Terry Gerton Gartner’s just done a new survey that’s very interesting around how citizens perceive how they should share data with the government. Give us a little bit of background on why you did the survey.
Mike Shevlin We’re always looking at, and talk to people about, doing some “voice of the customer,” those kinds of things as [government agencies] do development. This was an opportunity for us to get a fairly large sample voice-of-the-customer response around some of the things we see driving digital services.
Terry Gerton There’s some pretty interesting data that comes out of this. It says 61% of citizens rank secure data handling as extremely important, but only 41% trust the government to protect their personal information. What’s driving that gap?
Mike Shevlin To some extent, we have to separate trust in government with the security pieces. You know, if we looked strictly at the, “do citizens expect us to secure their data?” You know, that’s up in the 90% range. So we’re really looking at something a little bit different with this. We’re looking at, and I think one of the big points that came out of the survey, is citizens’ trust in how government is using their data. To think of this, you have to think about kind of the big data. So big data is all about taking a particular dataset and then enriching it with data from other datasets. And as a result, you can form some pretty interesting pictures about people. One of the things that jumps to mind for me, and again, more on the state and local level, is automated license plate readers. What can government learn about citizens through the use of automated license plates readers? Well, you know, it depends on how we use them, right? So if we’re using it and we’re keeping that data in perpetuity, we can probably get a pretty good track on where you are, where you’ve been, the places that you visit. But that’s something that citizens are, of course, concerned about their privacy on. So I think that the drop is not between, are you doing the right things to secure my data while you’re using it, but more about, okay, are you using it for the right purposes? How do I know that? How do you explain it to me?
Terry Gerton It seems to me like the average person probably trusts their search engine more than they trust the government to keep that kind of data separate and secure. But this is really important as the government tries to deliver easier front-facing interfaces for folks, especially consumers of human services programs like SNAP and homeless assistance and those kinds of things. So how important is transparency in this government use of data? And how can the government meet that expectation while still perhaps being able to enrich this data to make the consumer experience even easier?
Mike Shevlin When I come into a service, I want you to know who I am. I want to know that you’re providing me a particular service, that it’s customized. You know, you mentioned the search engine. Does Google or Amazon know you very well? Yeah, I’d say they probably know you better than the government knows you. So my expectation is partly driven out of my experience with the private sector. But at the same time, particularly since all the craze around generative AI, citizens are now much more aware of what else data can do, and as a result, they’re looking for much more control around their own privacy. If you look at, for example in Europe with the GDPR, they’ve got some semblance of control. I can opt out. I can have my data removed. The U.S. has an awful lot of privacy legislation, but nothing as overarching as that. We’ve got HIPAA. We’ve got protections around personally identifiable information. But we don’t have something as overarching as that in Spain. In Spain, if I deal with the government, I can say yes, I only want this one agency to use my data and I don’t want it going anywhere else. We don’t have that in the U.S. I think it’s something that is an opportunity for government digital services to begin to make some promises to citizens and then fulfill those promises or prove that they’re fulfilling those promises.
Terry Gerton I’m speaking with Mike Shevlin. He’s senior director analyst at Gartner Research. Well, Mike, you introduced AI to the conversation, so I’m going to grab that and privacy. How does AI complicate trust and what role does explainable AI play here, in terms of building citizen trust that their privacy will be protected?
Mike Shevlin I think AI complicates trust in part from generative AI and in part from our kind of mistrust in computers as a whole, as entities, as we start to see these things become more human-like. And that’s really, I think, the big thing that generative AI did to us — now we can talk to a computer and get a result. The importance of the explainable AI is because what we’ve seen is these answers aren’t right from generative AI. But that’s not what it’s built for. It’s built to make something that sounds like a human. I think the explainable AI part is particularly important for government because I want to know as a citizen, if you’re using my data, if you’re then running it through an AI model and coming back with a result that affects my life, my liberty, my prosperity, how do I know that that was the right answer? And that’s where the explainable AI pieces really come into play. Generative AI is not going to do that, at least not right now, they’re working on it. But it’s not, because it builds its decision tree as it evaluates the question, unlike some of the more traditional AI models, the machine learning or graph AI, where those decision trees are pre-built. So it’s much easier to follow back through and say, this is why we got the answer we did. You can’t really do that right now with gen AI.
Terry Gerton We’re talking to folks in federal agencies every day who are looking for ways to deploy AI, to streamline their backlogs, to integrate considerations, to flag applications where there may be actions that need to be taken, or pass through others that look like they’re clear. From the government’s perspective, how much of that needs to be explained or disclosed to citizens?
Mike Shevlin That’s one of the things I really like about the GDPR: It lays out some pretty simple rules around what’s the risk level associated with this. So for example, if the government is using AI to summarize a document, but then someone is reviewing that summary and making a decision on it, I have less concern than I have if that summary becomes the decision. So I think that’s the piece to really focus on as we look at this and some of the opportunities. Gartner recommends combining AI models, and this will become even more important as we move into the next era of agentic AI or AI agents, because now we’re really going to start having the machines do things for us. And I think that explainability becomes really appropriate.
Terry Gerton What does this mean for contractors who are building these digital services? How can they think about security certifications or transparency features as they’re putting these new tools together?
Mike Shevlin The transparency features are incumbent upon government to ask for. The security pieces, you know, we’ve got FedRAMP, we got some of the other pieces. But if you look at the executive orders on AI, transparency and explainability are one of the pillars that are in those executive orders. So, certainly, government entities should be asking for some of those things. I’m pulling from some law enforcement examples, because that’s usually my specific area of focus. But when I look at some of the Drone as a First Responder programs, and I think it was San Francisco that just released their “here’s all the drone flights that we did, here’s why we did them,” so that people can understand: Hey, yeah, this is some AI that’s involved in this, this is some remote gathering, but here’s what we did and why. And that kind of an audit into the system is huge for citizen confidence. I think those are the kinds of things that government should be thinking about and asking for in their solicitations. How do we prove to citizens that we’re really doing the right thing? How can we show them that if we say we’re going to delete this data after 30 days, we’re actually doing that?
Terry Gerton So Mike, what’s your big takeaway from the survey results that you would want to make sure that federal agencies keep in mind as they go into 2026 and they’re really moving forward in these customer-facing services?
Mike Shevlin So my big takeaway is absolutely around transparency. There’s a lot to be said for efficiency, there’s lot to be said for personalization. But I think the biggest thing that came from this survey for me was, we all know security is important. We’ve known that for a long time. Several administrations have talked about it as a big factor. And we have policies and standards around that. But the transparency pieces, I think, we’re starting to get into that. We need to get in to that a little faster. I think that’s probably one of the quickest wins for government if we can do that.
Login
