Digital identity, smart cities and other data intensive systems: The implications for the right to privacy

28 Mar 2018 02:00h

Event report

The event was hosted by Privacy International and the Association for Progressive Communications, with the support of the Privacy in the Digital Age Core Group (Austria, Brazil, Germany, Liechtenstein, and Mexico) to discuss data intensive systems and their implications for the right to privacy. The massive rise in the use of data is at the core of governments’ initiatives and policy implementations. Furthermore, governments need to recognise the role of the private sector for encouraging, enabling and sustaining their efforts.

The event was built around the 2017 Human Rights resolution on the rights to privacy in the digital age, and on the role of big data, open data and human rights, as stressed by the UN special rapporteur on the right to privacy at the opening of the UN General Assembly this year, and the presentation of the final report.

The event was moderated by Ms Deborah Brown, Association for Progressive Communications, and started with an introductory statement by Amb. Antje Leendertse, permanent representative of Germany to the UN, underling the evolutions and achievements of the right to privacy on the international scene since 2013, and recalling the importance of working closely with civil society both in Geneva and New York.

Amb. Maria Nazareth Farani Azevêdo, permanent representative of Brazil to the UN, followed bystating that it is the duty of the Digital Age Core Group to address the privacy issue in a comprehensive human rights framework. She argued that the right to privacy is strictly related to other human rights and it can affect them as well. She opened the panellist discussion by asking: how is it possible to protect human rights in the digital age to impact the future of our society?

Ms Malavika Jayaram, executive director of Digital Asia Hub, opened the panel discussion with an insightful overview of the developing situation in India with their biometric ID system. She highlighted privacy issues related to the collection of data by the Indian national identity system, Aadhaar, as well as the Indian Supreme Court’s statement: the right to the body is not an absolute one. Jayaram argued that technology can empower and exclude at the same time, and said that the following practical examples: data collected about DNA, vein mapping, and iris scans among others, may have implications on immigration, employment, welfare and benefits, but most importantly, this data could be used in the same way as was done for criminals in the past. Furthermore, data is collected in a centralised database, vulnerable to attacks and infiltrations.

Four main points were then raised after the framing of the issue:

  • India is facing a divide in digital literature. Part of its population does not even understand these tools, how they work, or their implications.

  • There is a growing unhealthy alliance between the government and the private sector, which is mainly responsible for the collection of data. Thus, ordinary people are the most vulnerable in the chain.

  • The data collected is extremely sensitive and cannot be changed, as is the case with passwords and credentials.

Finally, the panellist stated that the biometric ID system affects the weakest: people do not get access to hospitals or food because of their records, thus their right to life is threatened.

The second panellist was Mr Francisco Vera, Privacy International, who argued about the relationship between the state and its citizens in the context of smart cities. The question he tried to address was: how are decisions made, and what values are put in these decisions?

What tech companies are pushing for is the concept of improving people’s lives and the ability of governments to deliver better services. However, this must be created by the constant implementation of major mechanisms for data collection.

Following the outcomes of the report on smart cities, the panellist raised the following issues that could threaten human rights and safety:

  • The use of devices such as drones and cameras can trace what a person does instead of monitoring the city. This would have a direct impact on individuals’ human rights.

  • Data collected is owned by private companies that can use the data for other purposes than the those agreed to.

  • There is a hidden but reliable issue of social segregation with the use of such tools.

  • Finally, there is the exclusion of all the people that do not have access to technology or who are not literate.

Since it is becoming more and more a marketing issue, it has been suggested that governments should try to minimise the collection of data, balancing the city policing and surveillance needs, while respecting rights of all the stakeholders involved.

Mr Jam Jacob, legal and policy adviser at the Foundation for Media Alternatives, shared his insight from the current situation in the Philippines. The government pushed for a proposal for the implementation of SIM card registration systems. The collection of this data includes personal identity information regarded as sensitive. Furthermore, despite few citations on the restriction of the use of such data by private companies, limitations are not clear with regards to the government’s ability to use this data for its own purposes. This raises the following issues:

  • An inevitable marginalisation of all people who do not have access to, or can afford this technology, meaning that they cannot communicate through these means.

  • Registration systems erode individual fundamental rights.

From a civil society perspective, Jacob proposed a trade-off in two points. First, the government should provide a proper forum to discuss the issues. Second, if the issue is addressed, it has to comply with international data protection standards.

Mr Juan Diego Castañeda, lawyer and researcher for Fundación Karisma, argued about surveillance and privacy issues in Colombia. He recalled two data policies framed in the context of development and e-government implementation strategies: the Data Protection Policy and the Digital Citizens Services. The second one, in particular, is articulated around four main areas:

  • Identification;

  • Interoperability between the public and private sphere;

  • Implementation of services provided by the government;

  • A public dropbox in which citizens can share their documents.

It must be noted that the role of the private sector in this framework is more than complementary: despite its regulator role being shifted to the government, the parties in charge of such systems functioning are private entities. The Colombian approach can be understood under the premises of state modernisation and exploitation policy: data is given to the state to be the core of the services provided. However, a few issues must be considered:

  • There is a distinction between citizens and users: when you have direct relations with the government you are a citizen. But in the Digital Citizens Services, people lose some legal guarantees for the rights.

  • The is a changing economic asset because of the involvement of the private sector in providing the services.

  • There is an institutional and public lack of contextualised discussion. When private actors start to manage this data, they lose the public background. This is related to the lack of participation, because the sector that could provide expertise, does not have a voice in the discussion.

Mr Joseph Cannataci, the UN special rapporteur on the right to privacy, concluded the panel by addressing the issues raised by providing his expertise and field experience. He stated that ‘We are walking into a surveillance society’. Following the discussion on SIM card registration, he recalled the achievements in the protection of privacy in the European Union.

On medical records, he argued against an open and big data framework and mentioned the unsuccessful experience of Australia in sharing 10% of its citizens’ medical data, whose anonymity was soon unmasked. Finally, he recalled the growing discussion on phenomena such as data extractivism, data carving and Google urbanism, as well as reflecting on the business models behind smart cities. He also recalled the European General Data Protection Regulation becoming obsolete because of the data it norms: big data, in his opinion, is the end of specific purposes all the norms are about.

He then opened the floor for comments or consideration with a provocative question: ‘Is this the kind of world we want to live in?’.

Final comments underlined the nature of technology that improves our lives while posing important challenges to human rights in the digital age. A representative from Sweden stressed the struggle that humanitarian operations face in understanding and respecting the extent of people’s rights in the collection of data in immigration issues. In addition, Jayaram mentioned the use of biometric data by the UN for developing banking programmes while stating the two generally agreed perspectives: first, it does not count who owns the data but who controls it; and second, data is not the new oil, but the new challenging environment. Finally, Cannataci underlined the links between privacy, autonomy and data protection.