The internet is celebrating its 30th birthday this month. Currently, half the world is online and we should take this moment to celebrate how far the internet has developed and also as an opportunity to reflect how far it has yet to go. The relationship between people and internet has significantly evolved in the past three decades. It has become a public square acting as a library, doctors office, bank, retail outlet, workshop and so much more.
Globally, every day our interaction with internet produces enormous amounts of data, for example Google processes over 40,000 searches every second, almost 1.4 billion people are active on Facebook every day. Every minute people exchange 16 million text messages and 156 million emails. More data is being created as a result of increased application of internet in our daily lives. Anyone who has an online presence leaves a digital footprint. We leave behind fragments of personal information such as likes, comments and web searches. The data on its own may seem fairly innocuous but it provides pieces that make up a detailed picture about users when put together. To the internet world we are all just couple of ones and zeroes. Things like our CNIC number, credit card number, contact information, financial data, medical records, entertainment preferences, everything is stored as binary data somewhere.
The world is becoming a place where access to data is going to empower big tech companies that hold such data. The data can be sorted in various ways from behavioural preferences to medical issues to demographics to social engagements and online interaction. Given the advancement in software, the beauty of data is even more enhanced as it can be mined, analysed and correlated in any imaginable way. This depicts the value and power of people’s data. However, our data is being used free of charge for example by the big tech companies that are commercializing it to create more customized products and services. Targeted advertising is a lifeline for digital businesses. But the primary question is who does the data really belong to?
Mora than a privacy issue, this can be regarded as a governance issue. Does the copyright law cover your DNA pattern or your social media viewing habits or your spending behaviours? Are your personal records going to be made available to the highest bidder? Do you understand what is protected or protectable or even private or public? Do users understand how adverts and page suggestions for example on Facebook affect their everyday decisions and influence preferences? It is not just about opt-in and opt-out privacy, it concerns our personal, economic and national sovereignty.
At present almost 22% of Pakistan’s population has access to internet and absence of any data protection law in the past has led to serious privacy breaches by individuals, companies and even the state. Pakistan has an opportunity to effectively deal with this problem before it becomes mainstream. We can start by creating a cross-industry team that includes experts from IT, legal, healthcare, finance, telecommunication, ethics, civil society and government. They need to develop an appropriate strategy to govern data in a way that all parties either online or offline are equally protected. Thus, a need to create a more ethical and inclusive model.
[ads1]
In 2018, Pakistan’s Ministry of Information Technology and Telecommunication has put forward a draft Bill for Personal Data Protection. It is worth appreciating that it is open for consultation among the public. However, it uses vague language, fails to clarify terms like ‘consent’ and ‘public interest’ and lacks a comprehensive legal framework that considers our constitutional rights and international best practices. In order to address these concerns and establish a trustworthy relationship between data producers and data users, four critical pillars need to be quantified and monitored in the digital world. Firstly, privacy is the priority in the digital world. It is categorized as use of personal information and defined in ‘Terms of Use’ and ‘Privacy Policies’. However, research has proven that majority of the users are unaware of the potential use of their data. One of the reasons for this is that the privacy policies of major social media are longer than almost 9000 words. Hence, many people press the blue button that reads ‘agree’ without actually reading them. It should be the responsibility of governing bodies to make sure that terms and conditions are concise, clear and understandable by majority of the users. There is no room for fine print when personal information is at stake. Secondly, security in terms of managing the right, or lack thereof, to access data. This is usually controlled through management policies and encryption. Inadequately protected information has the potential to be used in damaging ways both personally and nationally. For example, on individual level it can be used for cyberbullying and on the institution level it can be used for behavioural modifications through suggestions as witnessed in the 2016 election scandal in US. The task force must update and supervise the implementation of laws under cybercrime. Moreover, literacy programs can be introduced that highlight the importance of data protection and simple steps to protect personal data on the users end.
Thirdly, it is imperative to maintain the integrity of the data supply chain especially how the data is generated, processed and used. It requires complex governance practice that applies to both the data itself and the data-handling systems. Therefore, a transdisciplinary team should be able to come up with processes and measures that are holistic in nature. Lastly, data protection teams and their policies should be accountable, transparent and consistent. Knowing what information is used by whom and how will promote trust in the digital world. Therefore, information related to all four pillars must be simple, clear and easily accessible.
Everyone needs to be on board to promote inclusivity, opportunity and creativity. And it is possible as Tim Berners-Lee, the founder of internet said that the first 30 years of internet have set a remarkable and unprecedented success and it will be unimaginative and defeating to think that internet does not have the potential to change for the better in the next 30.
[box type=”note” align=”” class=”” width=””]The writer is a Research Associate, Sustainable Development Policy Institute (SDPI)[/box]