DELIVERING GREAT SERVICES WHILE PREVENTING DATA OVER-HARVESTING
By Ania Karzek, Program Director - Target Operating Model (TOM), City of Holdfast Bay
In a digital world, all of us are under pressure to deliver seamless, easy-to-use services that mirror the intuitive, personalised experiences people get from the private sector. Our customers want to minimise time spent interacting with us (unless they choose otherwise), reduce paperwork and not have to re-supply the same information each time they interact with us.
But meeting these expectations must not come at the cost of privacy, which is why the private sector approach of harvesting vast amounts of personal data in order to feed personalisation algorithms is a dangerous methodology for public service organisations to apply.
Data over-harvesting - the excessive or unnecessary collection of personal information - risks eroding public trust, weakening democratic accountability, and increasing vulnerability to data breaches or data misuse.
While governments often collect data with good intentions (for example, streamlining services, anticipating needs, or informing policy) without clear boundaries and purpose limitation, this can quickly cross the line from useful to intrusive. Unlike private businesses, where people can choose whether to engage with them, governments hold unique powers, including enforcement and surveillance. This raises the stakes of the power of personal data. Citizens cannot simply opt out of interacting with their government, so safeguards must be stronger.
Fundamentally, governments do not have a right to have a deep or broad view of citizens’ individual lives. Consider the fact that if you have never had to worry about government overreach, you’re living in a circle of privilege that warrants reflection.
Data minimisation is a core principle of ethical digital government. It means collecting only what is strictly necessary, retaining it for only as long as needed, clearly explaining why it is being gathered and giving people, insofar as is possible, the option of not giving the data and/or the right to have it deleted on request.
For example, how often are forms designed to capture people’s first name, last name, home address, mailing address, email, multiple telephone numbers and sundry other personal data when all that is really needed is their preferred form of address (ie, Jane or Mrs Smith) and one contact method? Or when confirmation of eligibility is required, how often do we collect copies of documents that contain personal data when a yes/no response from a trusted source would be sufficient? How many government engagements force people to register their private information before they’re able to give an opinion on something?
Meeting customer demand for personalisation doesn’t have to mean building a de facto surveillance infrastructure. For example, the design of technologies can prioritise the right to privacy by design:
- Anonymising: Even behavioural data, like what pages someone visits, can be anonymised or aggregated to guide improvements without identifying individuals.
- Edge processing: Some decisions and recommendations can be made locally on a user’s device rather than in central systems. For example, a mobile app might suggest local events based on location permissions stored on the phone, not uploaded to a central server.
- Synthetic data and simulation: Instead of using real personal data to develop new services, governments can test and improve systems using synthetic datasets that mimic real-world behaviour without compromising privacy.
- Just-in-time notices: These give users transparent, contextual information about what data is being collected at the moment it happens, with the ability to deny or accept on a case-by-case basis.
- Interoperability and attribute sharing: Rather than duplicating data across systems, governments can rely on verified attributes from trusted sources. For instance, instead of collecting an individual’s entire identity, a service might simply verify that they are over 18 or a resident of a specific suburb.
Ultimately, trust is the cornerstone of all public services, including digital ones. Remember, the more data you collect, the more you have to protect.
By embracing restraint, transparency, and thoughtful service design, governments can provide smarter, more personalised services without taking more data than they need.
