It’s not the year 2050 and it’s not a dystopian science fiction or music video (youtube) from 1985, but reality. The Norwegian statistics office SSB wants to oblige the largest operator of card payment terminals, Nets, to provide it with all the data on payments processed through the terminals. They include names, addresses, purchase dates and prices of the individual products.
In addition, the four largest grocery chains are to be obliged to hand over the cash register receipts to the government statisticians, which show which products the respective citizens have bought.
Peter Imanuelsen, who lives in Norway, first wrote about it in English on 2 June. I could not find another report. I could not believe it. So, with the help of a translate.com, I made a translation of the statistical authority’s cost and benefit estimate, which explains what they are planning and what it is supposed to be good for.
And it is indeed true. Imanuelsen’s report is not exaggerated.
Nets terminals handle 80% of digital payments in Norwegian supermarkets. The statisticians want to collect, combine, archive and analyse millions of receipts every day and over a billion payment transactions every year.
The statisticians are aware that the project is very invasive of Norwegians’ privacy, but they say it is only for statistical purposes and that the statisticians are trustworthy and used to handling sensitive data securely. And that the law forbids using the data for any other purpose than statistical. This is supposed to gives citizen the guarantee that this will not happen. (At least until the relevant laws are changed.)
However, the statisticians do not mention anything about a deletion of the data at some point, which makes a Norwegian media report credible that the data will be saved permanently. Data security measures are only described in very general terms. There is no explicit mention of a requirement that the data must not be hosted or processed by American companies, because otherwise, according to CLOUD law, the secret services of the USA would have access to it. The idea is not outlandish, as the German Federal Statistical Office is hosting the 2022 census data at Cloudflare, a US company.
The government wants to know who eats and drinks what…
One of the main stated purposes for this frightening form of data collection is that statisticians want to know better what foods and drinks citizens are consuming. And not just overall, but broken down finely. This way, the state can better assess how healthy or unhealthy its citizens eat and determine which groups it needs to work on if it wants to improve eating habits. Because it is so hard to believe, here is a longer quote from the statisticians’ cost-benefit analysis:
“Statistic Norway will develop and publish new official statistics on the diet of the Norwegian population based on new data sources. (…) The statistics will have a much higher quality and level of detail than before through access to transaction data from Nets in combination with, among other things, receipt data from grocery chains, data on the nutritional content of food and household data from Statistics Norway’s administrative register.
This applies, for example, to statistics showing how the diet of the Norwegian population varies with socio-economic background factors such as income, education and labour market affiliation, and how it varies with demographic and geographical dimensions. It is important to show regional, demographic and social differences in diet, as this is a key dimension in measuring and quantifying the lifestyle habits of the population.
Overall, the statistics will contribute to a much better knowledge base about developments in Norwegian diets, with a higher quality and level of detail than before. This is also in line with what is reflected in the health authorities’ action plans and in a memorandum of understanding between the health authorities and the food industry on healthier diets.”
…and who goes to which doctor and psychiatrist
Because the Nets terminals are also used in the practices of health professionals, government statisticians are also looking forward to being able to improve their health statistics:
“The collection of payment transactions from Nets can also be used for more complete statistics on who uses private health services and what they cost. This can complement existing data sources on self-payment, production and use of private health services such as dental services, medical services, physiotherapy, chiropractic, psychology and laboratory services, among others.”
…and in general who buys what?
But the statisticians do not stop at health and nutrition. Since all purchases can be assigned to individuals down to the product level by merging receipts, payment data and data about the respective housholds, this is also done and the data is stored and analysed. They don’t yet say what wonderful research can be done when they know exactly who buys what. But they and the various ministries will certainly think of some in the course of time.
What could go wrong?
In describing the sensitivity of the data, Statistics Norway is giving a good idea of what could go wrong here:
“(The data) identifies both the cardholder and the account holder and lists all transactions made with the debit card, indicating the time and place of use (e.g. shop). In addition, special categories of personal data may be included in the payment transactions, as the nature of the user’s location may imply, among other things, the account holder’s religion, political opinion, health status, trade union membership or sexual relations.”
According to Imanuelsen’s report, NorgesGruppen, one of the supermarket chains that are to supply the receipts, is protesting against the linkage with payment data and is demanding guidance from the data protection authority. Nets is also criticising the intrusion into customers’ privacy.
The statisticians admit that the customers of the supermarkets and health care providers would not expect to be aware of this detailed processing of their data. But according to them, customers are familiar with the idea of private payment service providers are already doing something similar:
“However, it can be assumed that the data subject knows that the information is registered and is available to banks that offer various online banking services based on this information. Data from BankAxept is also sold to market analysts, but then in an aggregated form that is not personally identifiable.”
Cash as the only way out
If Statistics Norway is able to implement its intention as planned, it means that the organisational foundations will be laid for a comprehensive fine-tuning of citizens’ actions by the government. It may take a while before the data is used for that purpose, but reasons will certainly be found to do it gradually, first here, then there, and always a little more.
This is also very important for us, because the Norwegian government is gaining experience that can then be implemented very quickly in other countries, for example when the next pandemic is declared. We have learned one thing: when a pandemic is declared, everything else must take a back seat to the supposed protection of the health of the population, including and first of all the right to privacy.
Besides the political fight against efforts of this kind and those who push them forward, paying in cash is the most important form of resistance. It will soon be the only way for Norwegians to preserve some privacy.
Update (4. March 2023): Date protection watchdog stops the project
The project of the Norwegian statistics office has been stopped by the official data protection watchdog Datatilsynet due to infringment on privacy.