I was prompted to write this post, which had been rolling around the back of my head for quite some time, by this series of tweets by Simon McGarr. Do read them all.
We're so extraordinarily reliant on @ElaineEdwardsIT to cover this data beat for news because there's an understanding gap in other media.
— Simon McGarr (@Tupp_Ed) August 26, 2017
Privacy and data protection is not a dry legal issue, nor an incomprehensible technical thing best left to boffins. Data protection at its heart is about individuals and their agency and dignity. Each row of personal information in a database represents an individual. Data is people.
On the other side of this equation, information repositories are power, and reporting and explaining who controls access to and distribution of that information is vital journalism. This was apparent in the Maurice McCabe scandal which brought Enda Kenny’s time as Taoiseach to an end earlier this year.
Despite this there is a lack of comprehension, or at least a significant underappreciation in most areas of the Irish media of the implications and ramifications of the careless, thoughtless and arrogant attitudes displayed by multiple state bodies to personal data. The latest chapter in this ongoing story delivered a new low this week with the bizarre spectacle of a senior government minister claiming that something which was mandatory was not compulsory. A cabinet colleague of hers insisted as recently as this March that the same thing was not mandatory and there were no plans to make it mandatory. Yesterday it came to light that one of the departments he is responsible for certainly had plans to make it mandatory. So it was going to be made mandatory, then it wasn’t and never would be mandatory, and now it is mandatory but not compulsory. Clear?
Last month we discovered the national statistics authority has spent almost a decade trying to compel mobile network operators to give it precise location data of visitors to the country, information which would allow these visitors’ movements to be tracked in minute detail. The justification offered for this massively intrusive surveillance operation was something vague about tourism.
For editors who have not fully realised that these stories about what may seem like abstractions removed from the real world are anything but, a similar story of government incompetence, ineptness and indifference towards the personal data of its citizens has so far led to two ministers and the director general of a state body losing their jobs in Sweden.
It’s hard to believe that a government could be threatened with collapse because of the way it dealt with driving licences. But that is what has been happening in Sweden in the last week, and the story shows just how vulnerable and delicate the integrity of personal identity is once everything about everyone is recorded in a database somewhere. The story started in the recesses of the bureaucratic state: the transport agency, a branch of the civil service which has to keep records of every car, boat and aeroplane in the country.
The political consequences will only increase as new European data protection laws are introduced next year. In what must have seemed like an appealing, innovative and cost-saving wheeze – and one which perhaps betrays an awareness within the highest echelons of the civil service of severe ongoing failings in data protection and the likelihood of punitive sanctions being applied routinely – state bodies are currently in the process of trying to exempt themselves from fines under these new laws. This approach is opposed by both the Data Protection Commissioner and data protection experts, many of whom argue this will not lead to any change in behaviour and possibly expose the State to greater liability in the long term.
In the private sector Ireland Inc. plays host to Google / Alphabet ($644bn), Facebook ($483bn), Microsoft / LinkedIn ($563bn), Amazon ($454bn) and Apple ($825bn), currently the five largest companies in the world by market capitalisation. If you’re minded to add up the figures in brackets there, these five companies are presently worth around $2.966 trillion. These companies would not have achieved this scale without their ability to acquire, mine and process the tiniest of details about individuals everywhere.
When it comes to significant commercial decisions such as where to locate offices, jobs and data centres, the data oligopolists are just as interested in the laws and environment around data protection and privacy as the ones relating to tax.
Given extraordinary access to the Taoiseach, Ms Sandberg lobbied Enda Kenny personally at meetings in Davos and California, and in subsequent correspondence, trying to influence his appointment of a successor to Billy Hawkes, who was due to retire from the role of Data Protection Commissioner.
Undoubtedly the presence of these companies is a net benefit to the Irish economy but a negative consequence of this may be an unwillingness to examine some aspects of their operations too closely. Several of them are headquartered here for data protection purposes, which means that Ireland’s relatively small and undoubtedly seriously overstretched Data Protection Commissioner’s office is responsible for regulating the way they treat the data of hundreds of millions of individuals.
Which brings us to the rapid recent growth of interactions between vast technology companies and the personal data of citizens which public bodies have been entrusted with.
A Google subsidiary was last month judged to have breached data protection law in acquiring the health records of 1.6 million patients from an NHS hospital. In Italy IBM has apparently struck a deal with the Italian government in which “IBM will receive the medical records of 61 million Italians in what seems to be their entirety” in return for a €150 million infrastructure investment. In Ireland the HSE continues building its own problematic identity register with unspecified help from technology multinationals.
A wise editor should realise this is an essential and rapidly expanding area which is currently hugely under-reported. This is presumably as it is a subject which doesn’t seem to fit neatly into the traditional journalistic topic silos and occupies an ill-defined space between the business pages, technology reporting, legislative process coverage and even court proceedings.
As each of us now generates a rapidly expanding amount of data daily, all of which is captured and examined, processed and repackaged, bought and sold, reformulated and reassembled into incomplete digital identities, there is more than just a compelling argument for more reporting of this area, there is an obvious urgent need for it.
[Image credit: Jonathan Simcoe on Unsplash]