After purchasing medication, receiving a text message about license cancellation, the public's right to know cannot be absent | Beijing News Quick Review

▲Some netizens claim that after buying medicine, they received a text message from the traffic police department saying it was a “reminder to deregister their driver’s license.” Source: Xinjing Daily archive photo

According to a report by Jimu News, recently, some netizens said that after buying medicine, they received a text message sent by the Xiamen traffic police department in Fujian Province, reminding them to deregister their driver’s license. In a previous video, the netizen revealed that they had purchased the sedative-hypnotic drug zopliclone tablets and the fast-acting heart pill. They confirmed to a reporter that the text message was real; they had also bought sleep-promoting medication, but did not mention whether they had bought the fast-acting heart pill again.

From the report, based on the person’s medical visits and purchasing records, the local traffic police department conducted big-data comparison and analysis, and believed that the netizen may have a disease that could interfere with safe driving. Therefore, the traffic police department required them to stop driving in accordance with the law, and go to the vehicle administration office to handle driver’s license deregistration.

Through big-data comparison and analysis, identifying people whose conditions may interfere with safe driving reflects that the government’s management and law enforcement are moving toward digital intelligence and greater precision. And if this netizen truly has a related disease that affects normal driving and must be avoided under law, then legally reminding them to deregister their driver’s license is also a necessary part of safeguarding public safety.

However, while seeing the positive effects of such preventive policies, relevant parties also need to set boundaries and regulate cross-department data sharing, so as to prevent violations of personal information security under the pretext of safety. At the same time, corresponding rules should be further refined at the public level regarding informed consent, and such practices must not be allowed to become “too popular” or even cross legal boundaries.

After all, China’s Data Security Law clearly stipulates that “when carrying out data processing activities, one shall not impair the lawful rights and interests of individuals or organizations” and that “for state organs to collect and use data for the performance of statutory duties, they shall collect and use data within the scope of their statutory duties and in accordance with the conditions and procedures prescribed by laws and administrative regulations.”

The fundamental issue involved in this case is: how should personal data collected and possessed by various parties be used? In other words, in data exchange among the government, enterprises, and individuals, who owns these data? Who can access these data? For what purposes can these data be used? If these questions remain unresolved, it will inevitably affect people’s willingness to share data, and it will also bring about social panic.

To be frank, the massive amount of data held by government departments has potential value for utilization. If data can be shared across departments, it would further multiply the value of the data. That is why various regions are actively promoting the opening of government data, sharing of government affairs data, and authorized operation of public data, so that these data can play a bigger role. However, data sharing must stay on the safety bottom line, and it must also respect the data rights of the person concerned.

In a case like this, the approach taken by public management departments first involves the question of the boundary for sharing personal medicine-purchase data. Buying medicine is a highly private individual activity. Such fine-grained data is high-sensitivity data, and the data-sharing boundaries must be properly managed in day-to-day public governance.

The question that must be answered in this process is: can medical institutions share an individual’s medicine-purchase records with the traffic police department? Where exactly is the boundary for sharing medicine-purchase records? And during data sharing, do citizens have the right to be informed and the right to veto?

There is no denying that during major infectious disease outbreaks and epidemic prevention and control, carrying out data sharing of purchase records for the purpose of preventing major public health incidents is a lawful and compliant action. But in normal times, whether it is appropriate to share the public’s medicine-purchase records across departments is still open to debate. Otherwise, it could lead to mistaken targeting, and it could also prompt people to evade purchasing medicine.

Many people worry that in public management, excessive squeezing of ordinary people’s privacy space has become an increasingly urgent public issue. Therefore, even if government departments can legally share such data, they still need to provide citizens with necessary relief channels and remedial measures, to avoid “one-size-fits-all” actions that cause needless losses.

This also involves another issue: big data is, to a certain degree, “dirty data,” which needs to be cleaned and organized, and may contain all kinds of biases and noise. If big data is used rashly or relied on excessively to make decisions, that is also not fair. For example, people might be buying medicine on behalf of someone else, and the medication could also be used for other purposes; you cannot make a final judgment based solely on medicine-purchase records.

If the traffic police department obtains an individual’s medicine-purchase records through other departments, it also must conduct careful comparisons. Otherwise, law enforcement that seems “imminent and ready at the touch of a button” may be efficient on the surface, but in fact it carries risks. For example, requiring the person concerned to deregister their driver’s license, with almost no room for discussion in the entire determination process and insufficient flexibility, could also result in the tolerance rate being too low and causing mistaken targeting.

Of course, besides sharing data, public management departments should also promote data deletion or de-identification (fuzzification) to avoid secondary harms caused by outdated data. For example, public security penalty records have already been included in such cases, to prevent long-term storage and widespread sharing from causing permanent harm to the individuals involved.

In short, we live in an increasingly datafied world, but no one wants to become completely and thoroughly transparent. Only by clearly defining the boundaries for data sharing and the rules for use, and by safeguarding the public’s right to be informed, can we jointly protect data security.

By: Ma Liang (Professor, School of Government Management, Peking University)

Editor: Ma Xiaolong

A wealth of information and precise analysis—find it all on the Sina Finance APP