I think we went in the wrong direction in terms of public data. It really isn’t in my best interest as a citizen that our public sector can’t use my data to run more effective, spot health issues sooner or perform city planning based on citizen-mobility rather than educated guesses.
I think it’s absolutely the right direction for private companies though. I know, I know, a lot of you are distrustful of government, but I’m Danish and we generally trust our public sector in to an extend that would truly surprise a lot of you.
So with that out of the way, I think it’s a shame that we spend so much public funding burying public data in silos. I think we should absolutely keep citizen data safe, but I think we should also use it and perhaps work to make some of it less sensitive. Because some of it frankly doesn’t have to be sensitive.
In my country we have a social security number. You get it 1-5 minutes after you’re born, and in the olden days, it was used to identify you when you wanted to do things like open a bank account. It’s still used for that to some extend, but in the meantime we’ve created this thing called NemID (soon to be mitID), which is a national 2-factor secure digital identity, that we use to enter online agreements because it turned out that your social security number wasn’t actually safe. We’ve also had leaks and hacks exposing nearly half of the current social security numbers over the past 25 years.
Because a social security number is deemed sensitive by the GDPR, we’re spending hundred of millions on the bureaucracy around it. It’s by far the most reported thing to our national data protection agency, I think almost 80% of the public cases involve it. And it makes no sense.
Why the hell didn’t we make it illegal to use it as an identifying number instead? It would have saved us so much money.
And that’s just one issue with the GDPR. Another is machine learning and data. This is obviously a sensitive area. I don’t personally think we should troll through citizen cases to try and find possible alcoholics. Maybe someday, but society has to deem it morally acceptable first.
I do think we should use citizen data to schedule shifts though. It makes no sense to me, to have 10 nurses and 15 teachers do full time scheduling in a city of 60,000-100,000 citizens when an algorithm can do it instead. But we can’t, because the GDPR prevents us from using data that way.
I like the GDPR, but I think it needs a revision for the modern public sector, and I think we should really ask ourselves what we want with our data.
Do we want to spend trillions on a bureaucracy guarding it, or do we want to demystify some of it and put it to good use, so we can spend the trillions on nurses, teachers and better infrastructure?
I think it would help to state your nationality, European governments range widely in trust levels from west to east, and there are a lot of governments in there. I wouldn't trust the greek government for a second.
[An example: the social security number (which is given to every doctor/pharmacy/etc) contains verbatim the date of birth and sex of the citizen, and this has been deemed lawful]
> the social security number [..] contains verbatim the date of birth and sex (and city of birth) of the citizen
Italy does that, as I understand it is meant to be easier to remember and it was created in a time where thing were very different. I agree that it poses issues now, but at least it makes clear that the code is not supposed to be a password.
Really? Even after they tried to bring in mass surveillance only a couple of months ago? Even when they want to give double prison sentences to people who live in certain areas?
As a foreigner living there you might be less trusting as well. They are constantly changing the rules to make it harder for legal residents to settle.
> I do think we should use citizen data to schedule shifts though. It makes no sense to me, to have 10 nurses and 15 teachers do full time scheduling in a city of 60,000-100,000 citizens when an algorithm can do it instead. But we can’t, because the GDPR prevents us from using data that way.
Making sure the right staff gets to the right citizens at the right time is a massive undertaking. It’s where 60-80% of our staff works. We have something like 1200 teachers out of 7000 employees for instance.
It’s also an area that’s subject to a lot of requires/shared resources. I mean, you have the regular schedule which takes up a lot of time on its own because you need to find replacements when someone is missing. If I get sick, no one really cares that we go a day without an Enterprise Architect, but if a teacher goes sick, multiple classes will need an replacement. Then there is the irregular stuff like rehabilitation, special school events or a range of things.
Basically it’s so complicated that it takes up the time of several full time positions.
It’s not the kind of complicated that’s not solvable by ML though. Our neighbouring municipality did a PoC on it, and I’m not sure how the procured the rights use the data for it (they probably didn’t), and it turned out that they could automate almost all of the planning and scheduling. Humans still had to make decisions, but it would suggest available resources or alternative schedules making the process much smoother.
That’s a lot of nurses and teachers you could actually put to work, nursing or teaching if it works.
It works by knowing what resources are needed though, and in the case of rehabilitation that involves knowing that someone needs anti-suicidal therapy at 10 am at a certain address. Which is extremely sensitive data, that the algorithm isn’t allowed to access under our adoption of the GDPR.
Under the implementation of GDPR, or under derived local rules? Because as far as I understand, humans working on a filing cabinet full of paper can be just as much "data processing" under GDPR as a computer reading a database. If the scheduling person knows "Mr X is sick and needs a replacement scheduled", an algorithm in their place can know that too.
It's certainly something where extra care is required though, and it's easy to see how people in charge go with a rather safe than sorry approach, and extending it into ML poses additional questions.
Our national implementation of the GDPR for the public sector prohibits cross-sectoral access to citizen data.
So while our teachers/nurses could legally use ML for planning as they have a legal right to use the data for planning, our digitisation department can’t build/train/support it and neither can a 3rd party supplier.
Since laws are very open to interpretation, at least until they are tested a few times in the courts, you could interpret them different than us. Which I’m guessing is what our neighbouring municipality is doing. They have the advantage of being 10 times bigger than us though, giving them much more influence, so much in fact, that they may end up paving the way for the rest of us.
> Maybe someday, but society has to deem it morally acceptable first.
Err, please let's not make individual freedom dependent on what society finds morally acceptable.
> I’m European, I trust my government in a way many Americans simply won’t understand.
I am as well, and I don't trust my state + federal government. Not to the extent that it seems common in the US, and in slightly different ways, but I certainly want my government to have as little data on me as possible.
Even if you do trust your current administration, imagine that the most extreme party of whichever political side you consider crazy & generally wrong wins with a landslide next month and has all that stuff available that you figured you can trust your government to have.
All entities make decisions for their own benefit 100% of the time. Where you come out ahead is when their interests coincide with yours.
That works out rather poorly against large governments, because businesses can lose customers by misbehaving, but a government with 55% of the vote doesn't need any more than that and can then do anything they want to the remaining 45% of the people. Especially if they can convince their own supporters that the victims are the villains -- then they can set you on fire and still get re-elected.
Don't assume you know what "for their own benefit" means. It doesn't mean not doing things that benefit society, it means not willingly hitting yourself in the face with a hammer.
People do things to help other people because it builds goodwill and reputation, and because they're a large enough entity that doing something that costs them $5 and makes everyone including them $6 each will still result in a $1 profit, and because of Hofstadter's theory of super-rationality, and because they care what happens to their kids, and a hundred other reasons.
Nobody but an idiot does things that are purely destructive to themselves and everyone around them.
"For their own benefit" means literally what the words say -- something that benefits them. Your wrong assumption is that socially beneficial acts can't benefit individuals. That's something we can argue about, but you don't have to be a self-righteous jerk about everything. That doesn't benefit anybody.
> "For their own benefit" means literally what the words say -- something that benefits them.
You have to admit that "it means not willingly hitting yourself in the face with a hammer." and "Nobody but an idiot does things that are purely destructive to themselves and everyone around them." is not the clearest way of expressing that. "Not actively harming everyone" is not the same as "doing things for your own benefit".
> Your wrong assumption is that socially beneficial acts can't benefit individuals.
That would be a wrong assumption indeed, considering society consists of individuals.
(I'm tempted to write more, but I've already spent more than enough time telling people they're wrong on the internet today)
> That's something we can argue about
Even if we actually disagreed on that point: It looks like there's something about us that means that no, we can't argue.
> but you don't have to be a self-righteous jerk about everything.
That is true. But when I perceive someone as arguing in bad faith, then it's hard to resist – even if they aren't and we're just misunderstanding each other.
When you wrote that you believe that Google does not violate the GDPR, to me it was like arguing that the moon does not exist because it would rip apart the earth. That might be an interesting intellectual exercise but I don't have to analyze your theory to know that it's wrong. The GDPR plainly says that you cannot force your users to consent. Google does. Easy to verify from Europe. Case closed.
I hope that explains why I refused to debate that topic.
I think the issue is with power, not intentions. Microsoft may make selfish decisions 100% of the time, but there's only so much impact they can have. The government has monopoly on violence, implemented through army and law enforcement, and can also make your life painful (or end it) in countless less direct ways - like monetary policies, healthcare policies, welfare policies, etc.
Ultimately, what the government can do is only limited by the country's constitution. Not doing beneficial things doesn't reduce its ability to bad things.
> Microsoft makes decisions for its own benefit 100% of the time.
The nature of decisions is completely different. Microsoft cannot put you in jail, confiscate your property etc. Also, microsoft has outlived a ton of governments who lost the trust of the public.
>I think we went in the wrong direction in terms of public data.
Aren't all the complaints from private companies? You can't use say FB data to do some nice thing for the society because FB will not give it to you even before GDPR , maybe they give you some secret access if you pat them a lot of money. The API access is super limited.
People like to say that, but it does. Each member state has had to adopt the GDPR into their national legal system, it’s true that it’s called various things. In Denmark where I’m from we call it Persondataloven, but for all intends and purposes it’s GDPR.
I think it’s absolutely the right direction for private companies though. I know, I know, a lot of you are distrustful of government, but I’m Danish and we generally trust our public sector in to an extend that would truly surprise a lot of you.
So with that out of the way, I think it’s a shame that we spend so much public funding burying public data in silos. I think we should absolutely keep citizen data safe, but I think we should also use it and perhaps work to make some of it less sensitive. Because some of it frankly doesn’t have to be sensitive.
In my country we have a social security number. You get it 1-5 minutes after you’re born, and in the olden days, it was used to identify you when you wanted to do things like open a bank account. It’s still used for that to some extend, but in the meantime we’ve created this thing called NemID (soon to be mitID), which is a national 2-factor secure digital identity, that we use to enter online agreements because it turned out that your social security number wasn’t actually safe. We’ve also had leaks and hacks exposing nearly half of the current social security numbers over the past 25 years.
Because a social security number is deemed sensitive by the GDPR, we’re spending hundred of millions on the bureaucracy around it. It’s by far the most reported thing to our national data protection agency, I think almost 80% of the public cases involve it. And it makes no sense.
Why the hell didn’t we make it illegal to use it as an identifying number instead? It would have saved us so much money.
And that’s just one issue with the GDPR. Another is machine learning and data. This is obviously a sensitive area. I don’t personally think we should troll through citizen cases to try and find possible alcoholics. Maybe someday, but society has to deem it morally acceptable first.
I do think we should use citizen data to schedule shifts though. It makes no sense to me, to have 10 nurses and 15 teachers do full time scheduling in a city of 60,000-100,000 citizens when an algorithm can do it instead. But we can’t, because the GDPR prevents us from using data that way.
I like the GDPR, but I think it needs a revision for the modern public sector, and I think we should really ask ourselves what we want with our data.
Do we want to spend trillions on a bureaucracy guarding it, or do we want to demystify some of it and put it to good use, so we can spend the trillions on nurses, teachers and better infrastructure?
/disclaimer I work in the public sector.