As governments have sought to go digital, one of the most common barriers stymying progress in many jurisdictions is that of privacy – and the protection of personal and otherwise sensitive information. Despite the rhetoric of open government and information and data sharing within the public sector, the reality is a good deal more complex.
At its core, the Westminster regime is fundamentally more proprietary than open with respect to information management, making privacy a natural pursuit. Add to this mix adversarial politics, a correspondingly risk averse public service, and growing data breaches across all sectors, and caution and trepidation are understandable.
Yet digital government accentuates inward integration and outward engagement in ways that demand greater openness. And recognition of the benefits of information sharing – and the costs of not doing so – is growing. As a recent study for the Alberta Privacy Commissioner notes (Government Information Sharing: Is Data Going Out of the Silos, Into the Mines?), ”All Canadians want the benefits of electronic government services, and reduction of administrative burdens.”
This same report, however, also wryly observers that ”some of us still want our privacy and autonomy too,” and herein lies the conundrum for the public sector. Mark Diner, formerly Alberta’s first Chief Open Government Advisor insists that a holistic open government agenda must one day eradicate the need for information sharing agreements between governmental entities. And in the Province of Alberta alone, he estimates there are approximately thirty thousand such agreements!
The Government of Australia likewise admits that ”it can take several years and multiple MOUs to establish data sharing arrangements between government agencies” and ”sharing data with the States and Territories is burdensome.” As a result, the Government concludes: ”Overall, the lack of data sharing prevents feedback on policy and hinders the potential of data to improve future service delivery.”
In Canada’s Westminster regime, the important oversight of Privacy and Information Commissioners can be a mixed blessing. In a 2017 speech on public trust in a digital era, Patricia Kosseim, a legal expert from the federal Privacy Commissioner Office, underscored the importance of innovation: ”I think we all agree that information-sharing could be a good thing, if it helps keep Canadians safer, provides them with improved and more efficient services, helps streamline their communications with government, etc.”
Yet Kosseim is cautious – critiquing existing privacy laws as ill-suited for digitization, with national security as a prime example where information sharing arrangements have expanded tremendously. A recent and thoughtful report on open government by the Ontario Privacy Commissioner presents ‘data minimization’ as a key principle, namely that any data gathered be used only once (and for the purpose of its collection). Such a notion nonetheless flies in the face of ‘tell us once’ policies of leading digital jurisdictions.
In terms of proposing new solutions, Privacy Commissioners are proving to be more outspoken than governments themselves – and that is a problem. The federal government acknowledged this point last year in launching their Canada Digital Service: ”It was raised by many stakeholders that in some cases, specific legislative and policy barriers prohibit the sharing of data between government organizations and other levels of government…. Many stakeholders suggested that a broader conversation with Canadians around privacy and the use of personal information would be valuable.”
Other jurisdictions are taking heed of such advice. In Australia, a new information management architecture for the government as a whole is being championed by the Office of the Prime Minister. New Zealand recently passed legislation to facilitate more integrated and online service offerings, and the UK Government has recently established a Chief Data Officer as one element of its focus on better data management and information sharing across government.
Part of what is lacking in the Canadian public sector is a deeper examination of digital governance by elected officials both in governing and opposition parties. Any comparison of recent British and Canadian Parliamentary studies is notably lopsided, largely explaining why Canada and the UK have been heading in opposite directions in many global surveys. In a similar vein, the Coalition Government in Australia produced a detailed strategy for digitization while in opposition (a message for the NDP and Conservatives perhaps…).
National security matters accentuate the importance of dialogue. As University of Toronto expert Neil Desai points out in a 2017 contribution to Policy Options: ”If we are to balance security and privacy, all stakeholders – including our security and policing agencies, the technology sector, privacy advocates and the victims of crimes enabled by the Internet – must come together for a reasonable and open public debate on this subject.”
Accordingly, the Liberal Government deserves credit for creating the first-ever Parliamentary Committee to oversee the workings of a sprawling and evermore virtual security apparatus. Such a step is in keeping with the spirit of the O’Connor Inquiry more than a decade ago. Unfortunately, such an undertaking is limited to the realm of national security rather than the wider set of privacy challenges emerging across all types of digital service offerings both public and private. Indeed, a crucial distinction between service delivery and security is that in the case of the former, governments may well have more freedom to innovate. In the UK for instance, the Government has balanced sharp criticism with proactive engagement and open communication as a basis for sharing (anonymized) personal health information with the private sector for research and discovery purposes.
In British Columbia, a 2016 strategy produced by Canadian Mental Health Association (Information Sharing in the Context of Mental Health and Substance Use in British Columbia) articulates the necessity of information sharing for more integrative and effective solutions. In a manner sadly emblematic of challenges faced in all provinces in delivering often fragmented human services, the 2015 Commission of Inquiry into the Circumstances Surrounding the Death of Phoenix Sinclair called for revamping key legislation surrounding privacy and information protection in order to facilitate greater information-sharing and more coordinated services.
In a more proactive vein, as BC sought to become the first province to introduce a new Citizen’s Card (integrating the previously separate driver’s license and health cards), Service BC undertook a significant public consultation effort to address privacy fears and cultivate public support. This exception notwithstanding, identity management across federal and provincial governments has evolved at a glacial pace. Whereas jurisdictions across Europe and Asia are introducing smart chips to integrate an array of private and public services through mobile devices, this country remains shackled by a patchwork of public and private credentials as governments struggle to keep apace of marketplace innovations.
Recognizing this challenge, provincial and territorial and federal governments are responding by creating Canada’s Digital Interchange, an initiative meant to facilitate and coordinate the sharing and verification of Canadians’ basic identity information to create more seamless, digitized services predicated on the principle of ‘tell us once.’ Moving forward with this initiative in any meaningful way will require two fundamental steps: first, a new and more collaborative architecture for formally partnering across jurisdictions (in ways involving industry as well), and secondly, a level of public acceptance and input into the privacy implications of such an integrative effort.
Privacy Commissioners are already raising concerns – and in the absence of a robust and meaningful public engagement effort by governments themselves, the political oxygen required for not only technological but also legislative and policy innovation will simply remain absent. A central role for such engagement is not only to facilitate reforms within government, but also to better educate the public (as both consumers and citizens) as a provider and custodian of information. All too often, privacy is framed as an infallible political right rather than a shared responsibility.
Recently, the fallout from Facebook’s troubles, as well as the data breach of the Nova Scotia Government’s freedom of information website, underscores the magnitude of the challenge across all sectors. In each case, the initial reaction was insularity, further inviting suspicion and eroding trust. For public authorities especially, such incidents reinforce risk aversion at the expense of innovation and openness. Governments must therefore go beyond blanket and simplistic promises and act on widening calls for proactive public engagement. Otherwise, initiatives such as the much-vaunted Canada Digital Service will wither within the familiar toxicity of partisan politics and antiquated policies.
There is much to be gained from looking elsewhere. The European Union is set to introduce the world’s most stringent privacy measures for the handling of personal information by private entities (notably social media companies). Yet many jurisdictions also balance tough privacy safeguards and robust information sharing within the public sector as a means of integrating and bundling digitized services.
To be sure, different political cultures and traditions shape public expectations and government actions in ways that vary considerably. The commonality, however, is that public engagement is crucial to balancing privacy and innovation – and to cultivating trust in a digital era.