JOIN USPrivacy & pandemics: Building systems of trust
Undisputedly, technology and data-driven tools are playing an indispensable role during this global emergency. Data analytics and AI are being deployed to prevent transmission of the novel coronavirus. When done on a large scale, these could serve as powerful instruments for health authorities to track coronavirus. A regulatory framework and privacy guardrails would further make these tools effective.
What has particularly stood out, from a technological point of view, are contract-tracing apps that tell people when they have been in close contact with anyone confirmed infected.
We need technology as part of emergency measures; however, a balanced regulatory framework guiding the deployments of data-driven solutions is equally essential. The right approach lies in finding a balanced middle ground that does not ignore the application of essential privacy principles.
The architecture of trust
Within our digital ecosystem, concepts such as privacy, transparency and data protection entail citizen and user trust. Central to the idea of good governance is public trust – and that trust depends on transparency and upholding human rights.
This segues perfectly to our case in point: The importance of building institutions and systems of trust. If disproportionate and indefinite restrictions are put in place, the adverse effects will extend far beyond the outbreak, leading to loss of confidence. So how exactly do we build these systems of trust?
Technology projects based on open standards promote democratic values, one based on community, collaboration, and transparency. Open-sourced solutions instill unfaltering trust and allow for auditing of data flows. Sharing information and working collaboratively across the internet allows public participation and ensures public trust and privacy are always maintained.
At the same time, rigorous encryption standards are an imperative. One such way is to use homomorphic encryption. Homomorphic encryption is a method that allows analysis and computations on encrypted ciphertexts generating an encrypted result, which, when decrypted, matches the result of the operations as if they had been performed on the plaintext. This eliminates the need for decrypting the data and exposing it to a host of cyberattacks and data misuse. That means, even if the data is sent to centralised servers, it will keep sensitive information such as location data and symptom results cryptographically secure.
There are also instances where datasets cannot be fully anonymised and remain useful at the same time. This is where the concept of differential privacy comes in. Differentially private database mechanisms make confidential data widely available for accurate data analysis, without resorting to data clean rooms, data usage agreements, data protection plans, or restricted views. It is essential that the implementation of systems uses differential privacy, which obscures individuals’ data to a certain extent.
Furthermore, any actions or laws that come into existence to tackle this pandemic should ideally have clearly-defined sunset clauses. A sunset clause is a provision within a statute, regulation or other law that provides that the law shall cease to be in effect after a specific date unless further legislative intervention is taken to extend the law. Data retention limitations and sunset clauses give users the peace of mind of knowing that their digital footprints are eventually going to go away.
Wherever personal data is collected, there must be stringent policies ensuring that, whenever possible, users have given their explicit consent. Minimise any data sharing and, in case of anonymisation, ensure that no effort is made to re-identify it. If there is a system in place that obtains any data, it must disclose fully-transparent information about the data’s scope, and source, and how it is getting processed. This involves drafting comprehensive and clearly defined privacy policies.
We often believe that technology will inevitably erode privacy. However, what we fail to realise is that it is ultimately humans, and not technology, who design and build these intricate and complex systems deployed at scale and adopted by people living in every remote corner of the world to make life better.
The principles of fundamental rights – legality, necessity, and proportionality – are among the core principles deeply rooted in our laws and statutes. They are always relevant, including, and perhaps especially, in emergencies.
(Madhav Sharma is a tech policy enthusiast. He is a Young Professional with NITI Aayog)
Disclaimer: The views expressed above are the author’s own. They do not necessarily reflect the views of DH.