From Big Tech Data Control to Individual Data Control
As part of the fight against COVID-19, many countries chose to develop and use a contact tracing app based on a decentralized structure controlled by Apple and Google. Had we chosen to keep the data centralized, we could have used the data for research to foster new insights into COVID-19 and ultimately improve how we manage the pandemic. In the future, we should put the data control in the hands of individuals instead of big tech. And it is possible, if we choose the right digital infrastructure.
It is a pity for our societies that we cannot do scientific research on data from the many contact tracing apps used by those countries, who chose the Apple and Google model. Of course, data is safe, non-accessible and private, if we can trust that Google is not collecting location data from the app (Android’s Bluetooth used in the contact tracing app cannot be activated without activation of location tracking data). But it could also have been properly safe and private – and available for research – had the countries chosen an infrastructure, where the individual is in control of data.
Many informed citizens want neither the state nor private companies to be in control of their data. In Nordic countries, the data control is split between the state and private companies with a tipping point to the state, especially when it comes to health data. The trust in the state is very high in the Nordic countries. It is of course very fine that e.g. health journals are kept safe with the authorities, once you end up at the hospital and they need your data to treat you (as long as you can get a copy). But data from your phone, e.g. location data and other behavioral data should not be in the hands of the government. That is one reason as to why many privacy advocates spoke against centralized solutions and ended on the decentralized solution offered by Google and Apple.
The Third Way
All over Europe, new ‘data trusts’ with focus on individual data control offer a third way. In Denmark, one such data trust is Data For Good Foundation, DfG, a non-profit foundation devoted to giving back individuals control over their data. In their solution we get both; privacy and a way of using personal data for science and innovation for the benefit of both citizens and society. The foundation’s encryptions method makes it possible to use data about the individual without revealing the individual identity. It uses the new encryption technology called multiparty computation (MPC) which anonymises the data and many encryption experts believe this method is the best there is today. It is developed at University of Copenhagen and commercialized by IT-company Secata.
With this solution, every individual (and yes, we need data control education for individuals) can be in full control of his/her data via a dashboard where you can manage your consents.
DfG is partner in three different pilot projects paid by Danish financial funds to make the platform work. In one, Hedax, cancer patients are donating data to explore the patient journey through the health care system.
Statistics Denmark, who is probably the public authority with the most experience in anonymising data - and also a user of MPC method, is partner in some of the projects, as register data plays a core role.
“The combination of register data and behavioral data can help develop tools for preventive health care,” says Annemette Broch, founder of the DfG Foundation. “When data is anonymized and shared, it can generate what we call red flag actions concerning your health, and you decide whether you want to share them with your patient organisation or insurance company. It is you who get the insights from your data. Do you want that? A No is just a legitimate as a Yes.”
Recently, Statens Serum Institut (SSI), whose main duty is to ensure preparedness against infectious diseases, was part of a scandal, where health data from pregnant Danish women landed in the US and could be used for commercialisation by Facebook. This, according to Annemette Broch, is a very good reason to create a new data infrastructure.
“How can we trust public authorities, when they can’t live up to data laws or plain data ethics?,” she asks. “We need a safe, trustworthy and transparent platform, where everybody can control their data and decide what data should be used for, and that is what DfG can deliver,” she said.
In Denmark, scientists have pretty easy access to register data via Statistics Denmark. Thus, some researchers might be against individual data control, as more citizens might opt for a No to using their data in science?
“This will not change the existing easy access to statistical register data for researchers. Our solution is an add on, if they want more access to data and explore behavioural data, then they have to get consent from the user,” said Annemette Broch.