Digital Public Infrastructure (DPI) systems can be enablers of access, inclusion, and state capacity. However, digital systems have inherent risks and DPI introduces those risks on a societal scale. Below is an overview of eight core privacy risks in DPI systems, their relevance, and real-world examples of how these risks have materialised.

DPI systems are exposed to varying types and levels of risks. We found in our work that naming concrete risks helps our advocacy. The public debate benefits from clear language and international examples.

<aside> 📌

Very often, our calls for safeguards and stronger regulation were only taken seriously once we could point to risks that lawmakers themselves recognised as needing to be avoided.

</aside>

In this chapter we will focus only on the privacy and technology related risks inherent to most DPI systems. The concrete risks depend not just on the functionality of the system (digital identity, payment or data exchange), but also the technical architecture, the legal framework and the societal context the system operates under.

1. Data Misuse and Function Creep

2. Data Breaches and Poor Security

3. Tracking and Profiling

4. Over Identification