“If something has the capacity to surveil and control, it will surveil and control,” says Renata Avila, the Chief Executive Officer of the Open Knowledge Foundation, during her keynote on ‘DPI and Privacy’ at SLFC.in’s DPI in Conversation event. 

Digital Public Infrastructure (DPI) – digital systems that enable governments to deliver economic and social services – involves “aggressive” data collection, observed Avila. She outlined that despite various laws and safeguards, many systems of identification, payment, and data transfer have been designed for maximum data collection which leads to the question of what will happen to that collected data. 

“In all the years of advocacy about privacy, we will always say that we should engineer systems so they do not collect data that is not essential to their function. That’s not happening in the case of DPI.” 

Activists had fought for non-centralised databases that would only collect necessary data so individuals could still exercise their rights. However, all such ideas seem forgotten now as governments trade away the privacy of vulnerable citizens for efficiency and development. 

By ignoring the learnings of the privacy movement on how to minimise data and meta data to preserve the sovereignty of citizens, governments also seem to be ignoring the political landscape of today where data has become a “strategic asset”. 

“The way technology is configured today is very susceptible of profiling,” said Avila. 

In this way, she identifies two main privacy concerns about DPI: sovereignty and consent. 

The big business of DPI is the cloud, said Avila, as she questioned how sovereignty could be protected if national systems were being operated on clouds provided by commercial foreign cloud players. 

Secondly, she emphasised that consent is “not just a formality”, and that informed consent must be a precondition for any relationship with a powerful actor. 

Such systems – which connect technology to the social and the political – are also impossible to audit. 

“We cannot audit a massive system that is collecting the biometric data of an entire nation. We cannot only audit technologies. We need to audit the whole system of the problem. We need to audit and keep an individual vigilant eye on the politics, the dynamics, the power struggles inside the system, the policies, who’s enforcing the policies and who is blocking the auditability.” 

Avila encouraged the audience to question whether such systems could truly be called “public”. Privacy is not a static checklist as it is ever-evolving in parallel to technological leaps. Therefore, she called on stakeholders to treat privacy as a dynamic process so that rights can be preserved.