12 December 2023

Co-design for the future

Deepa Nagji
Senior Consultant

elevenM’s Deepa Nagji reflects on the importance of co-design in privacy and its prevalence in discussions at the recent IAPP ANZ Summit.

Co-design will be the critical ingredient for creating better outcomes around privacy and emerging technologies into the future. Co-design is not a new concept, but it’s having a heyday as technology and innovation move faster and faster. With fast change comes faster impacts, with less time available to mitigate if those impacts are negative. In the world of privacy and emerging technology, co-design is coming to the fore as a responsible way to mitigate those negative impacts before they occur.

Co-design has been present in the work of many regulators in recent years and was a strong recurring theme at this year’s IAPP ANZ Summit. The concept of co-design came up in the context of social licence, the difference between ‘law’ and ‘lore’ (ie, socially accepted rules and norms) in design and implementation of privacy for community outcomes, privacy by design and, as noted, in the regulatory space. Women’s rights activist and cyber security professional Manal Al Sharif summed up co-design perfectly by quoting “Nothing about me without me” — the individual should be in the room when a decision is made about them.

How do you safeguard privacy when considering the beast that is AI? Generative AI models must be fed data that you cannot then remove from the model if turns out you didn’t have adequate consent or someone requests deletion of their personal information. Are we equipped to address these issues? The answer — Privacy by Design. AI model safety and risk assessments may fall within the scope of privacy teams who must then work alongside the model creators to imbed privacy by design into AI models. So, by integrating privacy considerations from the outset, co-design helps create solutions that better respect and protect individuals’ privacy rights.

And who should be leading the regulation of AI? This was the big question for the panel in the Closing General Session at the Summit. And while seemingly sitting a different space from that of co-design, the answer still drew heavily on the same concepts. There is a broad agreement that diversity of skills and experience from a range of disciplines are needed to develop, implement and enforce regulatory standards,  and there is a need to empower all current regulators to work together.

Co-design has been very much at the fore in the space of protecting children online, with regulators such as the UK ICO taking the baton in the Age Appropriate Design Principles. This is also an area where the Australian eSafety Commissioner has drawn on the community, particularly in the development of the age verification roadmap. There are several audiences to consider in the successful implementation of children’s privacy protections including 1. Those responsible for bringing the tools to market (accountability); 2. Parents and Educators (support and upskilling to help make decisions that support privacy) and 3. Youth (bringing them into the conversation to help them be responsible digital citizens). A session on this topic agreed that a holistic and global approach with local laws was necessary as this collaboration allows for the identification of potential privacy risks and the implementation of features or safeguards that align with users’ preferences.

Former NSW MP Victor Dominello shared the idea of building a ‘social licence’ for Digital ID, weaving in the idea of co-design and community attitudes. The message to the audience here was that when individuals actively participate in designing products, services, or systems, their perspectives on privacy concerns are more likely to be considered and addressed, and confidence is built.

A range of perspectives are required for change and harnessing diversity through co-design, privacy by design, a holistic approach — however you name it — can only improve our productivity and may ultimately be the path to protecting individual’s privacy.

Read our other blogs from the IAPP ANZ Summit

Contact us

If you’re interested in learning more about how to take a proactive approach to privacy, contact us at hello@elevenM.com.au or on 1300 003 922.