Privacy protection and data challenges
The Detail - A podcast by RNZ
Fears that New Zealanders are losing control of their private information are behind moves to improve data sovereigntyWhen our data is stored in Microsoft or Google's cloud, it's governed by the laws of those American companies. Plans are underway to change thatA ground breaking Māori data sovereignty deal is prompting tech and privacy experts to examine whether or not full data sovereignty is an achievable goal for New Zealand.Te Tumu Paeroa, the Office of Māori Trustee, is in the process of transferring its data from offshore centres to one here in Aotearoa after the group reached a deal with tech giant Microsoft. It's taken years of negotiations to achieve it, but it will ensure the way that data is used and treated is in line with Māori cultural values. The owners of the data, not Microsoft, will hold the keys to the encryption of that information. Dr Karaitiana Taiuru, an AI and data ethicist, says the deal with Microsoft will give the organisation autonomy over the data and ensure New Zealand law and Māori tikanga is front and centre. "From a Te Ao Māori perspective we don't talk about ownership, we talk about guardianship, the kaitiaki of the data. If we talk about facial recognition technology, from a Western perspective that's your personal data but from a Te Ao Māori perspective that's collective. "If I gave an organisation my DNA, that's not just me, that's all of my ancestors, all of my current family and all of my future family's DNA that I am providing," Taiuru says.But he does think there needs to be some discussion to distinguish what data is collective and what is individual."For example, our health data should be our individual data. But then we should have the right to allow others to view our data."But localising data storage doesn't necessarily guarantee that information will be better protected, according to one privacy expert. Gehan Gunasekara, an associate professor in commercial law at the University of Auckland, says we need a better legal regime in this area."I often give Kim Dotcom as an example because people say that keeping the data in New Zealand will protect it, well in that case it didn't. His servers were in New Zealand and Hong Kong and the New Zealand servers were locked down because the FBI requested it, and everyone, including people who were completely innocent suddenly lost all of their photograph albums, their videos, everything," he says.Through his research Gunasekara has found several "serious deficiencies" in Aotearoa's information privacy regulations that show our 2020 Privacy Act needs several updates to optimise data security and consumer privacy. …Go to this episode on rnz.co.nz for more details