On 16th May 2024 I led a 90 minute session as part of the Digital Academy Masterclass, hosted by the Government of Azerbaijan’s Innovation and Digital Development Agency, and delivered by Digital Nation.
I’ve broken the presentation into 4 parts. After the introduction, Part 1 considered the potential of data to deliver public value; Part 2 looked at the elements needed to actually build a data-driven public sector; and this, Part 3, explored how to unlock the value of data without losing public trust.
Unless otherwise indicated or an obvious screenshot, the images were generated by ChatGPT.
Now we’re onto the third and final part of this morning’s session. We’ve thought about where value can come from in terms of what you do with data. We’ve thought about the role you all play in helping to create the conditions for data to be used. But now we will finish with thinking about how our use of data builds and preserves trust.
Trust is such a valuable commodity. But it can be lost so quickly and take so long to repair.
Trust between citizens and their government is the basis on which the legitimacy of public institutions is built. Without trust, some policies lose their meaning and some services cease to be used. Unfortunately, trust is deteriorating in many countries.
According to the OECD there are five characteristics that make a government trustworthy.
At the heart of public administration, responsiveness ensures regulations are enforced and services meet citizens’ needs effectively. It involves listening to feedback and adapting services to evolving needs, fostering a two-way communication.
A reliable government anticipates citizens’ needs and reduces uncertainties. Proactive planning and robust risk management build trust by providing stability and a sense of security, especially in facing natural and human-caused threats.
Open, transparent and inclusive policy design allows governments to understand and address citizens’ needs better. Clear communication ensures policies are explained well and all citizens can participate in democratic processes, building public confidence.
Integrity involves low corruption, high accountability, and ethical use of public power. High standards of behavior enhance government credibility and legitimacy, strengthening public trust and cooperation.
Fairness ensures consistent and non-discriminatory treatment of all groups. When citizens feel valued and respected, they are more likely to accept decisions, comply with regulations, and engage cooperatively with public institutions.
Now let’s look at how the use of data can impact trust.
There are 5 main ingredients for trustworthy use of data:
- Ethical Frameworks: adopting principles that ensure fairness and moral integrity in data use.
- Protecting Privacy: safeguarding personal information against unauthorised access.
- User Consent: ensuring transparency and choice in how personal data is used.
- Transparency: being open about how and why data is used.
- Security: implementing robust measures to protect data from threats and breaches.
Data ethics covers the responsible handling of information, ensuring that data practices don’t harm individuals, either directly or indirectly, even when these practices are legal.
In an era where the influence of tech giants makes headlines, public interest in ethical data management is growing rapidly
Data stewardship begins right from the moment data is collected and continues throughout the Government Data Value Cycle.
It’s about ensuring that the datasets we use are not biased and that their applications do not reinforce existing inequalities.
A real-world example of this back in 2018 was how Amazon applied AI to its recruitment processes. The way the AI was trained meant that it taught itself male candidates were preferable and penalised candidates who mentioned being “female,” as in “captain of the women’s chess club,” and downgraded graduates of all-female colleges.
The tragedy is that despite this taking place 6 years ago that we’re continuing to hear of organisations in both the public and private sector which aren’t treating these ethical considerations with sufficient care and attention.
Governments play a crucial role in setting the framework for data ethics.
Legislation is one method for attempting to enshrine rights into the fabric of society.
But ethics extends beyond legal requirements.
Unethical behaviour might not always break the law which makes it valuable for countries to develop ethical frameworks that can provide guidance for decision making.
Working with the members of the OECD E-Leaders thematic group on data, I helped facilitate the creation of these Good Practice Principles for Data Ethics in the Public Sector. They drew inspiration from work in the Netherlands and the UK amongst others to identify the most important considerations when it comes to working with data in an ethical way:
- Manage data with integrity
- Be aware of and observe relevant government-wide arrangements for trustworthy data access, sharing and use
- Incorporate data ethical considerations into governmental, organisational and public sector decision-making processes
- Monitor and retain control over data inputs, in particular those used to inform the development and training of AI systems, and adopt a risk-based approach to the automation of decisions
- Be specific about the purpose of data use, especially in the case of personal data
- Define boundaries for data access, sharing and use
- Be clear, inclusive and open
- Publish open data and source code
- Broaden individuals’ and collectives’ control over their data
- Be accountable and proactive in managing risks
Another, complementary, approach found in Canada is that of Algorithmic Impact Assessments. These reflect the Impact Assessment activities that can happen with regards to privacy or regulation and other domains. It’s a tool to help evaluate AI solutions’ relevance and ethical implications.
As data becomes an integral part of daily operations, the importance of considering the ethical implications and the potential for unintended consequences grows.
Ensuring that data use reflects values and rights is a fundamental part of public trust and responsible governance.
Next up, privacy.
Privacy concerns the rights of individuals to control how their personal information is collected and used.
For example, going back to 2017 and an example from the UK. There were certainly good intentions behind the partnership between Moorfields Eye Hospital and DeepMind and their ambitions. However, their approach to data and privacy protection was poor and was rightly condemned.
An episode like this significantly damages trust and reputation for many years after the fact. It is also an important reminder of the need to strike the right balance between noble ambitions and taking the necessary care and attention with people’s personal data.
The other side of the coin to privacy is that of consent.
A big part of the trouble with the Deepmind and Moorfields Eye Hospital scandal was sloppy data protection practices. However, a large part of the dismay it caused was down to data having been used without explicit and informed consent.
This is one of the areas that the European Union’s General Data Protection Regulation has sought to model best practices for handling privacy and user consent.
Firstly, GDPR is built on several core principles, including lawfulness, fairness, and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability. These principles ensure that personal data is processed responsibly and ethically. For instance, by adhering to data minimization, we only collect the data necessary for our purposes, reducing risk and respecting user privacy.
In addition to these principles, GDPR grants several key rights to individuals.
These rights empower people to have greater control over their personal data. For example, the right to be informed ensures transparency about how their data is used, while the right of access allows individuals to see what data is held about them.
Other rights, like the right to erasure, also known as the right to be forgotten, and the right to data portability, give individuals the power to delete their data or transfer it to another service.
Transparency is essential not only for the quality and reliability of data but also for maintaining public trust. This trust hinges on our ability to make policy objectives, legal frameworks, and decision-making processes both comprehensible and accessible to all.
We’ll now look at three different aspects of transparency.
First, let’s think about the transparency of algorithms and explainability of decision-making. This is increasingly important with the growing use of AI.
It is crucial these systems do not operate as ‘black boxes’ with unknowable information hidden away from users.
By making AI and algorithmic decisions transparent, we enable citizens to understand and, crucially, challenge these decisions.
This transparency is important in efforts to build AI systems are fair and unbiased.
It’s about showing the workings behind decisions, thereby mitigating risks and enhancing the integrity of outcomes.
This example from the UK of the Algorithmic Transparency Recording Standard is an attempt to bring real rigour to the process of designing and implementing algorithm based practices.
Secondly, what practical tools can give citizens control over their data?
Tools such as MitID in Denmark, Mi Carpeta in Spain or Clave Unica in Chile (amongst others) are designed to combine transparency of data with mechanisms for providing (and withdrawing) consent.
By allowing individuals to see which agencies access their data and to provide or withdraw consent actively, these platforms foster a deeper sense of agency and trust.
They not only support transparency but also reinforce the right to privacy and personal data protection.
Finally, let’s talk about this idea: ‘Make things open; it makes them better.‘
Open government initiatives, whether through the publication of open data or the implementation of performance dashboards, exemplify this.
By making governmental actions visible and understandable, these initiatives not only enhance accountability but also increase public engagement and trust.
Such practices ensure that governance is not an obscure process, but something people can get involved with and scrutinise.
Data security is the final foundational aspect of trustworthy governance.
In 2018, the estimated global cost of cybercrime was $0.86 trillion. Last year, it was put at $8.15 trillion, and projections for 2028 suggest it could reach $13.82 trillion. These staggering figures highlight the escalating threat of cybercrime and the urgent need for robust data security measures.
Robust data security is essential to prevent unauthorized access and use, safeguarding both the physical and digital realms that house our data.
However, these measures must be balanced with the usability and accessibility of digital services.
Security threats pose significant financial and reputational risks, making it imperative for governments to act.
They must implement steps to prevent unauthorized data access and use while ensuring that security measures do not hinder the functionality of digital services.
For example, multi-factor authentication adds a necessary layer of security but must be implemented in a way that is user-friendly and does not discourage access.
Digital security is not an optional extra; it is fundamental to all our digital, data, and technology work. Without it, we cannot protect the sensitive information entrusted to us by the public.
It can be integrated into existing digital government strategies or managed through a standalone cybersecurity strategy. This flexibility allows organizations to adopt the approach that best fits their needs.
In addition to having a solid strategy, it’s crucial to invest in National Cyber Security organizations. These entities play a pivotal role in safeguarding our digital infrastructure and responding to cyber threats.
Equipping both our current workforce and the workforce of tomorrow with the skills and knowledge needed to navigate the evolving digital landscape is vital. This means continuous training and education in digital security practices.
Finally, fostering collaboration and information sharing between different organizations and sectors can significantly enhance our security posture. By sharing insights and strategies, we can strengthen our defences against cyber threats.
The Azerbaijan Cyber Security Center is a new resource.
It has classrooms, training rooms, simulation rooms and laboratories and will support research and development of cyber security products
Over three years more more than 1000 people are expected to be trained.
And that’s the end of our third session – we’ve covered ethical frameworks, protecting privacy, user consent, transparency and security.
And now, for the final time I’d like to encourage you to reflect on your experiences with those around you.
This is the end of my talk, you can go back to the introductory slides, or Part 1 on the potential of data to deliver public value; or Part 2 on how to go about building a data-driven public sector.