[MyData & Open Data] distinctions between personal and open

Thu Jul 25 12:55:16 UTC 2013

On 25 Jul 2013, at 12:15, Javier Ruiz <javier at openrightsgroup.org> wrote:
> no-one from government is properly acknowledging the risks of anonymisation. Following on the example of EE, ministers like Vaizey have said that because the data is anonymised they have nothing else to say. Cameron has not mentioned risks on anonymised health data http://news.techeye.net/security/uks-anonymous-health-records-are-wide-open

There is a fundamental difference between them not being acknowledged in headline announcements (which they should be), and the detail. Books are written on the detail, e.g. http://link.springer.com/book/10.1007/978-1-4419-7802-8/page/1

While it's convenient for politicians and companies to avoid the troubling details, we need to consider them and how solving some problems makes others become irrelevant.

> Some types of data handling activities are generally acknowledged as inherently risky. If you claim to have a very secure system for carrying CDs with unencrypted sensitive data in public transport, ministers would be demanding to know more. Anonymisation is not there yet.

That seems to confuse what is possible with anonymisation, and what is publicly claimed with anonymisation. That doesn't seem like a sensible merger.

> I will keep you in the loop about mobile companies. Our first report does not deal with anonymisation processes, as there are other more basic problems. But we are looking at proposing better practices in this area as well. For example, we found out that EE was only assessing the risks of individual queries, not the cumulative/tracker effects. Their line is that it was a pilot and they would do it properly when fully implemented. But you need to start with these considerations, not bolt them on afterwards.

That's a sensible distinction. 

Building it on solid statistical and mathematical foundations would probably make it invaluable. And, at the very least, as much as possible ensure a discussion around maths as well as principles, rather than the vague handwaving of previous EE (et al)  statements.

Sam