Mobile users are increasingly aware of the myriad possibilities their phones present. Since the arrival of smartphones, they have been used in a range of ways to help people organise their personal lives – as electronic diaries, maps, cameras and wallets.
Users are now, however, growing accustomed to the potential for their device to play a role in connecting them to the state. As smartphone use evolves beyond daily practicalities and basic transactions, sensitive aspects of our lives such as healthcare or childcare are becoming accessible from the device in our pockets, and users have become correspondingly more wary of their privacy.
Recent news from the Office for National Statistics may, therefore, make uncomfortable reading for some. The ONS revealed earlier this month that it has been investigating a new method of collecting data on commuters in London, by tracking their daily movements through their mobile network usage. The study tracked mobile users across three London boroughs in an attempt to identify their places of work and residence, information which is currently requested through the census. The ONS is exploring alternatives to the current census format in response to a Government aim to make the next census, in 2021, the last to use a paper-based questionnaire.
This has, understandably, prompted concerns over user privacy. Governments collecting data on everything we do on our phones without explicit consent, even where anonymised, run the risk of eroding trust not only in their own efforts but those across the digital identity landscape. This is a crucial time for the future of digital government services, as they attempt to make the transition from scattered pilots to mainstream practice. This year saw for instance implementation of the European Union’s eIDAS Regulation, which places consumer trust at the heart of the European Commission’s drive to enable cross-border identity verification across member states in the years ahead.
There are also questions over whether data resulting from the ONS scheme would even be reliable. The authors of the study acknowledged weaknesses such failure to identify commuters with atypical work patterns, such as shift workers or those on zero-hours contracts; students may also have been “mistakenly inferred as commuters, as their movement behaviour will be similar.” As users increasingly own multiple devices – either for personal use or on behalf of their dependents – mobile data collected in this way is unlikely to give an accurate reflection of the population. The frequency with which devices are lost, stolen, or voluntarily change hands, also limits the viability of simply trawling data with no direct input from the users concerned.
Such a move would not, in fact, even be in keeping with the UK Government’s own legislative trajectory in this area. In August, for instance, plans were announced to tighten regulations over the rights of individuals to control how their personal data is used and grant them rights to withdraw consent or require deletion of personal information. Crucially, the regulations are set to redefine personal data to include information which was not previously subject to stringent controls, such as cookies. The announcement has been widely regarded as a move to remain closely in step with the EU’s incoming General Data Protection Regulation, an acknowledgement that, even as the UK leaves the bloc, it will aim to maintain regulatory equivalency where conducive to cross-border trade and cooperation.
As consumers have become increasingly wary of the use to which their data is put, the trend among those with an interest in handling that data has been towards reassurance; businesses and governments rely on the willing participation of mobile users to ensure the success of schemes going forward, and putting their minds at ease has become of primary concern.
There are surely, therefore, better methods of collecting such information digitally. The Government’s aim for a paperless census is a reasonable one, and mobile networks can likely play a role in bringing it about; it does not, however, require the harvesting of personal data without the knowledge or consent of those to whom it belongs. Mobile network operators have a natural interest in protecting the privacy of their customers. Observance of this, and the unparalleled security credentials which mobile network infrastructure enjoys has yielded a high degree of trust among mobile customers. This is not only something which operators will understandably seek to preserve as a matter of course; it can be an invaluable asset in data collection going forward.
By collaborating with the mobile industry to develop a voluntary means of contributing personal data to the census, the UK Government can take advantage of the security and ubiquity of mobile phones, without undermining consumer faith in digital identity at large. A simple app – authenticated by users using a secure and interoperable identity solution – would surely be preferable to the gathering of flawed data in secret. Perhaps this is an idea to which the ONS may turn its attention next.
By Marie Austenaa, Head of Business Development, Identity, GSMA