Checks and balances of data privacy within mass surveillance

Event report

The session, moderated by Ms Flávia Lefèvre Guimarães (Intervozes, Brazil), dealt with risks to privacy, data collection, and mass surveillance, especially during the COVID-19 pandemic.

The first part of the session explored the question of how to best utilise data without harming fundamental rights, such as the right to privacy. Mr Carlos Affonso de Souza (Professor, State University of Rio De Janeiro; Director, Institute for Technology & Society) mentioned the importance of creating a balance between data protection and the interests of private and public sectors by referring to the Brazilian GDPR. He highlighted three aspects regarding the Brazilian GDPR: the new laws should be applied to the private and public sector; there is a potential danger of politicising data collection; and there might be attempts by the government to shield itself from demands to allow access to information.

Ms Chenai Chair (Research Manager, Gender and Digital Rights, World Wide Web Foundation) raised the issue of how to make sure that COVID-19 collected information will not violate people’s privacy in Africa. She highlighted several ideas: adjusting privacy laws to the current situation; applying monitoring measures to make sure governments operate in a transparent and accountable manner; and protecting minority rights.

Ms Ellen Strickland (Chief Advisor, InternetNZ) highlighted the importance of data and trust. In a study conducted by her organisation that focused on ‘Internet for all’ and ‘Internet for good’, the lack of trust turned out to be an inhibitor to people’s engagement, and using the Internet for their benefit. Therefore, InternetNZ engages in community collaboration with entities from the public and private sectors which focus on issues of data protection, such as why data is collected and how will it be collected and managed.

Ms Nneka Ekechukwu-Soyinka (Privacy Manager, Mozilla) argued that collecting data via contact-tracing apps should be proportional because the success of the apps depends on public co-operation. To increase public co-operation, one needs to create a convenient app that takes into consideration confidentiality, transparency, privacy, security, and the app should be based on open-source technology. Technology, she argued, plays a part in combating the pandemic, but this cannot be the only solution, and it must be combined with other solutions such as social distancing and masks.

Mr Ian Brown (Visiting CyberBRICS Professor, Fundação Getulio Vargas (FGV), Rio de Janeiro) explained that apps created by Google and Apple do adhere to some national privacy laws and regulations, such as data anonymisation, minimising data collection, and not linking the data to government agencies. This mode of tech development helps public trust.

Ms Talar Kalayciyan (Official Secretary, Amsterdam Personal Data Commission, Chief Information Office, Amsterdam) elaborated on the various ways and practices in which the municipality of Amsterdam protects people’s privacy, including the Algorithm Register. The register provides an overview of artificial intelligence (AI) systems and algorithms used by the City of Amsterdam. By registering, people can find out about the city’s algorithm systems, learn about the information these systems collect, provide feedback, and participate in building human-centred algorithms in Amsterdam.

The second part of the session was dedicated to the question of how to leverage multistakeholder dialogues to reach possible solutions and consensus on this issue.

Kalayciyan suggested several ideas based on her experience with the Algorithm Register in Amsterdam, such as agreeing on the goal, avoiding long discussions, focusing on small and possible solutions, knowing how to give up on your initial idea, being open to other ideas, building trust between partners, and using reflection in the process.

Brown explained that governmental transparency is crucial for the process. He also highlighted the importance of inclusion and suggested using tools, such as videoconferencing and multiple language tools, to get more people involved in international policy discussions. Ekechukwu-Soyinka mentioned that some fear exists that the multistakeholder format might slow down development and innovation, especially during times of crisis. Yet, she emphasised the need for conducting a critical discussion in which all relevant stakeholders should be involved. While there is a need to achieve consensus, some topics will always be more important and receive more support.

Strickland echoed the ideas of transparency, accountability, and agreeing on joined goals. She also underlined the importance of creating meaningful dialogues between all stakeholders involved, and creating formal and informal partnerships. Flexibility, she concluded, is important in such discussions.

Chair mentioned that the multistakeholder format needs to take into consideration a given political environment and the social context. Therefore, such a process cannot take place in all countries and societies. She also raised the need to have a balance between the quality of the discussion and inclusivity. Finally, she argued, one cannot ignore the power relation in the base of every multistakeholder process; the social actor that has the resources to begin such a process will eventually determine who will take part in the discussion.

De Souza concluded by addressing to need to incorporate more civil society organisations in the discussion, especially traditional human rights organisations. The voices of these organisations, which do not deal with technology, should be included in the digital policy and privacy discussions.