Governments are faced by a choice between data surveillance or data democratization
The Covid-19 epidemic is threatening not just our health systems but the entire world economy. Strong and immediate measures are needed to limit contagion, save the highest number of human lives and limit the economic consequences, but every decision that our Institutions will take in this time of emergency will inevitably affect our future. Therefore it is necessary to immediately identify the impact that current choices will have on citizens and nations’ future.
Why do we need a massive use of citizens’ personal data?
The need of limiting infection through restrictive behavior rules has proven that availability of real-time citizens’ personal data is fundamental. The availability of ‘Big Data’ streaming from connected things, such as smartphones or wearables, provides real time visibility over the status of a phenomenon and the possibility to predict its changes in the short term, thus supporting timely and informed decisions.
How to get this data? What are the technical and legal implications?
Governments are currently researching and evaluating different technical solutions for the collection and analysis of personal data – such as vital parameters, location, etc. – where there seems to be the need of choosing between protecting either people safety or their human rights, such as data privacy.
The ready availability of data collections solutions with arguable privacy protection, poses the question of why Institutions have not been able to keep up with technological innovation, not only by promptly identifying the new de-facto monopolies, but by drawing up technical & legal development guidelines consistent with human rights principles.
An efficient solution that declares the Telecoms and Big Techs monopoly
The most readily available solution, but also the most worrying, is to access the data that Telecoms and Big Techs daily collect about us, in a manner not necessarily compliant with data privacy laws and free market competition rules, and which they use to track, study and predict our behavior. This solution would have the lowest costs and risks from a technical viewpoint, but it would bring to the fore the dynamics of a surveillance capitalism that for years has not met with any opposition from Institutions.
How do Telecoms and Big Techs collect our data?
Probably many do not know that “SIM” stands for “Subscriber Identity Module”; in fact a SIM is paired with the ID data that we provide when we subscribe a Telecom contract. And as SIMs are tracked by radio based stations, the widespread legacy cellular telephony infrastructure, Telecoms have your named location data.
Additionally your smartphone has both a GPS and a unique ID visible to the software provider, thus enabling Tech Corporations and Telecoms to connect all the different types of information related to you. This means that they know everything you do, as soon as you do it, and they can even predict what you will do next.
The hidden risks of solutions only apparently compliant with Privacy Laws
Companies, universities, institutions have developed many data collection applications in response to the emergency; however, they present two types of risk:
– Lack of interoperability between data and systems. These applications typically collect data in a system controlled by the application’s vendor. Data collected in different vendors’ systems will not necessarily be immediately available for cross-analysis carried out by third-party applications.
– Inability to manage privacy as intended by the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which establish that citizens must have full control over who accesses their personal data. Data collected by each vendor would be controlled only by the vendor himself; this means that he could choose which third parties will access it and for what purposes, without the possibility for the citizen to have either visibility or control over her data.
The crisis as an opportunity for a new Data Economy
If this emergency will be faced with sub-optimal choices – even though these will be temporary – it is necessary to start as soon as possible with the definition of a global regulatory framework combining technological, legal and social economic aspects.
In times of significant changes like the current one, authorities must analyze existing laws and decide how to manage the new reality, with the aim of promoting the development of new markets while avoiding both the risk of stifling newborn businesses and leaving open gaps for new monopolies.
A technical & legal framework for collecting and sharing personal data
It is necessary to immediately open discussions that must involve institutions and technologists for the definition of a new technical & legal framework for the collection and use of personal data which comes with:
– Data streams interoperability, thanks to a broker-centric architecture based on standard and open source communication protocols. It is a software architecture that has been widely used for decades, which allows to use the same data stream simultaneously for multiple applications. This technical infrastructure should be under institutional control.
– Data ownership and privacy, in compliance with the GDPR and the CCPA. Citizens must be in control, with the ability to grant and revoke access to their data to chosen stakeholders at any time and unilaterally.
Such a framework would allow the creation of a fair system for data collection and sharing, laying the foundations of a new, decentralized and distributed data economy.
For sharing your comments and thoughts with us write at firstname.lastname@example.org