Lessons from the road: raising awareness of data protection and privacy in open source projects

Estimated reading time: 2 minutes

In late November I was honoured to be asked to speak at the annual conference of the National Association of Data Protection Officers in London.

My slides are available to view here.

I was the only non-lawyer on the schedule, and also the only one with no employer or backing institution. For once, I did not mind being the edge case.

The audience was full-time salaried data protection professionals, mostly based in central London, and many of whom are also privacy lawyers. As I has suspected it might be, it was a bit of a shock to them to learn about the theory and practice of doing what they do, but on a voluntary and unsupported basis.

I spoke about the unique challenges of bringing a healthy regard for privacy into open source projects, demonstrated a case study, and discussed my own efforts to introduce privacy into project governance and planning structures. I also discussed the down side of the work, including poverty, trolling, and abuse – a discussion which sadly proved prescient rather than retrospective.

I expressed hope that the professional privacy sector could find ways to support open source privacy work, whether that takes the form of practical project support or direct funding of the time and labour of unsupported contributors like me.

The talk continued well into the night in the pub, which was a genuinely delightful gathering of many of us who have been speaking for years on Twitter, but had not met in real life until that day. More of that please.

After the conference, I received this feedback: “It was fascinating. I had no idea of the dynamics of what goes into an open source project and am full of admiration for your passion and determination to get privacy built into websites from the beginning. More power to your elbow.” I was also told I was “inspirational”, which is a look I would gladly trade for a living wage.

But that positive encouragement from the event only reinforced my ongoing observations on how much more support and admiration privacy work garners from outside projects than from within them. That observation, sadly, came true again within a matter of days.

Turning around that lack of respect needs to be a focus for 2019, for the good of all of our projects and those who use them.

The Author

I’m a UK tech policy wonk based in Glasgow. I work for an open web built around international standards of human rights, privacy, accessibility, and freedom of expression. The content and opinions on this site are mine alone and do not reflect the opinions of any current or previous team.