‘Cyberpunk 2077’ developer CD Projekt Red says ransomware attack may have included employees’ information
Proceed to your nearest (virtual) exit: gaming technology is teaching us how people respond to emergencies
Welcome to E-Estonia, the tiny nation that's leading Europe in digital innovation
Big Brother does “just want to help” – in Estonia, at least. In this small nation of 1.3 million people, citizens have overcome fears of an Orwellian dystopia with ubiquitous surveillance to become a highly digital society.
The government took nearly all its services online in 2003 with the e-Estonia State Portal. The country’s innovative digital governance was not the result of a carefully crafted master plan, it was a pragmatic and cost-efficient response to budget limitations.
It helped that citizens trusted their politicians after Estonia regained independence in 1991. And, in turn, politicians trusted the country’s engineers, who had no commitment to legacy hardware or software systems, to build something new.
This proved to be a winning formula that can now benefit all the European countries.
The once-only principle
With its digital governance, Estonia introduced the “once-only” principle, mandating that the state is not allowed to ask citizens for the same information twice.
In other words, if you give your address or a family member’s name to the census bureau, the health insurance provider will not later ask you for it again. No department of any government agency can make citizens repeat information already stored in their database or that of some other agency.
Tech-savvy former prime minister and current Vice President of the European Commission Andrus Ansip oversaw the transformation.
The once-only principle has been such a big success that, based on Estonia’s common-sense innovation, the EU enacted a digital Once Only Principle and Initiative early this year. It ensures that “citizens and businesses supply certain standard information only once, because public administration offices take action to internally share this data, so that no additional burden falls on citizens and businesses.”
But this by itself does not address the fact that merely asking for information can still be a bother to citizens and business. The once-only principle does not guarantee that the collected data was necessary to request, nor that it will be used to its full potential.
Governments should always be brainstorming, asking themselves, for example, if one government agency needs this information, who else might benefit from it? And beyond need, what insights could we glean from this data?
Financier Vernon Hill introduced an interesting “One to Say YES, Two to Say NO” rule when founding Metro Bank UK: “It takes only one person to make a yes decision, but it requires two people to say no. If you’re going to turn away business, you need a second check for that.”
Imagine how simple and powerful a policy it would be if governments learnt this lesson. What if every bit of information collected from citizens or businesses had to be used for two purposes (at least!) or by two agencies in order to merit requesting it?
The Estonian Tax and Customs Board is, perhaps unexpectedly given the reputation of tax offices, an example of the potential for such a paradigm shift. In 2014, it launched a new strategy to address tax fraud, requiring every business transaction of over €1,000 to be declared monthly by the entities involved.
To minimise the administrative burden of this, the government introduced an application-programming interface that allows information to be automatically exchanged between the company’s accounting software and the state’s tax system.
Though there was some negative push back in the media at the beginning by companies and former president Toomas Hendrik Ilves even vetoed the initial version of the act, the system was a spectacular success. Estonia surpassed its original estimate of €30 million in reduced tax fraud by more than twice.
Latvia, Spain, Belgium, Romania, Hungary and several others have taken a similar path for controlling and detecting tax fraud. But analysing this data beyond fraud is where the real potential is hidden.
Analytics and predictive models
Big data, analytics and predictive models will play the main role in the next wave of e-government innovation. For example, if single-transaction information puzzle pieces are put together to form a map of the broader national business context, it might be possible to understand the kind of complex interdependencies between companies visualised below.
Example of complex network of business transaction data, collected by Estonian Tax Office from 2014.
But this also raises an interesting question: could a national government use this same digital tracking system to glean insights about the economy’s health and general economic trends?
Visualization of interdependencies between sectors in Estonia.
The Estonian Tax and Customs Board seems to be moving in this direction. Its 2020 Strategic Plan (in Estonian here) demonstrates a shift in mindset, from tasking itself solely with controlling and punishing people to envisioning giving advice to taxpayers.
Might tax offices be transformed into management consultancy-type agencies that advise companies on how to capture growth in related sectors, mitigate risk from peers’ bankruptcies or improve profits – all based on analysis of the vast amount of data it has collected?
Currently, dozens of people collect, analyse and clean such data about the business sector, but it’s possible this job could be done automatically using tax data. In this scenario, taxes could be considered a service fee paid in exchange for valuable business insights.
The key problem with Estonia’s great idea is privacy. It’s easy to imagine that giving industry-specific advice (or advice spanning several industries) based on business-transaction data might break the trust of the companies being monitored.
Indeed, one of the core founding principles of OECD Guidelines on the Protection of Privacy is that data should only be used for the purpose stated and not for any other reasons. So-called “purpose limitation” has since made its way into most modern data protection acts, including to EU data protection rules.
But as the “ask information only once, but use at least twice” idea demonstrates, data not only can and should be used for more than its original purpose, it should never be processed solely for a single aim. Some legal experts agree, stipulating that “within carefully balanced limits” data may be used for purposes beyond its original intent.
An innovative, visionary tax office that serves, rather than controls, society’s business sector is a big ask. But if any country can do it, e-Estonia can.
Innar Liiv does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond the academic appointment above.