CNIL - Inria Award
Privacy protection: the CNIL - Inria European Privacy Award changes the game
The 4th edition of the CNIL-Inria European Privacy Award was launched at the end of May, and computer science researchers have until 6 September to submit their best papers on personal data and privacy protection. The aim: to raise awareness among the scientific community, but also in society and the world of politics on an issue that concerns them directly. We met with the two co-chairs of the competition jury, Nataliia Bielova (Inria) and François Pellegrini (CNIL).
" The more researchers develop effective protection systems, the greater our ability to enforce the law will be ".
François Pellegrini, co-chair of the CNIL-Inria European Privacy Award
Do you think privacy protection has become a subject for computer science researchers in its own right?
Nataliia Bielova: Yes, because privacy is at the intersection of big societal and legal issues and technologies: cybersecurity, data processing, software development, interfaces, machine learning, etc. It is a vast scientific field and there are a large number of teams working on it, especially in Europe. In secondary schools, there is no privacy protection yet. However, teachers are taking an interest in the field and they are raising their level of competence.
François Pellegrini: I can't say that the amount of research is increasing. On the other hand, it is certain that the topic is being sustained by growing media coverage and a strong legal framework, the GDPR*. In addition, it's not just theoretical - this is a real practical issue that involves science, regulations and ethical questions. Certainly a context is mobilising people. Biometrics, for example, raises questions about data acquisition technologies, data retention times, the rules on access to data and their use, etc.
* GDPR stands for General Data Protection Regulation
Has the entry into force of the GDPR altered things for researchers and States?
NB: It is a historic step that is transforming the entire ecosystem. Because it requires that existing tools be brought into compliance and that compliance be demonstrated, the GDPR has created a huge demand that public and private research, in Europe and beyond, will be drawn in to fill. This regulation has raised the bar quite high, and companies have a lot to do to meet the GDPR requirements. On the other hand, there are still some grey areas, violations that are difficult to prove: it's fertile ground for further research.
FP: In the beginning, the GDPR led to protests from companies, which claimed it would kill their businesses. The same arguments were used when the first environmental laws came in. In reality, the GDPR has been a wake-up call and has released a wave of energy. In two years, it has become a worldwide trend. TheUSA, for example, is considering a similar federal law. As for researchers, they have an objective interest in innovating in this context.
As co-chairs of the competition jury, what do you think is the significance of this CNIL-Inria Award?
NB: It shows that when it comes to security and privacy protection, it is possible to conduct research on a very wide variety of subjects. For example, the first three editions rewarded articles on proof of identity, privacy protection integrated from the design of the software ( “privacy by design”)and a technique for tracking web users, “browser fingerprinting”.
Another consideration is that public research has the legitimacy to award a prize like this. Private interests do not influence it and it can reveal what is often hidden.
FP: I don't know of any equivalent in the awards world, that is, a prize awarded by a regulatory authority. The CNIL wishes to reward things it sees as relevant, to encourage vocations and recognise the importance of this field of science, so that in the end people can have technical solutions that respect the law and therefore their rights and freedoms.
The competition rules specify that the work presented must be accessible to non-scientists. Why was this criterion included?
NB: Researchers are free to choose whether to make their work accessible to general public or not. But we want to encourage them to raise the public's awareness about privacy issues and to change the attitude of the public. In an ideal world, computer systems would be intrinsically protective. Users would not even have to configure their own preferred privacy settings. In real life, they are lost in a maze of choices they do not master or they become victims of attention distraction techniques ("dark patterns") that lead them to believe they are protected while they are not.
FP: This is a societal issue that concerns us all, but about which most people know very little. The more we highlight innovative solutions that are easy to understand, the more we reveal the underlying security problems.
Can researchers change public policy and regulations?
NB: In the United States, there has been a prize called Privacy Papers for Policymakers for ten years that expressly addresses this issue. Personally, I was struck by a reflection made by some MEPs to whom I was presenting certain web tacking techniques a couple of years ago: "We should listen to researchers more often." I am convinced that we can be game changers.
FP: The more researchers develop effective protection systems, the greater our ability to enforce the law will be, by making sure there is no place for less protective systems any more.
These articles could interest you:
En savoir plus
Prix CNIL - Inria website
Nataliia Bielova is a researcher at Inria Sophia Antipolis. She is a member of the Indes team that develops new programming languages with strong security guarantees for so-called "diffuse" applications, which are the result of a convergence between information networks and computers. She is highly involved in work on privacy protection issues, which she addresses from a computer science and legal angle. Her research subjects include the detection of new tracking technologies on the web, web browser security, the GDPR and the future ePrivacy regulations. She was an expert at a hearing of experts held by MEPs in June 2017.
François Pellegrini is a computer science professor at the University of Bordeaux, where he also teaches digital rights. He is also a researcher at the LaBRI (Bordeaux Computer Science Research Laboratory) and at Inria. His work focuses on high-performance computing and parallelism. He also studies the societal issues connected to information technologies, which means that he is involved in many studies covering digital technology and society. He has held a seat as a qualified person at the CNIL since 2014, and he was re-appointed for a second five-year term in 2019. He is in charge of the e-commerce, cybersecurity and European coordination sectors.