[MyData & Open Data] MyData-Open-Data Digest, Vol 6, Issue 2

Tim Davies tim at practicalparticipation.co.uk
Wed Jul 3 11:45:58 UTC 2013


Hello all

I wonder if one of the challenges is that we tend to approach this at the
wrong level of analysis. Rather than debating what is our isn't personal or
open data in terms of definitions that pick out features of the dataset
themselves, we need to talk about principles of privacy, and personal
rights to control over personal data that any plan to release data should
be tested against.

Reuben's examples highlight that the principle of control over ones own
data allow that an individual could open up their personal data, but the
same principle means someone else holding that data in my behalf would have
no right to place it under an pen licence.

The principle of a right to control ones own data is not the only one at
should be concerned with. There may also be important principles for public
services about not exposing those who have trusted data to those services
(or had no choice whether they hand over data) with risk of harm; or
exposing users of public services to decisional interference from private
parties etc[1].

Working out the important principles, and which initiatives like 'open
data', 'midata' and 'data sharing' are invoking might be a useful way to
have the dialogue with some of the stakeholders who need to be engaged in
this space.

All the best

Tim



[1] See Solove's taxonomy of privacy:
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=667622
On 3 Jul 2013 12:02, "Reuben Binns" <rdpbinns at gmail.com> wrote:

> Hi All,
>
> Sam, great question. I'm guessing it might have been prompted by my talk
> last night at the OKF London meetup? It's something I've struggled with and
> one of my main worries when talking about this area is that people will get
> the wrong impression, exactly as you say. And I agree that some of the
> statements from the public sector and others, while usually well-meaning,
> have at times unfortunately failed to distinguish between releasing open
> data to the public, and releasing personal data to individuals themselves.
> My colleague Tim Davies wrote a good blog about the national pupil database
> back when the changes were being discussed last year (
> http://www.timdavies.org.uk/2012/11/12/opening-the-national-pupil-database/) which touches on some of the problems you mention.
>
> I think I'd agree with a lot of the contributions so far. The usual
> definition of open data states that it is 'non-personal'. As a way to
> communicate what open data is about, I like this being in the definition,
> because it helps clear up the confusion Sam points to. But it may not
> always be true - some open data does contain PII, sometimes even in a
> non-anonymised form. Laura's example of sharing your health data under an
> open license so other patients or researchers can use it would be one.
> Norwegian citizens tax returns or MP's expenses are another. A friend of
> mine publishes his weekly email traffic/management data (e.g. total
> read/unread, reply rates, etc.) on his website under a CC-BY license so
> that other people can see how busy he is, or analyse it to find patterns.
> So I can see some cases where 'open personal data' may be appropriate;
> where the individual releases their own data under an open license, or
> where a democratic decision has been made for certain personal data about
> citizens (or MP's!) to be released as open data. But 'open personal data'
> should be the exception rather than the default!
>
> That said, we also need to be able to refer to open data *about* the
> practices of entities who collect and use personal data. Being able to find
> out who is collecting personal data, why, from what kinds of people, is a
> starting point for getting a grip on individual privacy. This doesn't
> include the personal data itself - just the categories of personal data
> collected, classes of data subjects, recipients, transfers, etc. So far I
> have been calling this 'open data for privacy', or 'open data about the
> collection and use of personal data' amongst other things. I'd love to find
> clearer and simpler ways of talking about it though, so any suggestions
> would be welcome.
>
>
> On Wed, Jul 3, 2013 at 9:40 AM, <mydata-open-data-request at lists.okfn.org>wrote:
>
>> Send MyData-Open-Data mailing list submissions to
>>         mydata-open-data at lists.okfn.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>         http://lists.okfn.org/mailman/listinfo/mydata-open-data
>> or, via email, send a message with subject or body 'help' to
>>         mydata-open-data-request at lists.okfn.org
>>
>> You can reach the person managing the list at
>>         mydata-open-data-owner at lists.okfn.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of MyData-Open-Data digest..."
>>
>>
>> Today's Topics:
>>
>>    1. Re: distinctions between personal and open (Puneet Kishor)
>>    2. Re: distinctions between personal and open (Iain Henderson)
>>    3. Re: distinctions between personal and open (Andy Turner)
>>    4. Re: distinctions between personal and open (Sam Smith)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Tue, 2 Jul 2013 17:23:16 -0700
>> From: Puneet Kishor <punk.kish at gmail.com>
>> Subject: Re: [MyData & Open Data] distinctions between personal and
>>         open
>> To: Iain Henderson <iainhenderson at mac.com>
>> Cc: Sam Smith <s at msmith.net>,   "mydata-open-data at lists.okfn.org"
>>         <mydata-open-data at lists.okfn.org>
>> Message-ID: <716F6F64-CB18-448B-870C-D2B2710FE4B3 at gmail.com>
>> Content-Type: text/plain; charset="us-ascii"
>>
>> What about my data that *I* collected but *they* helped collect?
>>
>> For example, the fitbit on my hip is owned by me, powered by me, and logs
>> undeniably only information about me. But, the only way I can see that data
>> is through a fitbit owned app  provided to me, the said app uploading that
>> data to fitbit's web site, and that data available to me to download only
>> if I sign up for a premium account. What category would that data be?
>>
>>
>>
>> --
>> Puneet Kishor
>> Policy Coordinator for Science and Data
>> Creative Commons
>>
>> On Jul 2, 2013, at 1:31 PM, Iain Henderson <iainhenderson at mac.com> wrote:
>>
>> > Hi Sam, one approach that has worked for me before is to set out 5
>> types of data that exist around an individual in simple terms that people
>> can engage with, and point to the more detailed articulation for those that
>> want it.
>> >
>> > The simple version is:
>> >
>> > My data - undeniable mine, I create it and manage it
>> >
>> > Your data - your data about me ('you' typically equalling a supplier,
>> but also applies to peers)
>> >
>> > Our data - the data we co-create (and both technically have rights to
>> and a copy of)
>> >
>> > Their data - entities that have data about me without having a
>> relationship with me (credit bureau, ad networks etc)
>> >
>> > Everybody's data - what would typically be seen as 'open data'.
>> >
>> > The more detailed version is here. That's a few years old and could use
>> an update but I think the core logic remains correct.
>> >
>> > Of course BIS and ODI have confused that logic using the term 'midata'
>> for what I would describe as 'our data'. No matter, it's a well meaning
>> effort.
>> >
>> > Hope that helps.
>> >
>> > Cheers
>> >
>> > Iain
>> >
>> >
>> >
>> >
>> > On 2 Jul 2013, at 20:32, Sam Smith <s at msmith.net> wrote:
>> >
>> >> Hey all,
>> >>
>> >> Has anyone seen a good discussion on how to talk about personal data
>> (midata esque) at an open data type event, in a way which doesn't confuse
>> the audience into believing that the speaker is suggesting that personal
>> data should be OGL licensed...
>> >>
>> >>
>> >> It's a hard problem. Even HSCIC (talking about every person's GP
>> health records) and ODI have got this wrong...
>> >>
>> >
>> >
>> >
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://lists.okfn.org/pipermail/mydata-open-data/attachments/20130702/2d9756f7/attachment-0001.htm
>> >
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Wed, 03 Jul 2013 01:36:16 +0100
>> From: Iain Henderson <iainhenderson at mac.com>
>> Subject: Re: [MyData & Open Data] distinctions between personal and
>>         open
>> To: Puneet Kishor <punk.kish at gmail.com>
>> Cc: Sam Smith <s at msmith.net>,   "mydata-open-data at lists.okfn.org"
>>         <mydata-open-data at lists.okfn.org>
>> Message-ID: <79749564-BABC-46AF-9666-AA499D63B21D at mac.com>
>> Content-Type: text/plain; charset=us-ascii
>>
>> In that categorisation that would premium account would be Our data, i.e.
>> co-created and accessible to both. The standard account data would be 'your
>> data', i.e. FitBit Co. It is specifically not My Data, even though I
>> generated it. If I could hack into the Fitbit and extract it, that
>> extracted bit would be My Data (albeit technically gathered in breach of
>> contract).
>>
>> There are choices that can be made around some edge cases, but they way I
>> see it the defining characteristic that aids categorisations is 'whose
>> terms and conditions does it live behind?'
>>
>> Make sense?
>>
>> Iain
>>
>>
>>
>> On 3 Jul 2013, at 01:23, Puneet Kishor <punk.kish at gmail.com> wrote:
>>
>> > What about my data that *I* collected but *they* helped collect?
>> >
>> > For example, the fitbit on my hip is owned by me, powered by me, and
>> logs undeniably only information about me. But, the only way I can see that
>> data is through a fitbit owned app  provided to me, the said app uploading
>> that data to fitbit's web site, and that data available to me to download
>> only if I sign up for a premium account. What category would that data be?
>> >
>> >
>> >
>> > --
>> > Puneet Kishor
>> > Policy Coordinator for Science and Data
>> > Creative Commons
>> >
>> > On Jul 2, 2013, at 1:31 PM, Iain Henderson <iainhenderson at mac.com>
>> wrote:
>> >
>> >> Hi Sam, one approach that has worked for me before is to set out 5
>> types of data that exist around an individual in simple terms that people
>> can engage with, and point to the more detailed articulation for those that
>> want it.
>> >>
>> >> The simple version is:
>> >>
>> >> My data - undeniable mine, I create it and manage it
>> >>
>> >> Your data - your data about me ('you' typically equalling a supplier,
>> but also applies to peers)
>> >>
>> >> Our data - the data we co-create (and both technically have rights to
>> and a copy of)
>> >>
>> >> Their data - entities that have data about me without having a
>> relationship with me (credit bureau, ad networks etc)
>> >>
>> >> Everybody's data - what would typically be seen as 'open data'.
>> >>
>> >> The more detailed version is here. That's a few years old and could
>> use an update but I think the core logic remains correct.
>> >>
>> >> Of course BIS and ODI have confused that logic using the term 'midata'
>> for what I would describe as 'our data'. No matter, it's a well meaning
>> effort.
>> >>
>> >> Hope that helps.
>> >>
>> >> Cheers
>> >>
>> >> Iain
>> >>
>> >>
>> >>
>> >>
>> >> On 2 Jul 2013, at 20:32, Sam Smith <s at msmith.net> wrote:
>> >>
>> >>> Hey all,
>> >>>
>> >>> Has anyone seen a good discussion on how to talk about personal data
>> (midata esque) at an open data type event, in a way which doesn't confuse
>> the audience into believing that the speaker is suggesting that personal
>> data should be OGL licensed...
>> >>>
>> >>>
>> >>> It's a hard problem. Even HSCIC (talking about every person's GP
>> health records) and ODI have got this wrong...
>> >>>
>> >>
>> >>
>>
>>
>> e-mail: iainhenderson at mac.com
>> blog: www.iainhenderson.info
>> twitter: @iainh1
>>
>> This email and any attachment contains information which is private and
>> confidential and is intended for the addressee only. If you are not an
>> addressee, you are not authorised to read, copy or use the e-mail or any
>> attachment. If you have received this e-mail in error, please notify the
>> sender by return e-mail and then destroy it.
>>
>> <a href="http://miicard.me/b0F1Jsy5">Identity assured by miiCard : Click
>> to Verify</a>
>>
>>
>>
>>
>>
>>
>> ------------------------------
>>
>> Message: 3
>> Date: Wed, 3 Jul 2013 08:11:36 +0100
>> From: Andy Turner <A.G.D.Turner at leeds.ac.uk>
>> Subject: Re: [MyData & Open Data] distinctions between personal and
>>         open
>> To: Iain Henderson <iainhenderson at mac.com>, Puneet Kishor
>>         <punk.kish at gmail.com>
>> Cc: Sam Smith <s at msmith.net>,   "mydata-open-data at lists.okfn.org"
>>         <mydata-open-data at lists.okfn.org>
>> Message-ID:
>>         <
>> 03FEE575BFE70B4AA3BB5014DC59648B0259A8D7B9F3 at HERMES8.ds.leeds.ac.uk>
>> Content-Type: text/plain; charset="us-ascii"
>>
>> Hi,
>>
>> In my view the classes of MyData and Open Data overlap.
>>
>> Issues of ownership and access control are important in this. I think it
>> is important for individuals and agencies empowered by individuals and
>> working for the benefit of us all to control the access to personal data.
>>
>> One might want to readily share medical records for epidemiology
>> research, but be less willing to share it with insurers or advertisers even
>> though these might offer us personally beneficial things.
>>
>> If you own and use a mobile phone or credit card, various companies are
>> collecting information about you and they use this not only to provide you
>> with a better service (including better anti-fraud measures), but this data
>> in raw and aggregated forms is very useful for target marketing.
>>
>> Likewise there is other data about people's movements and interaction
>> with public services that is collected by different organisations as people
>> go about their lives. Travel cards and benefits cards are in common use.
>>
>> Aggregated data that is based on personal data generally loses the link
>> to the individual records.
>>
>> Personal data can be pseudo-annonymised whereby individuals are assigned
>> a code and their main identifying information such as their name and
>> national insurance number are removed. A linkage file containing the key
>> and main identifying information can then be kept for data linking
>> purposes, and for use cases of alerting individuals to danger.
>>
>> Much of the data I have considered while writing this is not open data in
>> its purest sense, in that it could be downloaded and re-used without
>> control. I have learned to live with a more complex definition of the terms
>> open data. Doing the same with personal data is perhaps the best way
>> forward, though I appreciate that there are some that strongly believe that
>> data about an individual should be owned and controlled by that individual.
>>
>> HTH
>>
>> Andy
>> http://www.geog.leeds.ac.uk/people/a.turner/index.html
>> ________________________________________
>> From: mydata-open-data-bounces at lists.okfn.org [
>> mydata-open-data-bounces at lists.okfn.org] On Behalf Of Iain Henderson [
>> iainhenderson at mac.com]
>> Sent: 03 July 2013 01:36
>> To: Puneet Kishor
>> Cc: Sam Smith; mydata-open-data at lists.okfn.org
>> Subject: Re: [MyData & Open Data] distinctions between personal and open
>>
>> In that categorisation that would premium account would be Our data, i.e.
>> co-created and accessible to both. The standard account data would be 'your
>> data', i.e. FitBit Co. It is specifically not My Data, even though I
>> generated it. If I could hack into the Fitbit and extract it, that
>> extracted bit would be My Data (albeit technically gathered in breach of
>> contract).
>>
>> There are choices that can be made around some edge cases, but they way I
>> see it the defining characteristic that aids categorisations is 'whose
>> terms and conditions does it live behind?'
>>
>> Make sense?
>>
>> Iain
>>
>>
>>
>> On 3 Jul 2013, at 01:23, Puneet Kishor <punk.kish at gmail.com> wrote:
>>
>> > What about my data that *I* collected but *they* helped collect?
>> >
>> > For example, the fitbit on my hip is owned by me, powered by me, and
>> logs undeniably only information about me. But, the only way I can see that
>> data is through a fitbit owned app  provided to me, the said app uploading
>> that data to fitbit's web site, and that data available to me to download
>> only if I sign up for a premium account. What category would that data be?
>> >
>> >
>> >
>> > --
>> > Puneet Kishor
>> > Policy Coordinator for Science and Data
>> > Creative Commons
>> >
>> > On Jul 2, 2013, at 1:31 PM, Iain Henderson <iainhenderson at mac.com>
>> wrote:
>> >
>> >> Hi Sam, one approach that has worked for me before is to set out 5
>> types of data that exist around an individual in simple terms that people
>> can engage with, and point to the more detailed articulation for those that
>> want it.
>> >>
>> >> The simple version is:
>> >>
>> >> My data - undeniable mine, I create it and manage it
>> >>
>> >> Your data - your data about me ('you' typically equalling a supplier,
>> but also applies to peers)
>> >>
>> >> Our data - the data we co-create (and both technically have rights to
>> and a copy of)
>> >>
>> >> Their data - entities that have data about me without having a
>> relationship with me (credit bureau, ad networks etc)
>> >>
>> >> Everybody's data - what would typically be seen as 'open data'.
>> >>
>> >> The more detailed version is here. That's a few years old and could
>> use an update but I think the core logic remains correct.
>> >>
>> >> Of course BIS and ODI have confused that logic using the term 'midata'
>> for what I would describe as 'our data'. No matter, it's a well meaning
>> effort.
>> >>
>> >> Hope that helps.
>> >>
>> >> Cheers
>> >>
>> >> Iain
>> >>
>> >>
>> >>
>> >>
>> >> On 2 Jul 2013, at 20:32, Sam Smith <s at msmith.net> wrote:
>> >>
>> >>> Hey all,
>> >>>
>> >>> Has anyone seen a good discussion on how to talk about personal data
>> (midata esque) at an open data type event, in a way which doesn't confuse
>> the audience into believing that the speaker is suggesting that personal
>> data should be OGL licensed...
>> >>>
>> >>>
>> >>> It's a hard problem. Even HSCIC (talking about every person's GP
>> health records) and ODI have got this wrong...
>> >>>
>> >>
>> >>
>>
>>
>> e-mail: iainhenderson at mac.com
>> blog: www.iainhenderson.info
>> twitter: @iainh1
>>
>> This email and any attachment contains information which is private and
>> confidential and is intended for the addressee only. If you are not an
>> addressee, you are not authorised to read, copy or use the e-mail or any
>> attachment. If you have received this e-mail in error, please notify the
>> sender by return e-mail and then destroy it.
>>
>> <a href="http://miicard.me/b0F1Jsy5">Identity assured by miiCard : Click
>> to Verify</a>
>>
>>
>>
>>
>> _______________________________________________
>> MyData-Open-Data mailing list
>> MyData-Open-Data at lists.okfn.org
>> http://lists.okfn.org/mailman/listinfo/mydata-open-data
>>
>>
>> ------------------------------
>>
>> Message: 4
>> Date: Wed, 3 Jul 2013 10:40:47 +0100
>> From: Sam Smith <s at msmith.net>
>> Subject: Re: [MyData & Open Data] distinctions between personal and
>>         open
>> To: Puneet Kishor <punk.kish at gmail.com>
>> Cc: "mydata-open-data at lists.okfn.org"
>>         <mydata-open-data at lists.okfn.org>,      Iain Henderson
>>         <iainhenderson at mac.com>
>> Message-ID: <E4DB8817-C301-4419-8EAA-5CF44D0747D3 at mSmith.net>
>> Content-Type: text/plain; charset=us-ascii
>>
>>
>>
>> On 3 Jul 2013, at 01:23, Puneet Kishor <punk.kish at gmail.com> wrote:
>>
>> > What about my data that *I* collected but *they* helped collect?
>> >
>> > For example, the fitbit on my hip is owned by me, powered by me, and
>> logs undeniably only information about me. But, the only way I can see that
>> data is through a fitbit owned app  provided to me, the said app uploading
>> that data to fitbit's web site, and that data available to me to download
>> only if I sign up for a premium account. What category would that data be?
>>
>> What you do with your personal data is up you. If you want to make your
>> data CC-0 etc with a JSON REST API and push notifications, go for it.
>> Generally, people won't do that with their health record and full DNA, but
>> there are reasons for anyone to choose to do so. If it's your copy of your
>> data, it's your choice.
>>
>> Privacy concerns come from somewhere slightly different. They're not
>> about an individual making choices on their data. They're about someone
>> else's copy of your data, and what they can do with it.
>>
>> What "they" do with your data should be subject to a very different set
>> of norms, and talked about in a different way. Unfortunately, it is often
>> not.
>>
>> When HSCIC talks about opening all their data, in a presentation that
>> also talks about pulling your full coded medical history from your GP
>> (google care.data), this stops being abstract problem. What HSCIC mean for
>> open data is the aggregate stats (assuming done properly, generally no
>> problem), but it matters what they say, not just what they mean.
>>
>> Where did the suggestion of opening the National Pupil Database (tracking
>> kids from preschool to university) come from? It came from a SpAd who heard
>> about the open data agenda, has an economic growth goal, and had an idea...
>>
>> Oops.
>>
>> As open data moves away from reference datasets, this problem will go up.
>>
>> Health will probably be first.
>>
>>
>>
>> Regards
>> Sam
>>
>>
>> ------------------------------
>>
>> _______________________________________________
>> MyData-Open-Data mailing list
>> MyData-Open-Data at lists.okfn.org
>> http://lists.okfn.org/mailman/listinfo/mydata-open-data
>>
>>
>> End of MyData-Open-Data Digest, Vol 6, Issue 2
>> **********************************************
>>
>
>
> _______________________________________________
> MyData-Open-Data mailing list
> MyData-Open-Data at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/mydata-open-data
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/mydata-open-data/attachments/20130703/86a1138c/attachment-0001.html>


More information about the mydata-open-data mailing list