The SWCTN data fellows (including me) started last month, and while everyone starting new projects and positions during the current pandemic will be struggling and rethinking in all sorts of ways, it has created specific challenges for projects thinking about data rights. The pandemic has created a complex and changing landscape for data rights issues. For me, suddenly seeing public discussions crop up spontaneously about information security, tech-enabled democracy and the pros and cons of centralised databases has been a joy. However, it’s also disrupted the clarity I had around the priorities of public engagement in data rights, and so in this post I’m going to run down the main data rights related issues that have become more important in the current crisis.
Data Use by the People
Thinking about data often comes from a place of considering new ways in which the world is becoming digital; requiring new ways for which data is being used and exchanged. Covid-19 has suddenly forced us all into a world where even the tasks that had previously been exclusively administered in “meatspace”, now have to be considered in terms of the digital infrastructure available and questions around the efficiency, sustainability, and security that come with that. Many everyday tasks have suddenly become implicated in discussions around data security as many move to working at home, creating all sorts of conversations for occupations from mental health professionals to politicians trying to sustain democracy through digital means.
As well as questions around security, we’re also faced with questions around sustainability. When the environment is mentioned in the conversation around Covid-19, it is often in celebration of the fact that our carbon emissions may temporarily be solved because there’s no planes in the sky and fewer cars on the road. However, with increased online working and increased demand for online entertainment, there’s suddenly a large strain on our internet service providers creating connectivity problems across the country. Data storage, processing and transfer also uses huge amounts of energy from servers all over the globe, contributing to carbon emissions. In this new digital world we all should have a right to the internet, and the services it provides, but we need to start thinking about our data usage as we rely on it more and more. Keep an eye on content from Corinne Stewart, who’s project is about this.
Data Use by the Government
With the crisis, the UK government has new powers in the form of the emergency coronavirus act. Of course, the pandemic has made it necessary to sacrifice some individual rights and liberties for the good of population as a whole. However, the act alters some of the existing legislation around mass surveillance and data rights, with new government-appointed temporary judicial commissioners who can oversee surveillance activity. While existing data protection law has exceptions around the use of data in the public interest, advocacy groups are calling for this to be done with complete transparency to allow for scrutiny by experts, accountability and trust, and for any new powers to not outlast when they are necessary to assist with the crisis. This call was intensified when it was revealed that government was using anonymous smartphone location data to analyse the adoption of social distancing guidelines, but this was revealed by journalists, and not through voluntary transparency by the Government.
The government have also announced a trial for a contact-tracing app to help inform individuals with the app if they have been near a person later diagnosed with Covid. The app will operate using a centralised database holding data about who has met who. This is instead of a decentralised approach which does ‘proximity matching’ locally on a person’s phone, being adopted by other countries like Germany. The difference between the approach taken by the UK and the other decentralised approach has created a public conversation about why we need to be gathering data in a centralised way, about whether you can truly de-anonymise location data and issues related to “function creep”. Function creep is the use of data for something other than what it was originally collected for. With a centralised database, any data collected (even if de-anonymised) may be susceptible to this, included social graph data (tracking contact) and de-anonymisation issues if combined with existing dataset. At the time of writing, the government still has not produced a data protection impact assessment despite being asked to do so by the Information Commissioner Office and rolling out a full trial. This has created legal challenges asking the government to clarify what data they’re logging that can’t be logged by a decentralised system and explain why they’re logging it and what procedures they have in place to prevent function creep. Government transparency fosters public trust, and trust needs to be present for people to download the app. We know any contact tracing app needs at least 60% up-take to be even slightly useful, so one hopes this will be resolved soon.
Thoughts going forward…
One recurring theme I’ve noticed while mapping current data rights issues is that they are almost always about focusing on the details of implementing some objective, and this is often a fairly uncontroversial objective. We all want the pandemic to be over, and we all want services and lives to go on as normally as possible. Occasionally I think vocalising concerns over the technical details of a proposed solution for a problem, or transparency about the details, can be interpreted as advocating that the problem not be solved. One pertinent example of this is the debate around age-verification technology for adult websites, with some equating criticism of the technology and implications for privacy rights to arguing for no barriers to protect children. Communicating concerns routed in technical details to the public is a real challenge for the communication of data rights issues. It’s important to remember this potential pitfall when communicating concerns about approaches to contact tracing and other uses for data, and so this is what I will try to unpack and perhaps create recommendations for in my next blog post.