T.The UK is at a crossroads. On the verge of Brexit, it will have to decide where it stands in relation to privacy: will it relax data protection regulations, move more towards the Chinese model or guarantee the right of its citizens to privacy, move more towards a California approach and secure it? a data adequacy agreement with the EU? It would be a mistake to choose the former.
Last month the UK released its National Data strategy. Oliver Dowden, the digital secretary, wrote as part of the UK strategy: “Data and data usage are seen as opportunities rather than threats to protect themselves from.” Nobody doubts that data is a welcome opportunity, but overly relies on it Focusing on the potential benefits of data and neglecting the threats associated with the collection and use of personal data would be unwise.
One could reasonably be concerned that the UK will choose an overly insecure approach when the strategy refers to removing data barriers ranging from “legal barriers (real and perceived) to cultural blockers and risk aversion” . Concerns could be heightened given Dominic Cummings, Chief Advisor # 10, on data. He not only supported the extensive collection of personal data for the purposes of the election campaign. He has also described the EU’s General Data Protection Regulation (GDPR) as “awful” and “idiotic”.
Countries with poor data protection laws usually fall into two categories: underdeveloped or authoritarian. Given its hard-won reputation for being on the side of progress and anti-authoritarianism, it would be unfortunate if the UK were associated with both. However, there is a third option when it comes to bad data practices that is just as uncomfortable. The UK could become a data haven, just as some countries are tax havens.
A data port would be a country that is involved in “data laundering” and willing to host data that has been illegally collected (e.g. without proper consent or safeguards) and then recycled into apparently legitimate products. Data washing would be something a host country would do for those concerned with “ethics dumping”. This term describes the misconduct when exporting unethical research activities to countries with poor regulation. Data hosted in data ports is not only used for seemingly acceptable products, but can also be used for illegitimate or questionable purposes (e.g. training spyware such as facial recognition algorithms which are then sold to the highest bidder, including authoritarian regimes) . Data laundering would mean Britain allowing businesses and governments around the world to do their dirty data under its protection for money. The evolution of the UK into a data haven could turn into a data protection disaster with enormous financial and reputational damage to the UK.
The future is towards more privacy, not less. Europe and California are on the right side of history in this regard. The United States is discussing privacy laws and is likely to soon develop stricter federal privacy laws. After many years of unbroken optimism in Silicon Valley and the data economy, we are realizing that trading personal data is far more dangerous than we could ever have imagined. Personal data poisons individuals by exposing us to data corruption such as public humiliation, identity theft, and discrimination. It also poisons societies by undermining equality, autonomy and democracy.
We will not be treated as equal citizens if we are treated based on our personal information. Privacy can blindfold the system to ensure we are treated impartially. Through personalized content and ads, and trading in personal data, loose privacy laws allow algorithms to predict and influence our behavior and make important decisions about our lives with little or no control or accountability. There are good reasons why we have spent centuries developing data protection standards and laws. These are not “unnecessary” obstacles. The erosion of privacy over the past two decades has created profound power asymmetries that are pulling at the seams of our societies.
If the UK doesn’t take privacy seriously, it will fall behind the rest of the developed world, much like it does first catastrophic attempt with a contact tracking app that doesn’t adequately protect privacy. Contrary to what the national data strategy seems to suggest, data protection is pro-tech as there is no future in technology that is data protection insecure. Technologies that do not respect privacy only lead to a loss of trust and cooperation among both citizens and international partners. In addition, we don’t have to choose between data protection and the latest technology. There are ways to develop AI and other technologies suitable for data protection.
The national data strategy aims to position the UK as a “global advocate for data use” as well as the “safest place in the world to go online”. In order for these two desirable goals to be compatible, privacy must be protected. Publicity Data should be exchanged more easily and comprehensively – but not personally Data. The UK has what it takes to become a world leader in data ethics and ethical AI. Let’s hope it takes the opportunity to move towards that goal and not get away from it. The UK government didn’t listen to privacy professionals when they warned that designing the first contact tracing app was a bad idea. Will it take privacy seriously in the future?
• Carissa Véliz is Associate Professor of Philosophy at the Institute of Ethics in AI, Fellow at Hertford College, Oxford University and author of Privacy Is Power (Bantam Press, 2020).