Platforms for personal oversight
A central tenant of the privacy-and-security-by design approach and international principles for privacy and data protection is that individuals have the right to access and correct their data, and to monitor how it is being used by governments and third parties (and to hold these actors accountable for misuse). In addition, these standards require general openness and transparency regarding the policies and practices related to personal data management, which should be readily available and accessible to individuals.
One way to implement personal oversight of data use is to create a platform or portal (e.g., accessible through the internet, smartphone apps, USSD, and call centers) where individuals can log-in and view their personal information and records of who has accessed their data, when, and why. As shown in Box 22, this is one of the strategies that Estonia uses, in combination with other features—such as tamper-proof logs—to protect privacy and ensure compliance with data protection laws. India also has a portal where residents can view a record of authentications using their Aadhaar number. Such portals can be an important part of empowering individuals to have control over their data.
At the same time, platforms that require internet access may be exclusionary for individuals in low-connectivity areas or those with low levels of digital literacy. Thus, practitioners should ensure that people have access to other procedures (e.g., at physical offices) and grievance redress mechanisms to view and correct errors in their data and oversee who has used it, and for what purpose. In India, for example, notification via email every time an Aadhaar number is used for authentication addresses some of these exclusion concerns.
Box 22. Estonia’s citizen portal
Estonia’s citizen portal (eesti.ee) provides residents with a number of tools to oversee and control their data. First, it allows users to see who has access their data via the Personal Data Usage Monitor that logs all transactions containing personal data (see Box 23). A resident can check these logs for any unauthorized usage of their data, and then contest any unsanctioned access.
Second, it gives users the ability to control which data is shared with whom. With health services, for example, patients can view all their electronic health records (EHRs) through the Estonian eHealth Patient Portal, by using their digital ID to authenticate their identity. By default, medical specialists can access data, but any patient can choose to deny access to care providers, including their general practitioner or family physician. Other users, such as pharmacists and insurance agents, can get access to a patient’s medical records, but only with the patient’s explicit knowledge and consent. All data access requests within the system are recorded, and patients can access this record on request.
These technical oversight mechanisms are complemented by Estonian data protection laws, which stipulate heavy penalties for unauthorized access to data. There have been reported cases of punishment of law enforcement officer for unauthorized data access for personal gains. A dedicated data protection authority handles grievances and complaints.