution, unusual in many aspects to other EU institutions. I joined the EDPS last year as head of a team of nine officials in charge of human resources, finance and administration. Our mission is to ensure the means (human, financial and administrative support) so that the EDPS can achieve its goals.
3. What are the main responsibilities of the European Data Protection Supervisor?
First of all, the EDPS is in charge of the enforcement and supervision of data protection rules in the EU institutions. At the same time, it actively participates in the policy debate around data protection in the EU and cooperates with national data protection authorities to ensure consistent data protection throughout the EU.
4. What brought you to Duke University, and what did you study while there?
In 2007-2008, I took part in the EU Fellowship Programme of the European Commission by which Commission administrators work as visiting scholars in prestigious American universities. I chose Duke University because it was the ideal place to conduct some strategic research for the EU on intellectual property and data protection matters.
5. It was during your time at Duke that you decided to create the first World Data Privacy Day in the United States. What sparked the idea and how did you implement the very first activities that year?
By that time, the Europeans had been celebrating Data Protection Day for some years already and I thought that it was about time for the Americans to join the celebrations. Besides, I thought that spearheading the first Data Privacy Day in North America would be a great outreach opportunity. I would like to pay tribute to the support of Professor Francesca Bignami, who was teaching data privacy at Duke University at the time, Angelos Pangratis, Deputy Head of the Delegation of the EU to the United States (now back in Brussels), and David Hoffman, Security Director and Global Data Privacy Officer at Intel.
6. Describe what the first event was like, and how has it changed since its launch in 2008?
Michael Easley, Governor of North Carolina, declared January 28, 2008, Data Privacy Day in North Carolina, therefore providing political support to our initiative. That day, we hosted an international data protection conference at the Duke Law School with the participation of European and American experts. Peter Hustinx, European Data Protection Supervisor, and Giovanni Buttarelli, Secretary General of the Italian Data Protection Authority then and Assistant Data Protection Supervisor today, chaired the European Delegation. Similar activities took place in other states and in Canada; in later years, more and more people have been joining the celebration. A significant landmark was January 28, 2009, when both U.S. Chambers declared January 28 Data Privacy Day in the United States.
7. Are you still actively involved in the organization as a whole? I understand it’s global now – U.S., Canada, and Europe. At what level are you involved?
Unfortunately, because of my heavy workload in the EDPS, I did not have the time to get very much involved this year and could only spend a couple of hours at the EDPS stand in the Berlaymont building, the headquarters of the European Commission, helping to raise awareness about the Day. Nevertheless, I am looking forward to Data Privacy Day 2012 where I hope to play a more active role. I have been working on data protection for many years now and I continue following local and international developments very closely so I think that I should be able to contribute more substantially in the future.
8. What sort of growth do you see for this event in years to come?
Awareness-raising is paramount for data protection, therefore I forecast a growing importance for this event in the years to come. Data Protection Days are a great opportunity to reach out to the general audience, not only to specialists, and to join forces at national, regional, and international levels, to foster a societal debate around data privacy issues.
9. What concerns you the most about computer and online privacy on a consumer level?
As a consumer, I am concerned that business considerations might prevail over my dignity as a human being. The increasing difficulty of enforcing data protection over the Internet also worries me. If someday, accidentally or by theft, a member of my family (e.g., my kids) lose his or her privacy over the Internet, we might be in serious trouble…
10. You’re a published author, and one of your books focuses on keeping children safe on the Internet. Describe your efforts and interest in this area.
“Lo que hacen tus hijos en Internet” (What your kids are up to on the Internet) (Integral, 2009) is the fruit of some of my research at Duke University on data protection and privacy issues. I decided to focus on youngsters as kids and teens are particularly vulnerable on the Net. The book, which has received very good reviews, is a practical guide for parents to educate their kids about the risks and opportunities of Internet.
11. What is the “Barbara Welbery” award you received in 2005?
The Barbara Wellbery Award is an international data protection prize in memory of Barbara Wellbery, the chief architect and negotiator of then US Safe Harbor privacy agreement with the EU. This Award is granted annually by The Morrison & Foerster Foundation to the best paper submitted which offers pragmatic solutions for the issue of international data transfers between the EU and the United States.
12. What do you think of the proposed Do-Not-Track Registry proposed by the U.S. Congress to prevent corporations from selling advertising based on consumers’ online habits? Is there something similar in Europe?
I think the Do-Not-Track Registry, which was proposed originally by the Federal Trade Commission, is a step in the right direction as it will enable Internet surfers to opt out from receiving behavioral advertising. However, for the Do-Not-Track Registry to work effectively it must become known to Internet surfers and it must be easy to use. The EU has a new legal provision that requires obtaining consent to receive behavioral advertising. It is still uncertain how this will be applied in practice, whether it will mean that opt in consent is necessary or whether a system along the lines of the Do-Not-Track Registry could be considered as offering Internet users the possibility to consent.
13. What is the biggest piece of advice you would offer people about keeping their online privacy protected?
I think that having the right IT tools and software configurations in place is a must. Basic but also very important is the fact that people should change their personal passwords which give access to popular places on the web (Gmail, Facebook, etc.) regularly.