These are good principals1 and generally accepted however, both the federal and state principals are based on an assumption that data needs to be collected and “held in trust” for citizens. I believe this assumption needs to be questioned. Data is personal property and the state holding this data in trust undermines fundamental property rights such as those outlined in the fifth amendment. If the state no longer has to ask the citizen when it uses personal data then all due process is forfeit and eminent domain is meaningless.
This is clearest in the “Data Informed Culture” section that implies ‘data leaders’ are the people managing the data and while this is done to empower all individuals it is not clear if data leaders need individual permission to use data. The principals should be clear that personal data is owned by the individual and not for data leaders to use without the knowledge or express permission of the individual. We need to advocate personal data ownership over collective data ownership emphasizing how this will empower citizens, enhance civic engagement and bring data as property under the fifth amendment.
Good work has been done recently in developing data use principals for contact tracing where centralized data collection could easily be used for unwarranted discrimination and surveillance2. Building on this work we suggest adding the following principles under the heading of Agility.
Data Collection: Data should only be collected and processed for a specific, well defined, and well communicated purpose. Any system capable of collecting, processing, or transmitting data should do so using only the data necessary to achieve this purpose.
Transparency: Any considered solution must be fully transparent. The protocols and their implementations, including any sub-components provided by companies, must be available for public analysis.
Retention: The processed data and if, how, where, and for how long they are stored must be documented unambiguously. Such data collected should be minimal for the given purpose.
Minimalism: When multiple possible options to implement a certain component or functionality of the solution exist, then the most privacy-preserving option must be chosen. Deviations from this principle are only permissible if this is necessary to achieve the purpose of the solution more effectively, and must be clearly justified with sunset provisions.
Choice: The use of solutions and the systems that support them must be voluntary, used with the explicit consent of the user and the systems must be designed to be able to be switched off, and all data deleted, when the purpose leading to its development has passed.
This approach requires a different way of thinking about data collection and processing than is common in large commercial ventures. Today’s business models (Uber, Facebook, Equifax) rely on data ownership to maintain margins. Since the state is not looking to control data we believe this different way of thinking will bring considerable benefits. It will however require collaborating on a framework for personal data ownership with the open source community3.
You articulate well the importance of adopting the baseline principle of personal data as personal property. Requesting individual permission to use data and digitally confirming approval or lack-there-of must be a baseline requirement protecting all citizens. The suggestion that other entities will “hold in trust” said data for citizens is open to wide interpretation. The additional principles you offered under the heading of Agility are indeed necessary additions. Thank you for making these important additions.
The way they do this in Ireland is they distribute special keys to the hospitals/test centers that they issue to the app owner so as to insure that the notification only registers when a legitimate positive test is entered. Unfortunately this is what makes implementation hard because it requires we get support from all the test centers.
Example: If a Church community, school, company wants to manage their own infection rate in the community they get a few few Point of care systems and rely on community peer pressure to have people self report and self quarantine?