Explained: Data coalitions and citizen privacy
By Sean Nolan
Interview with KK Lim, Head of Cybersecurity, Privacy and Data Protection at law firm Harry Elias Partnership.
This is just one example of how people from across the globe are trying to regain control over their data. Forming data coalitions has been one method for groups to protect the data that they produce. All while governments still struggle to communicate with citizens about data.
KK Lim, Head of Cybersecurity, Privacy and Data Protection at law firm Harry Elias Partnership shares his take on how feasible data coalitions are and his advice for managing privacy.
Data coalitions: what are they?
A data coalition is an organisation set up to protect its members’ data. It acts as “collective bargaining agents on behalf of members’ interests” in order to better secure protections or more transparency regarding data, explains Noema magazine.
One example is American’s Agricultural Data Coalition (ADC), which was created by agricultural industries and organisations, alongside universities. It aims to protect the data created by the technologies used in modern farming.
“Farmers have concerns about transparency and distribution of their data, they are not always clear on who will benefit from the use of their data”, states the ADC website. Farmers feared that data shared for research purposes could be used for other reasons, they explain.
Could data coalitions solve privacy issues?
Lim questions how popular these data coalitions will become, and presents two challenges. First, every coalition must justify how it will operate and how financially viable it is. They also need to be audited by a reliable and independent authority, “because data is money”, he says.
Neutrality and the physical location of data storage is the second issue that data coalitions will need to manage, explains Lim. Setting up a data server in a particular country means that data is vulnerable to that country’s perceived ability to access the data. For instance, data stored in the US would be accessible by the government under its security's regulation, he highlights.
This is, however, balanced by both the perceived and actual protection that the country provides, he adds.
Nations such as Singapore already play the role of a neutral body which organisations can trust with their data, he says. Its reputation as a “major financial hub” has led Asian corporations such as Alibaba and Tencent to place their data centers here, Lim explains. When it comes to data coalitions, “it's a good concept to have ethically, but to implement, it's not so straightforward”, he concludes.
How can governments communicate better about data?
Many countries that have dealt well with Covid-19, such as New Zealand and the Nordic countries, have highly trusting populations, wrote The Economist. Trust is essential to help governments battle wide scale crises. Lim lays out three steps that governments can take to gain this trust.
The government must firstly state clear intent as to what citizens’ data will be used for. By being upfront with citizens about the purpose of data collection, generally people are happy to give data, Lim says.
He also suggests using explanatory rather than forceful language. Singapore justified its collection of contact-tracing data by explaining the national health crisis presented by Covid-19. By doing so, citizens willingly shared this “intrusive” data for the national good, Lim states.
Legislation is the final suggestion Lim proposes for governments to gain more trust with their citizens. Laying out the rules and details surrounding the government’s data collection are critical to assure citizens, he says.
Data protection or data privacy, which is it?
Governments deal with two major issues surrounding data: protection and privacy. Despite sounding similar, the two are very different forms of data management.
The concept of data privacy “stems from a human rights perspective”. It is concerned about data “not being revealed, not being shared'', Lim states. European nations are generally more inclined towards data privacy, having dealt historically with such data leading to discrimination, he explains.
Data protection is more concerned with preventing the misuse of data. Take a supermarket for example. Most people would be happy with a supermarket using customer data to be used for the betterment of the store’s services.
If this data is used for another purpose, sold to another company, or leaked, this is when data protection steps in. Singapore’s Personal Data Protection Act 2020 is a ”good balance” of people sharing their data with businesses and the protection of it from misuse, Lim states.
The emergence of data coalitions is evidence that users are becoming more concerned with how their data is being managed. Governments, who act as data custodians, should ensure transparency in their intentions in order to manage these tensions.
Image by _Bunn_ - CCBY-NC-ND 2.0.