For Team PaperKite, it’s been critical to put privacy first in developing Rippl: an app-based solution for check-in and alerting, to support NZ’s manual contact tracing efforts.
Data that is held by Māori, made by Māori or contains any Māori content or association. This includes Information such as archives, records etc.
We see mass-adoption as vital to success in supporting effective contact tracing. So if solutions like Rippl align with these guidelines, we believe it more likely that more New Zealanders, including Māori, will adopt them, which can help better protect this segment of our community.
I’ve been working with Karaitiana Taiuru (author of the recently published “Treaty of Waitangi/Te Tiriti and Māori Ethics Guidelines for: AI, Algorithms, Data and IOT”) to better understand the guidelines, what they mean for Rippl, and the steps we are striving to take in order to better align.
Here’s an excerpt from Karaitiana’s recently published Treaty Guidelines, which makes it clear why this is so important:
“Māori communities are especially vulnerable to privacy-related risks that come with (for example) the collection and storage of data on individual persons.”
Karaitiana is advising us on this topic. An initial review concluded that the Rippl privacy-first approach meant that many boxes had already been ticked. It also identified six things the PaperKite team will focus on to further improve Rippl’s alignment with Treaty obligations:
- Ensure there is a full disclosure of how exactly all data is used in the app in plain language and making this information available in Māori and other languages.
- State that the company based in Aotearoa is committed to considering tikanga (Māori cultural values), and meeting obligations with Māori as described in the Treaty of Waitangi, in particular the right for Māori to govern their own treasures (in this case, data, within what is a ‘people analytics system’).
- Invite questions and request feedback if anything is found to be unclear or concerning.
- Store all data in Aotearoa – both consumer/user data (stored only on users phones) and all business data (on the Rippl servers).
- Design for cases where there is one phone per (family) group.
- Emphasise the complete control a Rippl user has of their data throughout the data lifecycle. Including the ability to secure the data within the app so others with physical access to the phone can’t see it.
That’s a lot, I’m sure you’ll agree! But we are already well on the way to addressing a number of these areas, thanks to the Rippl’s privacy-first design, and the help and support of some stalwarts of NZ’s tech community.
Special mention here for a local Wellington company who heard what we were doing, and reached out to support us. Catalyst are very generously making their hosting platform Catalyst Cloud available (for the Rippl business registration part of the solution) free of charge! I personally have a long history of working with Catalyst with various hats on at New Zealand Post, Te Papa, and the Service Innovation Lab, so I am super excited that they will be supporting Rippl from now on!
The use of Catalyst Cloud means that all Rippl data will stay in Aotearoa (point #4 above). It also means that registering for Rippl will be significantly faster (the distance to servers is much shorter) and the carbon footprint for Rippl will be much smaller (Abletech shared their thoughts on carbon footprints for digital solutions recently). These are all things which I find personally very important.
Finally, let me finish with a huge thank you to Karaitiana Taiuru. Karaitiana, your guidance and support to date has been amazing, and very gratefully received. We are committed to making Rippl a solution which everyone can trust, and that everyone is comfortable using. In Aotearoa that must very much include the Māori community.