I came across the neologism of “de-identification” last week, when I was completing a project on basic education. The project – Data Driven Districts – is sponsored by the Michael and Susan Dell Foundation and is working with the Department of Basic Education in South Africa to see how reliable information about learner attainment across the school system can be used to improve chronically poor performance in key areas such as languages and mathematics.
Freedom of access to information is a key principle of South Africa’s 1996 Constitution and runs through all subsequent legislation and policies. But the measures for the protection of privacy that were included in legislation passed fifteen or so years ago have been overtaken by the digital revolution. In common with many other countries, South Africa has now introduced enhanced controls of privacy; the Protection of Personal Information Act of 2013, commonly known as PoPI.
And this is where de-identification becomes important. It is defined as the removal from a record of any field that can connect information to a specific and nameable individual, as well as any information that it is reasonable to think could allow personal identifiers to be retrofitted to a record. Where information has not been de-identified, stringent conditions apply, including a prohibition on processing records without the clear consent of the record’s owner. Where records have been de-identified, PoPI does not apply.
In terms of legislation and regulation of similar type, PoPI contains a strong and reasonable set of requirements. There’s been a lot of fuss and denigration, but this is not surprising given the strength and reach of the commercial interests that want to turn a profit by selling on what they know about us. And, in many cases, they know far far more about us than we imagine possible. We are photographed and tagged many times a day. Our cell phones know where we sleep. Every electronic transaction leaves a digital footprint.
But we also live in one of two worlds.
PoPI protects those of us who have money to buy, or something to steal. Personal information is used to market – relentlessly – goods and services. Cybercrime is focused on purloining virtual assets, including our identities. This is the charmed circle of the virtual world, where the smart phone is a prosthetic and a signifier of identity.
Beyond this charmed circle, the protection of privacy is also important. For many with low incomes and limited assets, the cell phone is the vital bridge to key services, with still-to-be-realized potential for accessible services that will improve the quality of life. But here, de-identification may come with a cost, getting in the way of using digital technologies in new approaches to development and access to key resources.
One of the limitations on the effective provision of essential services and opportunities to low-income communities – and particularly to those who are widely dispersed and away from cities – has been high transaction costs. Digital technologies can reduce these costs, sometimes dramatically. This was apparent in early studies; a good example is the reduction of the supply chain between small-scale farmers and their markets, resulting in improved margins for investment in rural villages.
The same applies today, and includes significant opportunities for providing key information and access to essential services. But the processes and requirements of de-identification may re-impose transaction costs. For those outside the charmed circle, the notional benefits of online privacy may well offset the potential gains from others knowing who you are, and what you need.
Here’s an example. The case for the Basic Income Grant has been widely made, and well-documented projects have shown its viability in mitigating economic marginalization by allowing recipients to invest in the resources essential to overcome poverty traps. In Brazil, the best-known case, receipt of the grant was linked to enrolling children in basic education. In Namibia, trials showed that receipt of a grant could stimulate small-scale and effective farming enterprises. In all cases the high transactional costs of conventional administrative system either make such programmes very expensive to run, or not possible to run at all. And in such projects, efficient access to personal information is a key to success.
So yes – this neologism signals important considerations to counter the abuses of the zitabytes of personal information that can live on forever in the Internet. But these considerations do not necessarily signify that being made anonymous is in a person’s best interests.