Novel Data Privacy Regulations by the European Union
Open government action plans have had long-standing initiatives in place which ensure the transparency and accountability of government through technological means. Instances of these kinds of technological adaptations are: the prerequisite that data be released in a machine-readable format, the introduction of e-petitions to increase the engagement of citizens, and the push towards open-source software as proposed by Open Concept’s Mike Gifford. Technology and the expectations of our increasingly tech-literate society are constantly developing. Therefore, the initiatives put forth in action plans should aim to move in tandem, and adequately reflect these changes. An upcoming policy plan which sets out regulations to do exactly this is the European Union’s General Data Protection Regulation (GDPR.)
What is it?
This new policy positions citizens as the authority over the data collected about them, and has the potential to significantly increase the openness and accountability required of European governments online. Some of the key amendments that have been introduced by this policy are data portability and data sovereignty – both of which embody the ideals of the Open Government Partnership (OGP), and it would be exceedingly beneficial for its participating countries and subnational entities to consider implementing it.
Data portability has been legislated by GDPR through the facilitation of free and machine-readable information access requests. Specifically, the GDPR has made it increasingly simple for a citizen, or ‘data subject,’ to access the information their government, or third party data collectors have compiled on them. This must always be provided for free and in a machine-readable format. Furthermore, the purpose behind the collection of this data, and where it is being stored, must also be divulged to the citizen. As an added feature of autonomy for citizens, data collectors must also acquire the consent of these citizens to have their data collected, and ensure that this consent can also be easily withdrawn. This policy allows for a shift from citizens who are largely inexperienced and ignorant to their data collection, towards an empowered and informed citizenry who can be more meaningfully engaged and informed in their decision making.
In light of recent revelations like the Five Eyes scandal – where the United States, Canada, Britain, Australia, and New Zealand had all conspired to access and aggregately collect the telecommunications of their citizens, then subsequently share this information amongst one another – there has been a growing public tension surrounding data privacy. Whistleblowers fortunately brought this issue to light, but it is the responsibility of participating OGP countries to now restore public trust, and demonstrate that their citizens’ data is safe. The implementation of ‘data sovereignty’ as proposed by the EU would be an adequate solution to these fears. Data sovereignty prohibits personal information about citizens to cross international borders and/or be bought and sold by third parties, as it was under Five Eyes. Designated data officers will also become a requirement at these data controllers, to ensure ideals like data sovereignty and the commitment to data portability are respected. This sovereignty initiative would demonstrably be a sign of good faith by the OGP countries which choose to adopt it, to prove they respect the concerns of their citizens and will go so far as to legislate on this matter so that citizens’ personal information is protected.
In conclusion …
The GDPR is a rigorous response to the Open Government Partnership’s mandate to “promote transparency, empower citizens, fight corruption, and harness new technologies to strengthen governance.” Governments are required to be transparent to their citizenry and provide them with the information they seek and a means to withdraw their consent for further data collection. Citizens are also positively empowered to seek out this data and ask questions with the legal recourse now provided by this policy. Corruption can now also be negated by the geopolitical barrier which data sovereignty institutes. Finally, the implementation of these new policies can set a positive precedent in innovation, whereby technological innovators can be informed by these new concepts, and ultimately create technologies with better governance in mind. These novel regulations in data policy have a lot of merit and can stand as an example for OGP’s participants to model.