Protection of personal data in e-government projects

Event report

The workshop focused on the introduction and promotion of e-government projects, and the abilities of governments to protect data. 

Public bodies around the world are adopting digital solutions for providing better services to the public. The list of e-government projects has grown in recent years, which highlighted the questions of data protection. 

The session started with a look at the current state of South Africa’s e-government projects and digitalisation, with a focus on the challenges in regard to data storage and authentication. In a recent e-health-related project, in which citizens could create a profile that provided them with access to healthcare professionals, too much information was available without proper two-step authentication. Another question is who can and should have access to this personal information.

While discussing e-government projects in Kenya, the issues of inclusion and discrimination arose. For example, national identity and citizenship have been the main requirement for accessing e-project benefits. This eventually left out many communities that have problems obtaining ID cards. Additionally, courts in Kenya have imposed a threshold for the government in order to collect and use personal data, which all began when the Kenyan High Court declared Huduma Namba ID cards illegal.

Following the discussion on this court ruling, speakers agreed that a proper law should be put in place. For example, Nigeria has been implementing a digital ID program with 200 million unique identity records, but the main set back is that the data protection bill is still in parliament. It has been argued that the lack of adequate legislation is the core problem of e-government projects. 

An important aspect of data security is data minimisation. Using South Africa as an example, one of the concerns is that there are many different agencies and government departments storing personal data. If this data could be merged under a single body, there is more chance of improving government services. For example, in Estonia, only one government body can store personal data, and other government agencies can, under certain circumstances, seek anonymised data. However, there are risks in combining data from various sources, and prior authorisation provisions must be properly implemented.

The importance of the General Data Protection Regulation (GDPR) was highlighted, as it is considered to be a feasible tool in protecting data and personal information. 

Another important factor is the necessity to recognise the difference between personal data and open data. Under the Data Act, all available data can be used and anonymised. This can accelerate government digital projects and provide faster services, while avoiding delays. However, while an open-data approach has its merits, procedures must be in place.

Speakers agreed that future discussions are needed in order to have effective, accountable, and transparent institutions at all levels which can be trusted with personal data protection, but the process must begin with appropriate legislation.

By Ana Stankovic

The session in keywords