The importance of protecting ‘privacy’ in the age of digital data

On January 28, for the first time, the World Bank Group celebrated Data Privacy Day, which commemorates the 1981 signing of the first legally-binding international treaty dealing with privacy and data protection.

The event was intended to raise awareness within the World Bank Group about the importance of data privacy. It also marked a milestone on our road to operationalizing the new World Bank Group Policy on Personal Data Privacy. Adopted in May 2018, the Privacy Policy will become operational in May 2020.

In today’s digital world, we tend to think of privacy concerns as new, but obviously they’re not. Even though the word ‘privacy’ itself is a relatively new creation—it only took on its modern meaning in the early 1800’s—the idea is as old as history.

In historical times, town fountains in many Arab cities were places to hold private conversations, as the sounds of flowing water would drown out what eavesdroppers could hear. And in the West, because privacy instincts ran counter to the ecclesiastical demands for admission of sins, confessions have long been accorded special legal protections, even when they involved violations of the law—lest the penitent avoid confession to the detriment of his or her soul.

So, the idea that some things should be private and protected isn’t new, nor that privacy must be balanced against other concerns. But what is new, when it comes to privacy, is that the speed of technological change has overwhelmed both our cultural norms and our laws—technology has morphed the meaning of “public information.” In a world of digital data, quantity has a quality all its own. 

Let me give you an example: Imagine you lived in a small town a century ago and one day were walking down Main Street. If your local policeman was standing on the street corner, he might recognize you. You might recognize him. If it were a peaceable day, you might exchange friendly greetings. If, however, you were wanted for a crime, that recognition might prompt his giving chase. An unpleasant situation for you, perhaps, but nothing that today we would consider a violation of privacy. 

How is that substantively different from a small-scale version of today’s facial recognition technology? The difference, of course, is that scale.

Today, computers can recognize everyone in a country in the same manner that your local police officer would recognize a neighbor a century ago. And what was once a police officer on one corner is now that same police officer on every corner. Also, their memory is near infinite and they instantly communicate with all other police officers. Oh, and they also have instant access to the tax records that were once kept in a filing cabinet in a basement below City Hall. And did I mention they’re now occasionally a blabbermouth, willing to share all that information—potentially even with criminals—sometimes without anyone even knowing?

The data collected by various private sector groups is no different. The content is not necessarily new and often consists of what has long been regarded “public information.” But what is new is the volume of data collected and the ability to access and combine it in ways never before practical. Corporations collect enormous amounts of information about people and monetize such data. And not without some risk. Today’s media is often dominated by headlines about privacy and data breaches at well-known companies.

The World Bank Group does not monetize the data it collects, but we do collect and process huge volumes of personal data to carry out our development mandate and to serve our goals of reducing extreme poverty and promoting shared prosperity. The personal data we collect covers a broad range of information from partners, clients, vendors, and other stakeholders for purposes of integrity due diligence, advisory services, environmental and social impact assessments, research, surveys, conferences, and seminars.

So, we are taking action to better manage and protect the information in our possession by focusing on how personal data should be collected, used, stored, and shared. With the adoption of our new Policy on Personal Data Privacy we are demonstrating that we respect personal data privacy. We will implement the policy by looking to balance international best practices with carrying out the World Bank Group’s development mandate.

The World Bank Group is committed to implementing this policy and to addressing the tremendous benefits as well as challenges accompanying this new era of data privacy.