Can regulations pave the way for greater freedom of expression? At first glance, it may sound like a contradiction. However, setting clear boundaries empowers people to speak up while being respectful of the opinions of others. This promotes a safe space for all and promotes healthy conversations.
The cornerstone of a democracy comprises of citizens highly engaged in government decision-making. To better engage with their public, governments are increasingly embracing online public engagement platforms. There are numerous cases of successful online public engagement all around the world, from the United States to Canada and Australia, and the numbers keep growing.
When selecting an online platform, it is important to evaluate them based on certain criteria such as –
- Is the platform robust and secure?
- Is it user-friendly?
- Does it meet globally accepted standards for information systems like the ISO 27001?
Once you select a user-friendly and secure platform, the continued success of your communication rests on several factors including –
- Transparency and accuracy of information
- Creating a safe space for all voices to be heard
- Education of citizens about their rights and responsibilities
- Skilled facilitators to increase participation in solving community-related issues and,
- Project successes and milestone progress highlighted on a regular basis
With great power comes great responsibility
In the interest of transparency, your public will need to know how your online engagement platform complies with global data privacy and security regulations.
My recent article, ‘6 Steps to Ensure Data Security While Increasing Your Civic Engagement Online’ covers the importance of incorporating privacy through every stage of the design and development of an information system instead of as an afterthought. This is known as ‘Privacy by Design’ and is one of the key pillars of the European Union’s (EU’s) GDPR (General Data Protection Regulation) that brought data rights discussions to the forefront.
The GDPR intends to standardize data privacy regulation across the EU and grant EU citizens greater rights over their personal data. It came into effect May 25th, 2018 and is applicable to any organization around the world that deals with EU citizen data, irrespective of where the organization or the data is located. While the GDPR applies specifically to EU citizens, it is increasingly being recognised as a global best practice.
Several other countries are in the process of tightening their privacy laws as well. Canada already has two federal laws that govern citizen privacy – the Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA). In short, the Privacy Act governs how federal government institutions handle personal information. The PIPEDA is the federal law for private-sector organizations handling personal information as part of their standard business operations.
To date, the United States does not have an overarching federal law regarding data privacy that covers the entire country. However, certain individual states have initiated legislation around protection of their constituents’ data. Just recently, Colorado’s Governor signed a bill that strengthens data protection measures for consumers. The new law goes into effect September 1st, 2018. California is currently considering a Data Protection Regulation bill inspired by the EU’s GDPR. This may be a trend that other states in the country soon follow.
Governments that demonstrate their commitment to protection of citizen information can facilitate productive discussions and gain trust.
All organizations can benefit from GDPR-compliant platforms whether you handle EU citizen personal data or not. Selecting a GDPR-compliant platform simply means that rigorous security measures have been implemented to protect an individual’s personal information.
Below are six ways you can rely on your GDPR-compliant public engagement platform to protect your community’s information online. Even though the rights listed are only enforceable in the EU according to the GDPR, a GDPR-compliant platform will allow you to protect these rights for all individuals on your engagement platform irrespective of where they live.
1.Right to Information
GDPR-compliant online platforms are required to be transparent. An EU citizen has the right to request organizations that collect and process their personal data to share a free electronic record. This record must provide details of what data has been collected and how it has been used or processed. Organizations must also report any data breaches to law enforcement within 72 hours.
2. Right to Erasure or the Right to be Forgotten
Under GDPR, EU citizens have the right to be forgotten. This means that even if citizens have voluntarily signed up for a certain service, they have the right to change their mind at any time. If an EU citizen requests an organization to erase their data, the organization must delete all related data and confirm the erasure. EU citizens can also request edits to fix incorrect data about themselves and if proved correct, the organization must make the change.
3. Agreements in Plain Language
The GDPR stipulates that all agreements must be provided in plain and simple agreements. This applies to any organization that collects and processes EU citizen data. However, all citizens and governments can benefit from simpler agreements as it helps build trust and increase transparency.
4. Privacy by Design
Privacy by Design is a core requirement of the GDPR. It simply means that data privacy must not be an afterthought. It must be a core principle of a project from end-to-end of its design. All organizations handling personal data of EU citizens will have to track how information is collected and used throughout the organization and mitigate risks to security. GDPR-compliant technology will have undergone a thorough risk analysis and offer greater information security benefits.
5. Privacy by Default
Privacy by Default requires that the default setting for any GDPR-compliant platform is the highest privacy setting. This greatly benefits government public engagement because the goal is to increase community participation on their online platform. Platforms that provide people high security settings for information that could be used to identify them go a long way in building trust.
6. Moderated Discussions
This is a general best practice for public engagement platforms and not a GDPR requirement. It provides governments the ability to facilitate productive and respectful discussions online. Sometimes, the experience in town halls or in-person public forums is that a few loud voices drown the voices of the non-confrontational majority. Facilitated online discussions can ensure more voices can be heard and a greater audience feels heard and engaged.
The right to data privacy is a global issue and any organization, private or public, that takes measures to protect citizen personal data will reap benefits in terms of the level of trust gained. The GDPR aims to protect the rights of EU citizens and provides stringent guidelines for organizations that handle EU citizen personal data. Any platform that complies with the rigorous requirements of the GDPR, will have undergone a thorough evaluation of their internal processes and strengthened their security measures. Therefore, GDPR-complaint platforms can be beneficial for any government looking to engage their citizens online.
Photo: Alex Kotliarskyi/Unsplash