大数据学习途径
By Thea Anderson, Director, Omidyar Network, Elizabeth M. Renieris, Fellow, Berkman Klein Center and Fellow, Carr Center for Human Rights at Harvard University
奥米迪亚网络主任Thea Anderson,哈佛大学伯克曼·克莱因中心研究员,卡尔人权中心研究员Elizabeth M. Renieris
In April, we introduced a blog series exploring the application of existing data protection laws to emerging technologies, related power dynamics, and implications for future design and thinking on personal data. Since then, we’ve seen many changes to global data protection frameworks. This includes a new data protection bill in Zimbabwe, the passage of a data protection act by Jamaica’s House of Representatives, and new proposed regulations for the California Consumer Privacy Act. We are hopeful that the final versions of these instruments, after public engagement, will reflect and anticipate new uses of data and the rise of emerging technology.
4月,我们推出了博客系列探索的现有数据保护法,以新兴技术,有关权力动态,并影响应用未来设计和思考上的个人数据。 从那时起,我们已经看到了全球数据保护框架的许多变化。 这包括津巴布韦的一项新的数据保护法案,牙买加众议院通过的数据保护法案以及《加州消费者隐私法案》的新拟议法规。 我们希望,在公众参与之后,这些工具的最终版本将反映并预期数据的新用途和新兴技术的兴起。
In this second post, we explore the relationship between data protection laws and social payment programs.
在第二篇文章中,我们探讨了数据保护法与社会支付计划之间的关系。
Rapid digitization of social payments in response to the global pandemic
应对全球流行病的社会支付快速数字化
Governments are rapidly deploying social payments (such as unemployment or food benefits) to address the crushing personal, financial losses and economic stress resulting from the pandemic. As of June, the World Bank estimates $589 billion in government COVID-19 relief spending on social protection programs globally. About 195 countries have introduced, scaled, or adapted social payment programs reaching upwards of 1.1 billion people. While some in need may already be covered by existing government social payment programs, many are excluded globally, including those working in the growing gig economy.
各国政府正在Swift部署社会付款(例如失业或食品福利),以解决由大流行造成的沉重的个人,财务损失和经济压力。 截至6月, 世界银行估计,全球用于社会保护计划的政府COVID-19救济支出为5890亿美元。 约有195个国家推出,扩展或调整了社会支付计划,覆盖了11亿以上的人口。 现有政府的社会支付计划可能已经涵盖了一些需要帮助的人, 但全球范围内却排除了许多需要帮助的人 ,包括那些在零散经济中工作的人 。
At the same speed, governments around the world are seeking to rapidly digitize their social payment programs and accelerate digital payments in support of social distancing, government efficiency, and ease of use for recipients. Challenges to these efforts, however, include a continued preference for cash in many societies, existing strains in digital payments infrastructure, liquidity challenges by financial agents, and disparities in access to digital infrastructure.
以同样的速度,世界各地的政府都在寻求将其社会支付计划快速数字化,并加快数字支付的速度,以支持社会距离,政府效率以及接收者的易用性。 但是,这些努力面临的挑战包括:在许多社会中,人们继续偏爱现金 ,数字支付基础设施中的现有压力,金融代理商面临的流动性挑战以及数字基础设施的使用差距。
In addition, the excessive and unnecessary collection of biometric and other sensitive data, shortcomings in legislative oversight, and mission creep heighten the risks of surveillance and the potential for privacy violations for people who are receiving social payments digitally.
此外,过多和不必要的生物识别数据和其他敏感数据的收集,立法监督的缺陷以及任务的蔓延,加大了接受数字支付社会支付者的监视风险和侵犯隐私的可能性。
The UN Special Rapporteur’s 2019 report on the digital welfare state cautioned:
[S]ystems of social protection and assistance are increasingly driven by digital data and technologies that are used to automate, predict, identify, surveil, detect, target and punish . . . [T]he irresistible attractions for Governments to move in this direction are acknowledged, but the grave risk of stumbling, zombie-like, into a digital welfare dystopia is highlighted . . . [Big technology companies] operate in an almost human rights-free zone, and that this is especially problematic when the private sector is taking a leading role in designing, constructing and even operating significant parts of the digital welfare state.
社会保护和援助的系统越来越受到数字数据和技术的驱动,这些数据和技术用于自动化,预测,识别,监视,检测,确定目标和惩罚。 。 。 人们认识到各国政府朝着这个方向发展的不可抗拒的吸引力,但突出了将僵尸般的绊脚石变成数字福利反乌托邦的巨大风险。 。 。 [大型技术公司]在几乎没有人权的地区开展业务,当私营部门在设计,构建甚至运营数字福利国家的重要部分中发挥领导作用时,这尤其成问题。
We share this concern, and provide suggestions for a better way forward.
我们对此表示关注,并提出了更好的前进方向的建议。
Pitfalls to avoid
要避免的陷阱
Several governments have shifted data protection priorities in response to COVID-19. The Thai government delayed the launch of its personal data protection regulations for a year, and UK data protection authorities paused important investigations into violations of the law. In contrast, the Nigerian government accelerated their strategies, now requiring all public institutions to digitize all public databases within 60 days. The new risks introduced by these decisions affirm why we cannot strictly rely on general data protection and privacy laws to mitigate the risks posed by new and emerging technologies. They also emphasize the importance of laws that foresee potential risks and track the arc of technological evolution to build in protections that will outlast this moment in history. Case law suggests that we need not always reinvent the wheel to provide adequate safeguards in the face of new forms of digitization, including social payments. Some recent examples include:
为了响应COVID-19,一些政府已经改变了数据保护的优先顺序。 泰国政府将其个人数据保护法规的发布推迟了一年,英国数据保护部门暂停了对违法行为的重要调查 。 相反, 尼日利亚政府加快了其战略,现在要求所有公共机构在60天内将所有公共数据库数字化。 这些决定带来的新风险肯定了为什么我们不能严格依靠通用数据保护和隐私法来减轻新兴技术带来的风险。 他们还强调了预见潜在风险并跟踪技术发展弧线的法律的重要性,以建立将在历史上这一刻延续的保护措施。 判例法表明,面对新的数字化形式,包括社会支付,我们不必总是重新发明轮子以提供足够的保障。 最近的一些例子包括:
The Court of the Hague recently ruled that the use of an automated fraud detection system known as System Risk Indication (“SyRI”) to enforce welfare benefits constituted an unjustified interference with the right to privacy. The court found that SyRI’s broad application and lack of transparency went beyond what was necessary or proportionate for the intended purpose of fraud detection, violating the fundamental international human rights law principles of necessity and proportionality. This ruling speaks to the potential strength of established human rights laws and fundamental principles to provide safeguards against rapidly emerging technologies.
海牙法院最近裁定使用称为系统风险指示的自动欺诈检测系统 (“ SyRI”)强制执行福利,是对隐私权的无理干涉。 法院认为,SyRI的广泛应用和缺乏透明度超出了欺诈检测的预期目的所必需或相称的范围,违反了国际人权法的基本原则,即必要性和相称性。 该裁决充分体现了已确立的人权法和基本原则的潜在实力,可以为快速发展的技术提供保障。
Last year, the Irish Data Protection Commissioner found that the widespread use of the Department of Employment Affairs and Social Protection’s Public Services Card (PSC) violated European data protection law. The commissioner determined that mandating the use of the PSC, or processing data from it, by any public or private entities other than the issuing Department, had no basis in law. The Commissioner further determined that the PSC, issued for a narrow social purpose, cannot be used by the private sector for age verification or similar purposes. The PSC example demonstrates the need to establish a clear, lawful basis for collecting personal data in social protection programs, and to further limit additional uses or purposes of that data collection.
去年, 爱尔兰数据保护专员发现,就业事务和社会保护部的公共服务卡(PSC)的广泛使用违反了欧洲数据保护法。 专员认为,发行部门以外的任何公共或私人实体强制使用PSC或处理PSC的数据均没有法律依据。 专员进一步确定,出于狭义的社会目的而发布的PSC,私人部门不能将其用于年龄验证或类似目的。 PSC的示例表明,有必要建立明确,合法的基础来收集社会保护计划中的个人数据,并进一步限制该数据收集的其他用途或目的。
In 2018, India’s Supreme Court upheld the constitutionality of the Aadhaar biometric identity system but struck down the ability for commercial actors to require Aadhaar-based authentication for uses like opening a banking or mobile phone account. Though subsequently challenged, this ruling set an important precedent for limiting private sector uses of data harvested in public social protection schemes.
2018年, 印度最高法院维持了Aadhaar生物识别系统的合宪性,但取消了商业行为者要求基于Aadhaar进行身份验证的能力,以用于开设银行或手机账户等用途。 尽管此后受到了挑战,但该裁决为限制私营部门对公共社会保护计划中收集的数据的使用开创了重要的先例。
Pathways to social payment programs that respect people’s rights
尊重人民权利的社会支付计划的途径
Data protection should be enshrined into law and establish clear rules for data sharing between government agencies and other public-sector stakeholders. These rules should explicitly prohibit the sharing or sale of participants’ personal data with private companies. Any digital social payment program should:
应当将数据保护纳入法律,并为政府机构与其他公共部门利益相关者之间的数据共享制定明确的规则。 这些规则应明确禁止与私人公司共享或出售参与者的个人数据。 任何数字社会支付计划应:
- Contain grievance and redress mechanisms for payment recipients, as they often are not in a position of political power to challenge government decisions. Moreover, the lawful basis for their participation in these programs, typically consent, is often dubious. 包含针对收款人的申诉和补救机制,因为他们通常没有政治权力挑战政府的决定。 此外,他们参与这些计划的法律依据(通常是同意)通常令人怀疑。
- Mandate disclosures on the use of data and facilitate individual rights with respect to those uses, recognizing that meaningful consent is often not possible. Payment recipients often have little choice but to provide their data in exchange for desperately needed benefits. Informed consent may also prove challenging if legal terms and conditions of enrolling in such programs are unclear, especially when no alternatives are available. 承认关于数据使用的公开要求,并促进与这些使用有关的个人权利,认识到通常不可能达成有意义的同意。 付款接收者通常别无选择,只能提供他们的数据以换取急需的利益。 如果不清楚参加此类计划的法律条款和条件,尤其是在没有其他选择的情况下,知情同意也可能会带来挑战。
Make non-digital alternatives available to recipients and recognize that digitizing social payments may raise significant concerns about social control and stigmatization. There is no meaningful choice between compulsory digitization or exclusion.
向接收者提供非数字替代方案,并认识到数字化社会支付可能会引起对社会控制和污名化的重大担忧。 在强制数字化或排除之间没有有意义的选择。
Be mindful of the risk of private sector leakages in public sector social protection programs, particularly through functions that are outsourced to private companies. Recent examples of outsourcing include the use of electronic payment welfare cards in Australia, New Zealand, and South Africa.
注意公共部门社会保护计划中私营部门泄漏的风险,特别是通过外包给私营公司的职能。 最近的外包示例包括在澳大利亚 , 新西兰和南非使用电子支付福利卡。
Consider if there is an opportunity to delink SIM registration from national ID programs in certain settings to mitigate the risks of surveillance humanitarianism. Additionally, clear sunset clauses and data deletion requirements must be included into authorizing legislation.
考虑在某些情况下是否有机会使SIM卡注册与国家ID程序脱钩,以减轻监视人道主义的风险。 此外,授权立法中必须包括明确的日落条款和数据删除要求。
- Plan for post-crisis audits to assess how data was actually used and restrict any uses that were justified in the short-term but are unnecessary in the long-term. In these instances, it is critical to ensure the interests and fundamental rights of the individual data subject. 计划进行危机后审计,以评估数据的实际使用方式,并限制短期内合理但长期内不必要的任何使用。 在这些情况下,确保单个数据主体的利益和基本权利至关重要。
The role of technology and enhanced digital infrastructure in social payments should be to meet the immediate needs of recipients and serve as a platform for emergency support; not to further entrench the welfare surveillance state and curtail the fundamental rights of those in need of economic support.
技术和增强的数字基础设施在社会支付中的作用应是满足接收者的迫切需求,并作为紧急支持的平台; 不要进一步巩固福利监督国,减少需要经济支持者的基本权利。
This post is the second in a blog series on the pitfalls and pathways in the global data protection landscape and an exploration of how technology continues to evolve faster than the laws and norms that govern it. You can find the initial post here.
这篇文章是有关全球数据保护领域的陷阱和途径的博客系列的第二篇,探讨 技术 如何 以比其管辖的法律和规范更快的速度发展。 您可以在 此处 找到初始帖子 。
大数据学习途径
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
