[MyData & Open Data] existing legal frameworks of biometrics
Erik Josefsson
erik.hjalmar.josefsson at gmail.com
Fri Apr 4 22:16:12 UTC 2014
Phil, I really should not read mail on a late Friday night, but I just
want to say THANKS! :-)
Best.
// Erik
On Friday, April 4, 2014, Phil Booth <phil at einsteinsattic.com> wrote:
> The whole notion of 'ownership' and 'data as property' is knotty. See,
for example, this recent UK ruling:
>
>
>
>
http://www.out-law.com/en/articles/2014/march/information-held-in-electronic-databases-not-property-which-can-be-possessed-rules-uk-court/
>
>
>
> I agree that control is the key issue. Which is why, for personal data,
it seems a nonsense that the person is the subject not the controller.
>
>
>
> Persisting with categorisations defined in a pre-Web era is
dysfunctional, even if some new(ish) developments - the only ones of which
I know in any detail are Mydex and PIB-d, because I provide independent
advice to both - attempt to shift the balance by working cleverly within
existing frameworks. The 'monetisation' aspects of these are practical (how
do you build and maintain an infrastructure that, whatever else it does,
must compete in a world that contains Facebook and Google) but peripheral,
to this discussion at least.
>
>
>
> Previous frameworks I may have mentioned, e.g. 'informational privity',
were attempts to grapple with existing legal constructs such as 'chain of
contract' (breach leading to much simpler redress) and 'assignable rights'
(control over use). In discussion with folks, e.g. at the Law Society, it
became clear we'd be talking about a whole new field of law for this - but
I'm not sure we shouldn't be considering that. Surely the outcome of an
information revolution should be a settlement that redresses the balance in
favour of the people, not the barons of the old information economy or the
creaking institutions of the old information society?
>
>
>
> I'm yet to be convinced that My Data as a distinct category is useful,
especially if it - and others, such as pseudonymised data - leads to a
mushrooming of 'special' categories of data about people that allow vested
interests to 'game' what they do with it. It also starts to feel a bit like
taxonomy for taxonomy's sake.
>
>
>
> Legally enshrining pseudonymised data in law is quite frankly stupid;
pseudonymisation is no more than a necessary technical measure for
mitigating some types of reidentification risk. It does not magically
transform a bunch of personal data into some completely different thing,
and it is far from sufficient in itself to make personal data
non-disclosive - especially rich episodic data - as has been graphically
demonstrated with linked, patient-level pseudonymised health data here in
the UK:
>
>
>
>
https://medconfidential.org/2014/commercial-re-use-licences-for-hes-disappearing-webpages/and
>
>
http://www.theguardian.com/technology/2014/mar/17/online-tool-identify-public-figures-medical-care
>
>
>
> I suspect its enshrinement in EU law will say more about the relentless
lobbying of vested interests and the technical ignorance of legislators -
and civil society's failure to counteract both, for which I must accept I
am as much to blame as any - than any real logic or genuine protection for
the individual.
>
>
>
> Phil
>
>
>
> From: mydata-open-data [mailto:mydata-open-data-bounces at lists.okfn.org]
On Behalf Of Javier Ruiz
> Sent: 04 April 2014 17:54
> To: Walter van Holst
> Cc: mydata-open-data at lists.okfn.org
> Subject: Re: [MyData & Open Data] existing legal frameworks of biometrics
>
>
>
> My take on the concepts (version 0.9 ;-):
>
>
>
> MY DATA
>
>
>
> I would see My data as data "generated" in my use of digital tools and
engagement with electronic information and communications systems. My
digital trail of gold or rubbish.
>
>
>
> I think this is a useful concept and different from personal data.
>
>
>
> OWNERSHIP
>
>
>
> I may or may not "own" this data depending on the tools and the contracts
involved.
>
>
>
> Location data from my GPS DiY health sensor tracker is different from
location data that my mobile company has on me, or location data that a
random app collects from my smartphone under the app permissions T&Cs.
>
>
>
> Property is a incredibly tricky thing to establish with intangible things
such as data. There is "intellectual property", as in copyright and
database right. But also ownership of infrastructure and any contractual or
licensing agreements.
>
>
>
> Facts cannot be copyrighted. So data automatically generated - e.g.
anything with sensors - is probably a fact.
>
>
>
> Nobody "owns" facts, but if I take a ton of research measurements from a
lab, they will claim I stole "their" research data. And instinctively you
would agree, but what is property of data?
>
>
>
> See this for a discussion in the context of US health data (page 78)
http://jolt.law.harvard.edu/articles/pdf/v25/25HarvJLTech69.pdf You may
disagree with some of the conclusions but it is quite useful, I think.
>
>
>
> Database right in Europe protects the investment in creating databases.
So if you are using someone else's infrastructure it's very possible they
at least share the "ownership" of this exploitation right, but this is not
exactly the same as what many people in the WG mean by "ownership",
I believe.
>
>
>
>
>
> ACCESS
>
>
>
> Your right to "access" (subject access in EU law), as Walter explained,
is not the same as "ownership" as in property. It means you can know
what information is held about you by an organisation at a point in time,
normally by getting a hard copy.
>
>
>
> PERSONAL DATA
>
>
>
> My Data may or may not be "personal information" under European standards
in terms of being enough to identify me or even single me out. Data need
not have any personal identifiers (name, address..) to be personal
information.
>
>
>
> An example of these differences can be found in the treatment of traffic
and location data in Europe. There are regulations on these data types (say
web history) under the EU E-privacy directive independently of whether this
is personal under Data Protection laws. Both legal frameworks - data
protection and the regulation of privacy in electronic communications - run
in parallel.
>
>
>
> TRANSFORMED DATA
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/mydata-open-data/attachments/20140405/c36749df/attachment-0003.html>
More information about the mydata-open-data
mailing list