Data Privacy Day: Trends in privacy and technology
Happy Data Privacy Day!
Celebrated internationally, Data Privacy Day is a day for raising awareness about the importance of respecting privacy, safeguarding data and enabling trust. To mark Data Privacy Day, we’re putting the spotlight on some existing and emerging uses of technology in the public sector that we can expect will be important in 2018, and taking a look at how they affect our privacy.
Artificial Intelligence (AI)
AI is not simply defined. Generally speaking it is used as an umbrella term to describe a range of techniques and technologies that enable machines, programs and agents to perform tasks considered to be ‘intelligent’. Such tasks can include visual and audio perception, learning, reasoning, pattern recognition and decision-making. AI applications have the potential to be immensely useful in service delivery. Today, the use of chat-bots to provide customer service and advice to individuals is an example of AI usage in the public sector. You may have already come across one of these chat bots, Alex, the Australian Taxation Office’s web-assistant.
New forms of analysis by AI can reveal previously obscured aspects of people’s lives, for better or for worse. Further, the ability of AI to make sense of enormous amounts of data, in a very short period of time, challenges traditional notions of privacy, including collection minimisation and use limitation. Closely related to the privacy considerations of AI are broader ethical questions regarding the transparency and accountability of AI systems and decision-making processes. Our office hosted a public forum on AI and Privacy in August 2017 that looked at these interesting issues in more detail, which you can watch online here.
Encryption refers to the process of encoding information in such a way that only those with the key to decode it, can see the information. In general, encryption is used to store and transport data, and when an authorised person wants to do something with that data it needs to be decrypted first. Decryption can leave data vulnerable to security threats and privacy breaches. Homomorphic encryption is a subcategory of encryption that allows computations to be performed on encrypted data, without having to decrypt it first. While still in its infancy, homomorphic encryption is a potential solution – it could allow actions to be performed on data that is encrypted, without having to decrypt it and open it up to security threats.
Encryption interacts with information privacy in many ways; from keeping personal communications private, to securing government information, and enabling datasets to be released to third parties whilst concealing sensitive data. In the past, we have seen significant privacy breaches occur where inadequate encryption was used. Encryption is an important tool for keeping information confidential, and to help ensure that access is limited to those with authority. Homomorphic encryption in particular is an area that will attract further attention in 2018 as it develops, especially in relation to cloud computing.
In the public sector, the use of biometrics is expected to continue to increase in the context of national security, law enforcement, and more generally with online government services that require identity verification, or access to restricted areas or databases. ‘Biometrics’ can be defined as the “automated recognition of individuals based on their biological and behavioural characteristics.” Biometric characteristics can be used for the purpose of biometric recognition through their distinguishing features, and can include our unique fingerprints, iris print, hand, face, voice, gait or signature.
Unlike much of our personal information, such as our address, phone number, and location, biometric characteristics cannot be changed. Because these characteristics are particularly personal and unique, the privacy implications can be serious in the case of their compromise. On the other hand though, biometrics can, in some cases, actually be privacy-enhancing, by verifying identity and facilitating access controls. The privacy impacts of biometric systems are dependent on how and when such technology is used, how secure the systems that store this information are, and how organisations respond to vulnerability.
Blockchain (distributed ledger technology) is a public ledger or database, that is publicly shared and verified. Information on the ledger is encrypted and can assist to maintain the integrity of stored information in databases. It operates via decentralised, collective verification of data, resulting in a record that it very difficult to tamper with. In the context of the public sector, the use of blockchain could ensure the integrity of government registries and records management.
Protecting private data stored on the blockchain is contingent on how effective security controls (such as encryption) are. While the use of distributed ledgers will probably ensure greater integrity in the storage of data, it does not guarantee the reliability of information entered in the first instance.
The rapid uptake of various technologies in the public sector presents fantastic opportunities for service delivery, data analytics and policy making, amongst others. It is important to continue to balance the use of technology in the public sector with robust privacy and data security protections, to ensure that technological change does not come at the expenses of individuals’ privacy.
This article was co-written by Amelia Eddy, Intern; Emily Arians, Policy Analyst; and Samantha Floreani, Policy Analyst, Office of the Victorian Information Commissioner. The views expressed in this post are the authors’ own and do not necessarily reflect the views of OVIC.