Policy Briefing: 6 Principles for Government Data Policies
Governments have a positive duty to ensure the privacy, autonomy and security of their citizens in an increasingly digital world, according to an Internet Society policy briefing that addresses government data policies.
Internet companies have more access to citizens’ personal data than ever before. That includes data about those individuals’ actions, activities, acquaintances, preferences and interests. To assure public trust, these companies -- and policymakers -- need to handle this data more responsibly and respectfully.
Governments have a positive duty to ensure the privacy, autonomy and security of their citizens in an increasingly digital world. This means establishing and enforcing clear rules, leading by example on responsible data handling, and encouraging data handlers to consider the impact of their choices on everyone affected by them.
As data handlers themselves, governments are custodians of often sensitive data about citizens. If people don’t trust online public services, it will not only be costly to provide manual or face-to-face alternatives, but new initiatives like smart cities may fail.
As policymakers and regulators, government actors should support and resource effective regulation and enforcement, apply consumer law on deceptive or unfair practices and business models where necessary, support education and awareness to stimulate consumer demand for data-respectful services, and, especially, ensure that the costs and risks of bad practices are born by organizations, not by individuals.
Looking outward, governments need to set the standard for secure and respectful data use, and to wield their influence as buyers of products and services to influence others to handle data responsibly. Governments can provide incentives for responsible data handling through their own procurement requirements, but also through credible certification schemes, stimulating a market for independent privacy audits, applying penalties for unlawful practices, violations and breaches and allowing insurers to take certification and good practice into account when something goes wrong.
6 Recommendations For Data Handlers
- Be custodians of data, on the individual’s behalf and in their interests.
- Adopt a principle of “no surprises”:
- Provide clear and relevant information to users, with simple controls and minimal collection by default;
- Be transparent about what data you collect, and how you use and share it;
- Do not use personal data out of context, or for purposes the individual would not expect or to which they have not consented;
- Do not use “consent” to excuse bad practice.
- Make ethical considerations explicit in your development process, so that you can show why you made the design and implementation decisions you did.
- Consider how the costs, benefits, risks and impacts of your product or service are spread across all stakeholders, including non-user stakeholders: are you giving rise to risk and cost that will be borne by others?
- Respect the individual’s interests, time and attention.
- Build an operational culture of transparency, fairness and respect:
- In your business/operational plan, include the enabling and sustaining measures to maintain and strengthen that culture.
 This is a principle set out in the Internet Society’s Global Internet Report for 2017 (see the Annex – Additional Resources)
 This reflects an issue identified in the Internet Society’s 2015 Global Internet Report (see the Annex – Additional Resources)
About the Internet Society
Founded by Internet pioneers, the Internet Society is a non-profit organization dedicated to ensuring the open development, evolution and use of the Internet. Working through a global community of chapters and members, the Internet Society collaborates with a broad range of groups to promote the technologies that keep the Internet safe and secure, and advocates for policies that enable universal access. The Internet Society is also the organizational home of the Internet Engineering Task Force (IETF).