Malaysian think tank SERI is backing the OECD Committee on Digital Economy Policy’s call to develop policy guidance to enable trusted government access to personal data held by the private sector.
Describing itself as a non-partisan think tank dedicated to the promotion of evidence-based policies that address issues of inequality, SERI (Social & Economic Research Initiative) believes that the Organisation for Economic Cooperation and Development statement to clarify and regulate trusted access to the new age’s currency – data – is a critical step to secure and speed up digital transformation in Malaysia.
Indeed, the OECD Committee concluded that ‘working toward trusted government access to personal data held by the private sector is an urgent priority requiring further international collaboration’. The Committee further cited the OECD’s strength as a forum to foster discussion and collaboration among like-minded countries.
The valuable role played by appropriate cross-border data sharing during the coronavirus pandemic is one of the instances cited by various industry and public sector commentators when illustrating the increasing importance of digital transformation and data-driven policymaking.
Actionable insights arising from well-managed data is continued to manifest solutions for contact tracing, vaccine production, and hotspot identification. Continued benefits could include a more resilient recovery and pandemic exit strategies as well as bolstering digitalisation of the public sector, including smart urban projects.
Speaking to Disruptive.Asia, Nabila Hussain, Tech Policy Fellow, Social & Economic Research Initiative (SERI) says: “In addition to accelerated digitalisation, COVID-19 showed us our interconnectedness, far beyond the connectivity offered by mobile phones and the internet. In respect of data flows, the borderless nature of the pandemic required data to be shared globally, for various purposes including vaccine research and COVID treatment plans.”
“With data at the centre of pandemic-response efforts, people across the world have been exposed to health data and statistics for the last 15 months,” she adds.
“Governments, healthcare organisations, and the media have used charts, graphs, maps, and statistics to track and report the spread of the COVID-19 virus and subsequently the rollout of the vaccines. Leaders across the private and public sectors have relied on data to make critical decisions about lockdowns, protocols, and restrictions which have helped save lives and reduce transmission.”
“While people have become more familiar with concepts such as R rate, vaccine development, and comorbidities, the necessary (and in many cases, lifesaving) computations and calculations would not have been possible without responsible and secure access to data – by governments and from governments,” Nabila explained.
“Public sector, private sector, civil society, and academia have played important roles in data analysis, organisation, and development of statistical models and evidence-based awareness campaigns to better understand the unprecedented circumstances which struck the world in March 2020.”
Fuelling today’s economy
“A modern and pragmatic approach to open data will drive innovation and agile policymaking,” continued Nabila. “This can only be enabled with progressive and modernised regulation, similar to banking laws and confidentiality provisions which were introduced when banking regulations were first developed. Today’s regulatory frameworks have to be built on the premise that we live in a digital-native world.”
The lessons are clear: to move forward, particularly with regard to regulation, mindsets and skills, she lists the following:
“With data providing the fuel for today’s digital economy, enabling responsible access to data is essential as nations around the world undergo digital transformation – this must be a process that goes both ways: government access to data held by the private sector and private sector access to government-held data,” Nabila further added.
Though moving towards ‘a single pane of glass’ view of data may be ideal, governance of data and ensuring privacy is indoubtedly an interconnected responsibility. The push for policy guidance for governments’ trusted access to private data is part of a move towards a new operating environment – a new normal.
As Jelani Harper puts it: “Enterprises can no longer be very open where anybody can access any data. We don’t live in that world anywhere. We live in a world where you have to make sure that data scientists and analysts or any user of data only accesses the data that they’re supposed to.”
Nabila commented that: “Open data frameworks and cross-border data flow have become integral to the global digital economy and Malaysia’s ability to reap the benefits of digitalisation. However, despite the growing need for access to data and evidence of its economic and social benefits, data access and sharing remains below its potential. Compared to data, there is far greater regulatory clarity in relation to cross-border access to goods or funds.”
“Data-intensive technologies such as artificial intelligence (AI) and the Internet of Things (IoT) offer greater personalisation and opportunities for businesses and governments,” Nabila said.
“At the same time, they pose new challenges to safety, privacy, and security, and may discriminate against disadvantaged groups such as women, people with disabilities, and marginalised communities,” she pointed out. “In 2019, more than 80% of OECD countries reported AI and big data analytics as the biggest challenges to privacy and personal data protection, followed closely by IoT and biometrics.”
Against this backdrop, governments are implementing policies and regulations to raise awareness about privacy and data protection frameworks and strengthen their enforcement while promoting accountability for data controllers. Countries are also seeking policy solutions to address digital security issues and incentivise good practices. These efforts take on additional importance as economies and societies continue to move steadily online.
Nabila also noted, “With agile policymaking highlighted in the recently launched Malaysia Digital Economy Blueprint, we look forward to working with the public and private sectors towards the development of principles which will promote a secure, transparent, and trusted digital economy.”
Further calls for regulation include Skymind CEO Shawn Tan who welcomes greater clarity and the need for transparency in applications of AI.
Transparency will help enhance inclusivity, Tan writes: “We believe that legislation can enforce ethics and help to reduce the disturbing amount of bias in AI – especially in the world of work. Some AI recruitment tools have been found to discriminate against women because they lean towards favouring employees similar to their existing workforce, who are men.
“And it does not stop at recruitment. As ProPublica unveiled a few years ago, a criminal justice algorithm deployed in Broward County, Florida, falsely labelled African-American defendants as “high risk” at nearly twice the rate that it mislabeled defendants who were white.”
Skills for the post-pandemic world
The COVID-19 public health crisis has created a global economic crisis, forcing tens of millions of people out of work. On top of globalisation and automation, the most vulnerable have been dealing with the impact of losing their jobs or businesses due to COVID. Some jobs lost may not come back or not fast enough to meet demand.
Explaining further, Nabila opines: “The jobs that do come back will look different – people will return to an even more digital economy. We have seen years worth of digital transformation in months due to the physical distancing practices employed as part of the COVID-19 public health response.”
This accelerated digital transformation means both old and new jobs will require more digital skills. Many jobs will continue to be remote for the foreseeable future. Other jobs will require employees to have some level of digital fluency to be able to get and succeed in these roles.
“Technology is moving at an exponential pace, but skills continue to be the limiting factor in our efforts to benefit from technology adoption,” she continued. “This is intensifying a skilling challenge for individuals and employers alike. People who have lost jobs will need to gain additional digital skills to find a new job, and employers will need to upskill current employees and/or quickly hire new employees with more digital skills. If we fail to take significant multi-stakeholder action to stem the grave economic impacts of unemployment, it will result in accentuated economic disparity and significant skilling gaps across a broader set of the population.”
“This impact will go beyond the workforce, creating a systemic effect on the ability of companies, industries, and even countries, to be able to effectively respond and recover, let alone rebuild their economies in a post-pandemic world.”
Closing the skills gap and driving inclusive economic recovery will require new partnerships to bring technology and people together. This demands partnerships between tech companies, employers, non-profit organisations, academia, think tanks, and government agencies.
“We each have a role to play, cementing the need for meaningful public-private partnerships. If implemented effectively, PPPs [public, private partnerships] should allow us to leverage each other’s strengths, working in an agile, responsive, and responsible manner as we navigate our respective COOVID exit strategies,” she added.
Path to privacy protection
To fight crime and protect public safety, governments have a clear and compelling need to access digital data. Balancing that interest against citizens’ expectation of due process and the rule of law is essential to maintaining trust in technology.
Nabila explains that: “This makes it a critical priority to craft modern laws that provide law enforcement and national security agencies with clear and transparent legal mechanisms to access digital information pursuant to lawful process. These laws should protect citizens’ fundamental privacy rights, hold law enforcement accountable, and respect the sovereignty of other nations.”
Government requests to access private-sector data must be facilitated by a regulatory framework that respects ownership of data and due process while also addressing public safety needs. She believes that this can be achieved in several ways, the points of which are summarised here:
She advises that every request must be reviewed to ensure it is legal, valid, and only involves data pertaining to specific accounts or identifiers. Government entities must make specific individualized requests which the private sector complies with by only providing the data specified in the request.
Governments must not be provided with direct and unfettered access to private sector data. Compliance with government access requests must be limited to specific accounts and/or date range, she adds.
“Furthermore, the scope of Personal Data Protection Acts must include government – this may require amendments to existing laws. In the case of Malaysia, for instance, this would involve a review of the Personal Data Protection Act (PDPA) Section 3(1), which precludes the Act from applying to Federal and State Governments.”
“It is important to note that not all public sector data has the same level of sensitivity,” she explains. “Most data is not highly classified [i.e., unauthorised disclosure would not present a serious threat to national security] and should be able to move to the public cloud which provides cost savings and better security compared to conventional on-premises options.”
“In addition, overclassifying and overprotecting data has serious implications for cost and overall efficiency, as each increased level of classification (1) imposes significantly increased costs to maintain the associated supporting security infrastructure; and 2) reduces interoperability of the data, limiting its use and value.”
“Besides the Official Secrets Act 1972, Malaysia has no overarching legislation on government data,” Nabila continued. “As a result, most government documents are classified as Official Secrets.”
It is time
She further noted: “There is an increasing global recognition by governments that they have large amounts of non-sensitive data, which allows for consideration of the use of public cloud. This was recognised in the Malaysia Digital Economy Blueprint, which aims to achieve 80% usage of cloud storage in government by 2022.”
“With the continued growth of the global data economy, a principled rules-based approach to government law enforcement access would enhance legal certainty and increase investment opportunities, allowing countries to become datacentre hubs or innovation testbeds,” shared Dr Helmy Haja Mydin, CEO, Social & Economic Research Initiative. “With increased clarity, countries would be more willing to store their data in Malaysia, with the knowledge that law enforcement would not be able to access data arbitrarily without due process.”
“For Malaysia, increased clarity relating to government access to data will bolster our position as a regional datacentre hub and increase the confidence of Malaysians and entities from other nations storing data in Malaysia. This is particularly important as our digital infrastructure expands via investments such as the recent Microsoft Bersama Malaysia announcement made by the Prime Minister.”
Nabila agrees that clarifying a policy for responsible access to data is essential to accelerate digitalisation and innovate new ways of living and working, and concluded: “It is time for Malaysia to review our laws and policies, to ensure we are able to reap the benefits of technology meaningfully, without deepening discrimination, inequity, or divides.”