How come a country like Jordan, with its
modest technological capabilities and the total absence of a governmental regulator
specializing in consumer data protection and privacy, is adopting a “Digital
Identities” system ahead of most countries in the world, including the European
Union?
اضافة اعلان
Something is not quite right here, and this
article will attempt to explain why!
For a bit of background, the Ministry of
Digital Economy and Entrepreneurship has recently said it was about to roll out
the national digital IDs system, starting mid-August 2021. This step comes as
part of the Jordan Digital Transformation Strategy, which has gone through
several rounds of “public consultations,” in a country that has little
awareness about digital privacy issues, and no “data-transfer laws” to protect
our data. In terms of the actual authors of the strategy, and according to news
reports, Microsoft was commissioned by the government as the lead consultant
tasked with preparing said strategy, at least in its initial version.
To start with, Microsoft’s involvement in
the strategy should have been balanced out by bringing in an outfit of strong and
independent privacy and cybersecurity consultants from the European Union and
the United States, considering how digital IDs are an extremely new concept. For
more context, one of the first countries known to have adopted the digital ID
system on a national level is India, under its highly controversial and mandatory
“Aadhaar” program, heavily criticized by privacy and human rights groups.
Moreover, the timing is all wrong for rolling
out digital IDs at this point in time.
The following should raise eyebrows; just a
few days ago (on August 5), digital ministers meeting at the G20 in Italy have
discussed for the first time the topic of digital IDs. At the summit, they
issued a “cautious” statement about the importance of digital IDs as a possible
component in governmental transformation.
The cautious tone comes on the heels of a
serious pushback from privacy advocates warning against adopting European,
global or even local versions of the digital IDs concept, without making
privacy a built-in feature.
Interestingly, digital IDs are not even a
discussion in the US at the moment, due to mounting pressure from Congress to
regulate Big Tech. Several bills are on the table right now tackling antitrust
and privacy regulation.
Compared to Jordan, the EU and the US have
better safeguards in terms of privacy laws, or at least institutions
specializing in monitoring digital tracking offences, such as the French
privacy regulator CNIL and the Federal Trade Commission (FTC) in the US.
This takes us back to the question: how
come Jordan is a “pioneer” in this area, when Europe is just starting to
discuss this controversial step?
The answer is obvious; knowledge is power.
Without it, we are nothing more than an easy target, effortlessly convinced to
undertake grand modernistic ideas in the name of transformation!
Falling into uninformed traps and
self-serving commercial agendas is most certainly unavoidable, especially when
our top officials fail to read The New York Times, Forbes, Bloomberg, The
Guardian and EU media on a daily basis to learn about the pressing issues in
the sectors they are locally in charge of. It is also inevitable when lawmakers
follow suit by rarely doing any homework relating to the study of global trends
and contexts to better inform their decisions.
The local media, too, has a role to play in
all of this. Local newspapers have just started publishing sporadic wire-service
articles warning users against accepting new Facebook and WhatsApp terms of
service that violate privacy, with surprise follow-up stories from local
reporters asking readers to convert to alternative privacy-respecting apps like
Signal. We are a little late in the game; global-scrutiny of Facebook has been
around for a few years now in Europe and the US. This said, there is still almost
zero coverage of tech policy news or analysis pertaining to Big Tech
regulation.
You may ask, whose idea is it to create a
centralized system for digital IDs, anyway?
In July 2018, shortly after the
Facebook/Cambridge Analytica scandal rocked the US and the world, the European
parliament live-streamed its 3rd Cambridge Analytica hearing in conjunction
with the European Commission. On that day, then-vice president of public policy
at Facebook, Sir Richard Allan, along with a female member of the European
Parliament, mentioned, for probably the first time ever, the term digital IDs.
Some interpreted this exchange as a signal that
Facebook was lobbying members of the European parliament to make digital identities
a European, if not a universal, standard. Some even argued this would enhance the
social media company’s digital surveillance and tracking capabilities, two
things it has been accused of a lot lately by US Congress representatives and
senators — including Senators Elizabeth Warren, Mark Warner, and Ron Wyden.
For citizens in any country, not just in Jordan,
to create a single digital ID linked to their national identification means enabling
Big Tech companies like Facebook, Google, Amazon, and Microsoft, through their
multiple backdoors and immense tracking capabilities, to link any online
activity to a real person, allowing them to build what privacy advocates call a
“shadow profile.”
This means that with digital IDs in place,
Google would not even need to assign you a Google Analytics ID (which it
currently does) to sell your data to advertisers and to “micro-target” you with
ads. It will now know your real name, national ID number, social security
number, phone number, names of your family members, the school you graduated
from, country of origin, home address, and precise location. Then it will
“profile” you as a user, based on your online activity, harvesting intimate
information about your habits, online shopping sprees, opinions, and biometrics,
including voice and facial recognition data, your thumbprint, and even your
mood swings.
What makes adopting digital IDs a colossal
mistake, at this point in time, boils down to the fact Big Tech companies,
artificial intelligence, and biometrics-harvesting technologies are still under-regulated
in their country of origin, the United States.
Bar a scattered number of state-level laws
(like the California Consumer Privacy Act (CCPA) that gives consumers more
control over the personal information that businesses collect about them), the
United States still has no laws in place to regulate online platforms, data
clouds, digital tax, digital tools, Big Tech, and artificial intelligence “on
the federal level.”
The EU, which has launched the world’s
first data-protection framework in 2018, known as the General Data Protection
Regulation (GDPR), has failed to include any stipulations that regulate the
collection of biometrics data, facial recognition, voice recognition,
artificial intelligence, emotion-reading technologies, and the internet of
things (IoT).
To compensate for this oversight, the EU in
April this year (which is quite recent), released its proposal for regulating artificial
intelligence in Europe, under the leadership of the European Commission’s executive vice-president for a Europe fit for the digital age,
Margrethe Vestager.
All things considered, Jordan may need to
hold its horses and give digital IDs a few more years to simmer, while the US
and Europe sort out all aspects of tech regulation. It will save us all a lot
of headache, especially that once Jordanians’ very specific personal data is
out there on multiple non-Jordanian servers, regrettably, there’s no getting it
back!
Read more Opinions
.jpg)
.jpg)
