Abstract
Protecting the privacy of citizens is a critical issue in digital government services. The right to privacy is widely recognized as a fundamental human right, as stated in Article 12 of the Universal Declaration of Human Rights (United Nations, 1948). The first definition of privacy was given by American lawyers Warren and Brandeis (1890), who defined it as “the right to be let alone.” However, the right to privacy has been recognized for millenniums. The Hippocratic oath (n.d.) dates back to around 400 B.C. and instructs medical doctors to respect the privacy of their patients. During the last three decades, many countries have passed privacy legislation, the Swedish Data Act from 1973 being the first national privacy act in the world. During the 1970s, many countries adopted data protection acts (Fischer-Hübner, 2001). In 1980, OECD published its privacy guidelines with the purpose of reducing the potential privacy problems incurred by cross-border trade (OECD, 1980). The European Council adopted Directive 95/46/EC in 1995, and all member states are required to implement national privacy legislation in compliance with this directive (European Union (EU) Directive 95/46/EC, 1995). Privacy is under increasing pressure in the digital age, and the introduction of digital government services may escalate this development. The way government has been organized until now, with separate departments with their own “silos” of personal data, has inherently provided some privacy protection. In such a distributed environment data matching is expensive and resource consuming. This form of privacy protection is referred to as “practical obscurity” in Crompton (2004, p.12). Some examples of threats to privacy related to the development of digital government are as follows: • Data collection capabilities increase as new technology for continuous and automatic data collection is introduced. Examples of such technologies include digital video surveillance, biometric identification and radio frequency identification (RFID). • Data processing capabilities are rapidly increasing. The very existence of large amounts of stored personal data, together with the availability of sophisticated tools for analysis, increases the probability for misuse of data. • There is a trend towards integration of formerly separated governmental services, including physical offices. Providing a single point of contact is more user friendly, but it may also provide an attacker with a single point of attack. • Outsourcing of services (e.g., customer relationship management) is increasingly popular both among companies and governmental organizations. Those who deliver such services to many customers have a unique opportunity to gather personal information from many different sources. If services are outsourced across country borders, and perhaps in several layers, responsibilities soon become unclear. • Even if the organization responsible for stored personal information does not have malicious intents, one cannot expect all its employees to be equally trustworthy. Disloyal employees are a severe threat when increasing amounts of information are stored. • Tax records and other public records made available on the Internet enable efficient searches and aggregation of information about individuals. Identity thefts and fraud are common uses of information gathered in this way.