Europe is known for having the toughest data protection regulations in the world, and there are ongoing discussions about how GDPR is hampering innovation in the private sector. But what about the public sector? Do the tough regulations that, very simply put, state that every individual is the owner of their data, regardless of who and where stores it, hinder public sector innovation? Does handling personal data carefully jeopardise how we deliver services, and how effectively can a state help its residents?
A couple of years ago, I would have agreed with this statement. Being a caseworker, I often felt stuck because I had no knowledge of whether there were other social workers involved with the case (like unemployment fund, local municipality, youth case worker etc). Working in silos means that caseworkers and social workers might sound like a broken record – people constantly being offered the same type of services they have already refused or used.
One important thing to consider in the Estonian context is that Estonia is a small state in every sense of the way. Once you leave our capital Tallinn, the rest of the centres are often equal to villages in bigger countries. This means staying anonymous while seeking help can get tricky. For people to have to be in close contact with social workers outside of their working hours is a deal breaker and, in some cases, even demeaning. Hence, this type of information sharing without consent might end up meaning that people will refuse the help all together. Our tough data-sharing regulations might be the reason why people feel willing to, in some cases, even get help. If there are no people using public services, then there is no way to talk about innovative services. How will we know how innovative they are if people refuse to use them?
The trust issue
Mistrust is something I have to tackle often in my work. “How do you trust your government so much?” or “Aren’t you scared of Big Brother?” One of those reasons is the strict regulations and transparency measures that people in Estonia enjoy using online services. While building up our democratic country, certain transparency and privacy regulations were required to provide trust in the first place. So in many ways, we were GDPR compliant before GDPR was even implemented in the EU. Yet, too often, people forget to ask how their data is handled by the private sector. We are not paying a monthly subscription fee to use Facebook. Still, we give away something even more valuable that is used to generate billions in profit – our personal data. Since personal data holds such a value, an understanding has to grow that consumer preference is nowadays not only shown with money, but in the online world, we should also put our data next to our values.
Luckily, our understanding of personal data’s value is increasing, and people are becoming smarter customers. This means that demand for privacy-enhancing technologies is growing, and for once, the public sector in some countries and cooperating companies might have the upper hand with them.
When it became necessary for us to start tracing people during the pandemic, then two primary contact-tracing apps were invented – centralised and decentralised. The one being used in Estonia (hint: it is the decentralised one) and in other European countries allowed us to notify people in close contact without possibly abusing their personal data for something it was not intended for. Here you can read more about tracing apps and the centralised and decentralised approaches implemented in different countries.
Hence, those tough measures that guard people’s privacy so carefully allow people to have the needed trust to use public sector services. If people are reluctant to use them, then no innovation will make a difference. The second thing to remember is not being able to take the easy way out. Thinking about providing services while keeping privacy in mind might lead us to an innovative solution not thought of before.