Harnessing commercial data for public good: can it be done, should it be done—and how?
From data partners and layered consent, to digital footprints and algorithmic transparency, contemporary issues surrounding personal data privacy are complex and multifaceted. Critics of big data often point to the corporate accumulation of information about users as potential infringements on their agency and autonomy, but what if there were a context in which data collection could be leveraged in order to support a crucial public good, rather than merely as a marketing tool? Would users be comfortable to share their data in a privacy-respecting way, if this act could benefit society as a whole? What criteria would need to be met for such an arrangement to be viable?
For instance, amidst the ongoing COVID-19 pandemic, if individual data footprints were utilized by public health authorities to conduct fast and precise contact tracing, could some areas under lockdown re-open safely, either partially or in full?
MaRS Discovery District and the Toronto Region Board of Trade (TRBOT) recently approached the Schwartz Reisman Institute with exactly such a thought experiment: a proposed data tool known as the Pandemic Intelligence: Trusted Exchange Network (PI:TEN). PI:TEN is an opt-in system intended to aggregate information from multiple data partners within the testing ground of Toronto’s Financial District Pilot Zone, to enable a safe re-opening for those who live and work in the area. However, the partners behind the project face concerns regarding its value, risks, and feasibility, and its unprecedented scope raises numerous questions around usability and privacy.
“MaRS and TRBOT approached the Schwartz Reisman Institute to convene a Solutions Workshop that could wrestle with the opportunities and challenges associated with PI:TEN,” says SRI Director Gillian K. Hadfield.
“We’ve done this before, for instance in our Solutions Workshop with Diabetes Action Canada last spring. Of course, we were excited to take on the challenge of convening productive, solutions-oriented conversations about a novel tool like PI:TEN—and to play a part in advancing the important conversations about data, privacy, and public good that it raises.”
“I think the variety of experts convened and the incisive findings they brought forth really shows what we can do when we collaborate across sectors and disciplines to find solutions to pressing problems,” says Hadfield.
➦ A new report details the findings of SRI’S PI:TEN Workshop—READ IT HERE.
What is PI:TEN?
Conceived by MaRS and TRBOT as a tool to be rolled out within the Toronto Financial District Pilot Zone in the context of the ongoing pandemic, PI:TEN is a proposed system to allow existing data, collected by different organizations about people’s location and movements in public settings, to be combined and used for contact tracing and exposure notification in a privacy-respecting manner.
As currently envisioned, PI:TEN would offer individuals a choice to opt in to its system, so that the data they already generate through various data providers with their movements—for example, when “tapping on” to public transit, using building access cards, or checking in to businesses with COVID-19 tracing apps—could be put to work for the public good.
As of yet, no data partners have signed on to PI:TEN, and the system faces several uphill challenges regarding functionality, both for individual users—who would need to provide consent at multiple stages—as well as data partners. The project must also consider how it will interface with public health authorities at municipal and provincial levels.
While MaRS and TRBOT note that PI:TEN is far from a “silver bullet” to end lockdowns and the risks associated with COVID-19 transmission, it could support existing methods of contract tracing to generate more effective results. Furthermore, its utility could be helpful beyond the COVID-19 pandemic, in the context of other possible future public health challenges.
What are SRI’s Solutions Workshops?
SRI Solutions Workshops employ a design-thinking lens to curate and stimulate conversations between experts that draw out key insights and troubleshoot efficiently. By first defining problem statements and meaningful challenges, and then turning to explore insights and potential solutions, this method offers a foundation for prototyping new models, overcoming obstacles, and finding answers to persistent questions. Rather than an open-ended brainstorm, Solutions Workshops develop recommendations based on concrete scenarios and carefully curated questions, providing a clearer explanation of the problem and considerations for ways forward.
On March 10-12, 2021, the SRI team convened a three-day virtual Solutions Workshop with 21 participants, including experts in law, computer security, public health, commerce, civil liberties, data analytics, public policy, and digital governance, for a series of guided sessions exploring the utility and challenges associated with the proposed PI:TEN model. The first and third days of the workshop were used for virtual discussions, while an intervening day was used to consolidate emerging issues and questions.
“The aim of this workshop was not only to explore the risks, value, and feasibility of the PI:TEN system,” says Jamison Steeve, SRI’s senior advisor on strategy, policy, and solutions, “but also to explore potential answers to outstanding questions about its design and implementation. We want to move ideas from thought to action.”
Participants rose to the challenge of a virtual workshop with vigour, with discussions facilitated by SRI moderators prompting a wide range of responses. The participants were able to record and share their feedback and ideas in real-time via online collaboration boards, which provided maps of the proposed system with space for intervention, debate, and dialogue.
What emerged from the workshop?
For a full summary of the SRI Solutions Workshop’s findings, please see the new report, “Harnessing commercial data for public good: Design reflections on the Pandemic Intelligence Trusted Exchange Network (PI:TEN).” (PDF)
Among the report’s findings were several key points:
To create a viable system with sufficient user adoption to be effective, ease of use must be prioritized—for individuals, and for organizations who collect and share data. This includes making participation safe, simple, and justified by, for example, streamlining the consent process for users. For data partners, this could mean assisting with drafting terms and conditions, and ensuring that obstacles in data processing are minimized.
To generate data useful to authorities, PI:TEN must engage and successfully collaborate with Toronto Public Health. A thorough consideration of public health’s resources, mandates, responsibilities, and data collection capacities is necessary to ensure that information generated by the system could be shared in a useful way.
Issues of oversight, consent, and de-identification are central to the success of a system like PI:TEN, which must comply with legal frameworks for data collection and use. Among other things, PI:TEN would need to ensure that its “anonymized exposure network graphs” match definitions in existing privacy legislation; it must account for the fact that location-based data is one of the most sensitive forms of data; and it must continually keep in mind that data breach is a significant risk that requires strict oversight and security protocols.
What’s next?
While PI:TEN’s feasibility and path forward remain unclear for now, the concept itself provides inspiration for potential new directions for public policy. Vast amounts of data are already being collected in our daily lives, and whether this data could be used in the service of the public good is an issue that has been under-explored. How might we retain key parts of the PI:TEN model and the lessons learned from its development and possible implementation?
As one workshop participant noted, “This is a piece of infrastructure that we should have, and should have had already. We should look into building this now for the next pandemic.”
“There are live questions about whether we should use private data for the public good. That conversation needs to be elevated and made transparent, and we have to engage the broader public,” says Steeve. “This type of workshop is a good first step, but more needs to be done. It is our hope at SRI that we can play a role in that journey.”
While numerous questions remain, the urgency around these issues was broadly recognized among many workshop participants. Whether it’s Canada’s recent proposed updates to federal privacy legislation (Bill C-11), or the question of whether private corporations should be compelled to share information that can protect the public, the reality is that the collection and use of data in public life is an increasingly central fact of contemporary life, and will increasingly shape our society’s responses to the crises and challenges that lie ahead.