The core fair information practice principles came directly from “Privacy and Freedom” published in 1967. “Privacy and Freedom” was written prior to the publication of the paper in 1970 that described relational databases. When “Privacy and Freedom” was published autonomy and fair processing could be seen as one in he same. Data was collected from individuals for discreate purposes, and individuals provided their consent for those purposes. Fair processing beyond consent was covered by consumer protection legislation with privacy imp0lications. The best example is the 1970 Fair Credit Reporting Act. A consumer economy required a system of personal data that all credit active people needed to participate in. We have a legacy of this fair processing legislation including Drivers Privacy Protection Act and Video Privacy Act.
Our current observational world that drives the analytics that make IoT and AI work has accelerated the need for fair processing guidance beyond special circumstances to the norm. Can one expect individuals to govern the data driven world with their informed consents, the means for autonomy? The recent International Conference of Data Protection and Privacy Commissioners placed the emphasis on ethics as the driver for fair processing. Increasingly, the concept of permission where consent isn’t effective is pushed through legal provisions such as legitimate interests and legitimate processing. Recent guidance rom the Hong Kong China Privacy Commissioner for Personal Data has guiderails for processing beyond common understanding.
The IDEAL bill attempts to fill the gap between where consent is effective versus fair processing beyond common understanding in the section 4 discussion of consistent uses. The legislation would link consistency to original specified uses. Instead, should it be linked to processing within the context of the processing to the interests of individuals and individuals as a group. I am concerned that IDEAL bill would lead to notice inflation to create the means for consistency, rather than a clear means to determine that a use is within the context that would establish that processing is fair.