[MyData & Open Data] MyData-Open-Data Digest, Vol 6, Issue 2

Reuben Binns rdpbinns at gmail.com
Wed Jul 3 11:01:41 UTC 2013


Hi All,

Sam, great question. I'm guessing it might have been prompted by my talk
last night at the OKF London meetup? It's something I've struggled with and
one of my main worries when talking about this area is that people will get
the wrong impression, exactly as you say. And I agree that some of the
statements from the public sector and others, while usually well-meaning,
have at times unfortunately failed to distinguish between releasing open
data to the public, and releasing personal data to individuals themselves.
My colleague Tim Davies wrote a good blog about the national pupil database
back when the changes were being discussed last year (
http://www.timdavies.org.uk/2012/11/12/opening-the-national-pupil-database/)
which touches on some of the problems you mention.

I think I'd agree with a lot of the contributions so far. The usual
definition of open data states that it is 'non-personal'. As a way to
communicate what open data is about, I like this being in the definition,
because it helps clear up the confusion Sam points to. But it may not
always be true - some open data does contain PII, sometimes even in a
non-anonymised form. Laura's example of sharing your health data under an
open license so other patients or researchers can use it would be one.
Norwegian citizens tax returns or MP's expenses are another. A friend of
mine publishes his weekly email traffic/management data (e.g. total
read/unread, reply rates, etc.) on his website under a CC-BY license so
that other people can see how busy he is, or analyse it to find patterns.
So I can see some cases where 'open personal data' may be appropriate;
where the individual releases their own data under an open license, or
where a democratic decision has been made for certain personal data about
citizens (or MP's!) to be released as open data. But 'open personal data'
should be the exception rather than the default!

That said, we also need to be able to refer to open data *about* the
practices of entities who collect and use personal data. Being able to find
out who is collecting personal data, why, from what kinds of people, is a
starting point for getting a grip on individual privacy. This doesn't
include the personal data itself - just the categories of personal data
collected, classes of data subjects, recipients, transfers, etc. So far I
have been calling this 'open data for privacy', or 'open data about the
collection and use of personal data' amongst other things. I'd love to find
clearer and simpler ways of talking about it though, so any suggestions
would be welcome.


On Wed, Jul 3, 2013 at 9:40 AM, <mydata-open-data-request at lists.okfn.org>wrote:

> Send MyData-Open-Data mailing list submissions to
>         mydata-open-data at lists.okfn.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.okfn.org/mailman/listinfo/mydata-open-data
> or, via email, send a message with subject or body 'help' to
>         mydata-open-data-request at lists.okfn.org
>
> You can reach the person managing the list at
>         mydata-open-data-owner at lists.okfn.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of MyData-Open-Data digest..."
>
>
> Today's Topics:
>
>    1. Re: distinctions between personal and open (Puneet Kishor)
>    2. Re: distinctions between personal and open (Iain Henderson)
>    3. Re: distinctions between personal and open (Andy Turner)
>    4. Re: distinctions between personal and open (Sam Smith)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 2 Jul 2013 17:23:16 -0700
> From: Puneet Kishor <punk.kish at gmail.com>
> Subject: Re: [MyData & Open Data] distinctions between personal and
>         open
> To: Iain Henderson <iainhenderson at mac.com>
> Cc: Sam Smith <s at msmith.net>,   "mydata-open-data at lists.okfn.org"
>         <mydata-open-data at lists.okfn.org>
> Message-ID: <716F6F64-CB18-448B-870C-D2B2710FE4B3 at gmail.com>
> Content-Type: text/plain; charset="us-ascii"
>
> What about my data that *I* collected but *they* helped collect?
>
> For example, the fitbit on my hip is owned by me, powered by me, and logs
> undeniably only information about me. But, the only way I can see that data
> is through a fitbit owned app  provided to me, the said app uploading that
> data to fitbit's web site, and that data available to me to download only
> if I sign up for a premium account. What category would that data be?
>
>
>
> --
> Puneet Kishor
> Policy Coordinator for Science and Data
> Creative Commons
>
> On Jul 2, 2013, at 1:31 PM, Iain Henderson <iainhenderson at mac.com> wrote:
>
> > Hi Sam, one approach that has worked for me before is to set out 5 types
> of data that exist around an individual in simple terms that people can
> engage with, and point to the more detailed articulation for those that
> want it.
> >
> > The simple version is:
> >
> > My data - undeniable mine, I create it and manage it
> >
> > Your data - your data about me ('you' typically equalling a supplier,
> but also applies to peers)
> >
> > Our data - the data we co-create (and both technically have rights to
> and a copy of)
> >
> > Their data - entities that have data about me without having a
> relationship with me (credit bureau, ad networks etc)
> >
> > Everybody's data - what would typically be seen as 'open data'.
> >
> > The more detailed version is here. That's a few years old and could use
> an update but I think the core logic remains correct.
> >
> > Of course BIS and ODI have confused that logic using the term 'midata'
> for what I would describe as 'our data'. No matter, it's a well meaning
> effort.
> >
> > Hope that helps.
> >
> > Cheers
> >
> > Iain
> >
> >
> >
> >
> > On 2 Jul 2013, at 20:32, Sam Smith <s at msmith.net> wrote:
> >
> >> Hey all,
> >>
> >> Has anyone seen a good discussion on how to talk about personal data
> (midata esque) at an open data type event, in a way which doesn't confuse
> the audience into believing that the speaker is suggesting that personal
> data should be OGL licensed...
> >>
> >>
> >> It's a hard problem. Even HSCIC (talking about every person's GP health
> records) and ODI have got this wrong...
> >>
> >
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.okfn.org/pipermail/mydata-open-data/attachments/20130702/2d9756f7/attachment-0001.htm
> >
>
> ------------------------------
>
> Message: 2
> Date: Wed, 03 Jul 2013 01:36:16 +0100
> From: Iain Henderson <iainhenderson at mac.com>
> Subject: Re: [MyData & Open Data] distinctions between personal and
>         open
> To: Puneet Kishor <punk.kish at gmail.com>
> Cc: Sam Smith <s at msmith.net>,   "mydata-open-data at lists.okfn.org"
>         <mydata-open-data at lists.okfn.org>
> Message-ID: <79749564-BABC-46AF-9666-AA499D63B21D at mac.com>
> Content-Type: text/plain; charset=us-ascii
>
> In that categorisation that would premium account would be Our data, i.e.
> co-created and accessible to both. The standard account data would be 'your
> data', i.e. FitBit Co. It is specifically not My Data, even though I
> generated it. If I could hack into the Fitbit and extract it, that
> extracted bit would be My Data (albeit technically gathered in breach of
> contract).
>
> There are choices that can be made around some edge cases, but they way I
> see it the defining characteristic that aids categorisations is 'whose
> terms and conditions does it live behind?'
>
> Make sense?
>
> Iain
>
>
>
> On 3 Jul 2013, at 01:23, Puneet Kishor <punk.kish at gmail.com> wrote:
>
> > What about my data that *I* collected but *they* helped collect?
> >
> > For example, the fitbit on my hip is owned by me, powered by me, and
> logs undeniably only information about me. But, the only way I can see that
> data is through a fitbit owned app  provided to me, the said app uploading
> that data to fitbit's web site, and that data available to me to download
> only if I sign up for a premium account. What category would that data be?
> >
> >
> >
> > --
> > Puneet Kishor
> > Policy Coordinator for Science and Data
> > Creative Commons
> >
> > On Jul 2, 2013, at 1:31 PM, Iain Henderson <iainhenderson at mac.com>
> wrote:
> >
> >> Hi Sam, one approach that has worked for me before is to set out 5
> types of data that exist around an individual in simple terms that people
> can engage with, and point to the more detailed articulation for those that
> want it.
> >>
> >> The simple version is:
> >>
> >> My data - undeniable mine, I create it and manage it
> >>
> >> Your data - your data about me ('you' typically equalling a supplier,
> but also applies to peers)
> >>
> >> Our data - the data we co-create (and both technically have rights to
> and a copy of)
> >>
> >> Their data - entities that have data about me without having a
> relationship with me (credit bureau, ad networks etc)
> >>
> >> Everybody's data - what would typically be seen as 'open data'.
> >>
> >> The more detailed version is here. That's a few years old and could use
> an update but I think the core logic remains correct.
> >>
> >> Of course BIS and ODI have confused that logic using the term 'midata'
> for what I would describe as 'our data'. No matter, it's a well meaning
> effort.
> >>
> >> Hope that helps.
> >>
> >> Cheers
> >>
> >> Iain
> >>
> >>
> >>
> >>
> >> On 2 Jul 2013, at 20:32, Sam Smith <s at msmith.net> wrote:
> >>
> >>> Hey all,
> >>>
> >>> Has anyone seen a good discussion on how to talk about personal data
> (midata esque) at an open data type event, in a way which doesn't confuse
> the audience into believing that the speaker is suggesting that personal
> data should be OGL licensed...
> >>>
> >>>
> >>> It's a hard problem. Even HSCIC (talking about every person's GP
> health records) and ODI have got this wrong...
> >>>
> >>
> >>
>
>
> e-mail: iainhenderson at mac.com
> blog: www.iainhenderson.info
> twitter: @iainh1
>
> This email and any attachment contains information which is private and
> confidential and is intended for the addressee only. If you are not an
> addressee, you are not authorised to read, copy or use the e-mail or any
> attachment. If you have received this e-mail in error, please notify the
> sender by return e-mail and then destroy it.
>
> <a href="http://miicard.me/b0F1Jsy5">Identity assured by miiCard : Click
> to Verify</a>
>
>
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 3 Jul 2013 08:11:36 +0100
> From: Andy Turner <A.G.D.Turner at leeds.ac.uk>
> Subject: Re: [MyData & Open Data] distinctions between personal and
>         open
> To: Iain Henderson <iainhenderson at mac.com>, Puneet Kishor
>         <punk.kish at gmail.com>
> Cc: Sam Smith <s at msmith.net>,   "mydata-open-data at lists.okfn.org"
>         <mydata-open-data at lists.okfn.org>
> Message-ID:
>         <
> 03FEE575BFE70B4AA3BB5014DC59648B0259A8D7B9F3 at HERMES8.ds.leeds.ac.uk>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi,
>
> In my view the classes of MyData and Open Data overlap.
>
> Issues of ownership and access control are important in this. I think it
> is important for individuals and agencies empowered by individuals and
> working for the benefit of us all to control the access to personal data.
>
> One might want to readily share medical records for epidemiology research,
> but be less willing to share it with insurers or advertisers even though
> these might offer us personally beneficial things.
>
> If you own and use a mobile phone or credit card, various companies are
> collecting information about you and they use this not only to provide you
> with a better service (including better anti-fraud measures), but this data
> in raw and aggregated forms is very useful for target marketing.
>
> Likewise there is other data about people's movements and interaction with
> public services that is collected by different organisations as people go
> about their lives. Travel cards and benefits cards are in common use.
>
> Aggregated data that is based on personal data generally loses the link to
> the individual records.
>
> Personal data can be pseudo-annonymised whereby individuals are assigned a
> code and their main identifying information such as their name and national
> insurance number are removed. A linkage file containing the key and main
> identifying information can then be kept for data linking purposes, and for
> use cases of alerting individuals to danger.
>
> Much of the data I have considered while writing this is not open data in
> its purest sense, in that it could be downloaded and re-used without
> control. I have learned to live with a more complex definition of the terms
> open data. Doing the same with personal data is perhaps the best way
> forward, though I appreciate that there are some that strongly believe that
> data about an individual should be owned and controlled by that individual.
>
> HTH
>
> Andy
> http://www.geog.leeds.ac.uk/people/a.turner/index.html
> ________________________________________
> From: mydata-open-data-bounces at lists.okfn.org [
> mydata-open-data-bounces at lists.okfn.org] On Behalf Of Iain Henderson [
> iainhenderson at mac.com]
> Sent: 03 July 2013 01:36
> To: Puneet Kishor
> Cc: Sam Smith; mydata-open-data at lists.okfn.org
> Subject: Re: [MyData & Open Data] distinctions between personal and open
>
> In that categorisation that would premium account would be Our data, i.e.
> co-created and accessible to both. The standard account data would be 'your
> data', i.e. FitBit Co. It is specifically not My Data, even though I
> generated it. If I could hack into the Fitbit and extract it, that
> extracted bit would be My Data (albeit technically gathered in breach of
> contract).
>
> There are choices that can be made around some edge cases, but they way I
> see it the defining characteristic that aids categorisations is 'whose
> terms and conditions does it live behind?'
>
> Make sense?
>
> Iain
>
>
>
> On 3 Jul 2013, at 01:23, Puneet Kishor <punk.kish at gmail.com> wrote:
>
> > What about my data that *I* collected but *they* helped collect?
> >
> > For example, the fitbit on my hip is owned by me, powered by me, and
> logs undeniably only information about me. But, the only way I can see that
> data is through a fitbit owned app  provided to me, the said app uploading
> that data to fitbit's web site, and that data available to me to download
> only if I sign up for a premium account. What category would that data be?
> >
> >
> >
> > --
> > Puneet Kishor
> > Policy Coordinator for Science and Data
> > Creative Commons
> >
> > On Jul 2, 2013, at 1:31 PM, Iain Henderson <iainhenderson at mac.com>
> wrote:
> >
> >> Hi Sam, one approach that has worked for me before is to set out 5
> types of data that exist around an individual in simple terms that people
> can engage with, and point to the more detailed articulation for those that
> want it.
> >>
> >> The simple version is:
> >>
> >> My data - undeniable mine, I create it and manage it
> >>
> >> Your data - your data about me ('you' typically equalling a supplier,
> but also applies to peers)
> >>
> >> Our data - the data we co-create (and both technically have rights to
> and a copy of)
> >>
> >> Their data - entities that have data about me without having a
> relationship with me (credit bureau, ad networks etc)
> >>
> >> Everybody's data - what would typically be seen as 'open data'.
> >>
> >> The more detailed version is here. That's a few years old and could use
> an update but I think the core logic remains correct.
> >>
> >> Of course BIS and ODI have confused that logic using the term 'midata'
> for what I would describe as 'our data'. No matter, it's a well meaning
> effort.
> >>
> >> Hope that helps.
> >>
> >> Cheers
> >>
> >> Iain
> >>
> >>
> >>
> >>
> >> On 2 Jul 2013, at 20:32, Sam Smith <s at msmith.net> wrote:
> >>
> >>> Hey all,
> >>>
> >>> Has anyone seen a good discussion on how to talk about personal data
> (midata esque) at an open data type event, in a way which doesn't confuse
> the audience into believing that the speaker is suggesting that personal
> data should be OGL licensed...
> >>>
> >>>
> >>> It's a hard problem. Even HSCIC (talking about every person's GP
> health records) and ODI have got this wrong...
> >>>
> >>
> >>
>
>
> e-mail: iainhenderson at mac.com
> blog: www.iainhenderson.info
> twitter: @iainh1
>
> This email and any attachment contains information which is private and
> confidential and is intended for the addressee only. If you are not an
> addressee, you are not authorised to read, copy or use the e-mail or any
> attachment. If you have received this e-mail in error, please notify the
> sender by return e-mail and then destroy it.
>
> <a href="http://miicard.me/b0F1Jsy5">Identity assured by miiCard : Click
> to Verify</a>
>
>
>
>
> _______________________________________________
> MyData-Open-Data mailing list
> MyData-Open-Data at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/mydata-open-data
>
>
> ------------------------------
>
> Message: 4
> Date: Wed, 3 Jul 2013 10:40:47 +0100
> From: Sam Smith <s at msmith.net>
> Subject: Re: [MyData & Open Data] distinctions between personal and
>         open
> To: Puneet Kishor <punk.kish at gmail.com>
> Cc: "mydata-open-data at lists.okfn.org"
>         <mydata-open-data at lists.okfn.org>,      Iain Henderson
>         <iainhenderson at mac.com>
> Message-ID: <E4DB8817-C301-4419-8EAA-5CF44D0747D3 at mSmith.net>
> Content-Type: text/plain; charset=us-ascii
>
>
>
> On 3 Jul 2013, at 01:23, Puneet Kishor <punk.kish at gmail.com> wrote:
>
> > What about my data that *I* collected but *they* helped collect?
> >
> > For example, the fitbit on my hip is owned by me, powered by me, and
> logs undeniably only information about me. But, the only way I can see that
> data is through a fitbit owned app  provided to me, the said app uploading
> that data to fitbit's web site, and that data available to me to download
> only if I sign up for a premium account. What category would that data be?
>
> What you do with your personal data is up you. If you want to make your
> data CC-0 etc with a JSON REST API and push notifications, go for it.
> Generally, people won't do that with their health record and full DNA, but
> there are reasons for anyone to choose to do so. If it's your copy of your
> data, it's your choice.
>
> Privacy concerns come from somewhere slightly different. They're not about
> an individual making choices on their data. They're about someone else's
> copy of your data, and what they can do with it.
>
> What "they" do with your data should be subject to a very different set of
> norms, and talked about in a different way. Unfortunately, it is often not.
>
> When HSCIC talks about opening all their data, in a presentation that also
> talks about pulling your full coded medical history from your GP (google
> care.data), this stops being abstract problem. What HSCIC mean for open
> data is the aggregate stats (assuming done properly, generally no problem),
> but it matters what they say, not just what they mean.
>
> Where did the suggestion of opening the National Pupil Database (tracking
> kids from preschool to university) come from? It came from a SpAd who heard
> about the open data agenda, has an economic growth goal, and had an idea...
>
> Oops.
>
> As open data moves away from reference datasets, this problem will go up.
>
> Health will probably be first.
>
>
>
> Regards
> Sam
>
>
> ------------------------------
>
> _______________________________________________
> MyData-Open-Data mailing list
> MyData-Open-Data at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/mydata-open-data
>
>
> End of MyData-Open-Data Digest, Vol 6, Issue 2
> **********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/mydata-open-data/attachments/20130703/9ec71e8f/attachment.html>


More information about the mydata-open-data mailing list