Digital Identities: Privacy – until the doctor comes?
What the pandemic app and Alexa have to do with digital identities
Used correctly, digital identities can make our lives much easier and more secure. However, there is a great deal of distrust of data collections of all kinds, which often results in our not taking advantage of modern technology. Practice has shown, and not just since Corona, that you have to create trust if you want to use centralized data sets effectively.
It is a well-known fact that China can point to successes in combating the pandemic. In the People’s Republic, modern digital technology is used consistently to collect, concentrate, and analyse personal data: Digital identities are linked electronically with tracking data, making it much easier to trace chains of infection.
Infection protection – not at any price
Nevertheless, nobody in this country may take the Far Eastern strategy as a model. The “Chinese model” is a little too strict for us. True to the motto: data that is unavailable in digital form cannot be digitally abused, our health authorities prefer to rely on handwritten contact lists and telephone tracking – a procedure that quickly reaches its limits, however, as the number of infections increases. And the Corona app, complains columnist Patrick Bernau in the FAZ, is “permeated by an almost paranoid data protection”. “The Corona functions do everything possible to ensure that nobody can somehow find out who met whom. The fear that data could fall into the wrong hands seems far greater than the fear of an uncontrolled spread of Covid-19. The “transparent citizen” must be avoided, even at the risk of making life more difficult for us in many areas than it already is in times of pandemic.
However, many contemporaries seem to have far less resentment against getting a little helper called Alexa into their living room – a microphone that transmits voice recordings to an unspecified server in the USA. And when looking for a restaurant, people also willingly entrust Google with their current location and general preferences. After all, our digital identities at Google, Facebook and other companies are practical: server capacity, digital maps, guidance systems and assistants are provided free of charge. At best, we have to pay by looking at advertising that is personalized precisely to our needs.
The benefit-risk principle
The ultimate level of acceptance of digital identities is therefore obviously crucially dependent on the immediate benefits they offer and, above all, how much trust users place in the person who collects, manages and secures them. This applies to democratic states as well as to companies.
It remains to be seen to what extent the almost boundless trust that many of us place in search engines, e-commerce and social networks is justified. Equally justified is the question of why some of us mistrust one of the world’s most stable democracies to such an extent that they do not even want to cooperate with the German government in overcoming the most serious crisis since World War II.
It remains to be noted, however: Google, Facebook and Co. are not exactly the guardians of data protection – but they do at least tell us in advance exactly what they want to use our data for: We should be encouraged to consume. Whether do we do this then remains our final decision. The police, on the other hand, often decide in our favor: personal data that we have actually stored for contact tracing and pandemic control are, once they are there, also used to pursue petty criminals.
Clear concepts instead of retained data
Who collects and bunkers data according to the squirrel principle – freely after the foreign exchange: In the future we will certainly think of great second and third utilization possibilities – that should not be surprised about lacking acceptance. Away from the black box, towards transparent data protection, that is the advice we give our customers when it comes to digital identity.
Of course, first of all the data stock, the data centre must be secured against external attacks. This includes firewalls, encryption, multi-factor authentication and employee training to prevent spear-phishing.
What we experience again and again in our daily work: Protection from hackers is important – but at least as important for the acceptance of digital identities in the company is a clear data collection and evaluation concept that is communicated seamlessly from the outset. What personal information is collected? What will the collected data be used for? Who receives which access rights? These three simple questions must be clarified in advance, together with the works council and the workforce. Compliance with legal data protection regulations as well as internal company rules must be enforced according to the role principle and it must be possible to verify them at any time. Secondary evaluations without prior consultation are taboo. However, it is important to make clear what advantages the system brings – for the company as well as for the employees. Greater security, simpler processes and more efficient administration are arguments that everyone is open to – if they know that their data is being used responsibly.
Trust is based on information and reliability, and this is especially true for digital identities.
