Even a whole year after GDPR’s implementation, there’s still a lot of confusion regarding how emergency services can properly operate under it. But despite these early difficulties, there’s actually a way for emergency services to do their jobs and comply with GDPR — and even become better at saving lives because of it.
What’s the problem?
Representatives of emergency services in Europe and beyond gathered last month at the EENA conference in Dubrovnik, Croatia, where GDPR frequently popped up. Judging by the general tone and questions of attendees, it’s clear there’s still some confusion regarding the new law. Emergency services have always been attentive when it comes to securing personal information, but just like any other field, there’s recently been a bigger push to use the data they can gather to improve services. In order to do that, emergency services need to team up with various startups and organizations, and that’s where it gets trickier to adhere to GDPR. Merav Griguer, a partner at law firm Bird & Bird and an expert on GDPR, told TNW the legislation doesn’t impede emergency calls at all, and that it isn’t an obstacle for improving emergency service tech. “It’s difficult, of course, to comply with GDPR, because it’s a change in the culture of handling data. But it’s a change that everybody must go through,” Griguer said. “So what I mean by it not being an obstacle is that you can comply and you can provide innovative emergency services.” This means getting into the concept of encrypting and minimizing data: delete what you don’t need and anonymize what you keep. Adopting a new way of operating to comply with GDPR makes organizations are more aware of the data they have — and by extension, the possibilities it brings.
The byproduct of new data-handling
One of the projects that was complicated by GDPR was the launch of a heart attack-detecting AI for emergency calls. EENA partnered up with AI firm Corti to integrate the promising new technology into emergency services across Europe, but the implementation was slowed down by uncertainties on how to comply to GDPR. Andreas Cleve, CEO of Corti, agreed that GDPR brought about a lot of confusion and hindered the implementation of the heart attack-detecting AI. But in the end, none of the features or data gathering that Corti had planned was banned by GDPR. The real challenge wasn’t to come up with new features allowed under GDPR, it was to get every party working together and to understand the new framework. That’s why Cleve and his team decided to invest their time into creating a GDPR-compliant regimen that could serve as a baseline for all future projects. “As data processors, we need to help emergency services carry the burden of the GDPR liabilities. So we decided, instead of doing one big bulk of the project, we would cut it up in steps and build,” Cleve explained. Cleve points out that many countries already had regulations similar to GDPR, but the novelty it brought was changing the surrounding narrative — echoing Griguer’s point of change in culture. The new law is far from perfect, but it’s made emergency services and their partners actually understand how we should handle data to ensure everyone benefits. “The more they understand the data they have, the more likely they are to use it to improve,” Cleve explains. “They’ll be more likely to get tools to actually correlate that data, which is a big thing for machine learning projects. Data by itself is seldom very interesting, but as soon as you can correlate it, it makes all the difference.” GDPR is bringing the conversation of data and its possibilities to the fore by changing the culture of data handling and the narrative around it. Emergency services have struggled with the new law, but judging by the attendants at the EENA conference, the trend is set to change. Emergency services across Europe and beyond are reorganizing their data and discovering new use cases, using every tool at their disposal to save our lives.