[MyData & Open Data] Blog on open data ABOUT privacy

Javier Ruiz javier at openrightsgroup.org
Wed Mar 19 22:00:54 UTC 2014


> > So beyond the scenario where people consent, (consent of the governed, consent of the customer, etc)  What are the exceptions for when Big Data, or Open Data can be created, used, aggregated, etc. without consent?  What are the exceptions to the exceptions?  
>  

> E.g. —> Employee Data, Criminal Data, National Security, Health Emergence, etc.  

  
> This seems pretty black and white, either there is consent or their is not.    Ingenuity in enabling people to consent is the real opportunity and challenge here. Not, how do we get around it. Why the grey?  
>  
>  

I also think that consent and not opening personal data should be the standard.  

One exception and grey area is people wanting to share their personal data with the world. Not all their data, but maybe something they feel proud of (e.g. weight loss, miles run), or they are patients hoping a cure will come. And throw in a few extras to make it more useful (postcode, gender, age). Soon you have a privacy situation.

The question is whether they can have any control over what happens to their data afterwards. Legally it is not clear if you disclose your personal information yourself. But we could follow the consent principle and say that these people consent to share.

Consent should be specific and informed - that’s why some privacy policies just throw every permutation of data types and purposes, making it worse. But on the other extreme, you cannot just consent to your data to “be open”. It is not specific.  

There are advocates for consent to “big data processing” to be admitted as valid, but this is just asking for trouble down the line.

I think that you need to figure out some solution (dynamic consent, transferable consent?). It is a difficult problem.

In the case of the other exceptions you mention above there are some other issues:

1. currently nobody needs your consent to anonymise your data, and once anonymised it’s not yours. There is an argument that you should have some form of moral right over your data, even if you cannot be identified. For example, you may not want to contribute to the development of biological weapons, albeit indirectly. Besides, that data could be used to profile you with detrimental effects, even if you cannot be identified.  

2.  compulsory disclosures of personal data like those above are still subjected to privacy laws, at least in Europe. Even if personal data is public, you cannot just do whatever you want.   

Most people criticising consent want to bypass it. But we can be critical to improve it.
> What is a known unknown?  (please define)
>  
>  
>  
>  


In my view:

Known unknowns would be where you consent to your data being freely re-used for - say - research on unspecified medical conditions, or even public interest scientific, social or medical research in the broadest sense, or even non public interest.  

Unknown unknowns is when your health data ends up being used to develop biological weapons.  
>  
> So, the question really should be —>  How can people consent to transform their data to open data or Our Data?  What infrastructure, technology, tools, politics do we need?  
>  
> > I hope we get to discuss more about the free market approach of personal datastores and fair monetisation of data.
> IMO - the answer is obvious, - This is on fair and equitable terms, where/when people can leverage and benefit from their own data, control the use of their ‘real identities’.    
>  
>  
>  
>  

  
I think this could work to a point with some data, but we have to be sceptic until we see evidence. People like Morozov already disagree on this. They see Privacy is a social good, not an individual property to be sold, and personal data in the context of existing social relationships where accumulation of wealth and power mean that your data will end up being syphoned by a few companies who create value through volume.  

best, javier


  
> Mark
> > Javier  
> > On 19 Mar 2014 18:24, "Phil Booth" <phil at einsteinsattic.com (mailto:phil at einsteinsattic.com)> wrote:
> > > Sure. We understand psychology and behavioural economics – but without transparency and consent (which we’re not even close to yet) you don’t get a ‘free market’ for privacy. You get systemic misuse, abuse and worse...
> > >   
> > > Phil
> > >   
> > > From: mydata-open-data [mailto:mydata-open-data-bounces at lists.okfn.org] On Behalf Of Javier Ruiz
> > > Sent: 19 March 2014 16:41
> > > To: Mark L
> > > Cc: mydata-open-data at lists.okfn.org (mailto:mydata-open-data at lists.okfn.org); opennotice at googlegroups.com (mailto:opennotice at googlegroups.com)
> > > Subject: Re: [MyData & Open Data] Blog on open data ABOUT privacy
> > >   
> > > Hi, I don’t want to open up a huge debate (yet ;-) but!  
> > >  
> > >   
> > >  
> > > transparency and consent will only get you so far, worth looking at the wok of Alessandro Acquisti on behavioural economics applied to privacy (quick summary: humans seem unable to make sensible decisions)
> > >  
> > >   
> > >  
> > > http://www.ted.com/talks/alessandro_acquisti_why_privacy_matters
> > >  
> > >   
> > >  
> > > --  
> > > Javier Ruiz
> > > javier at openrightsgroup.org (mailto:javier at openrightsgroup.org)  
> > > +44(0)7877 911 412 (tel:%2B44%280%297877%20911%20412)
> > >  
> > > @javierruiz
> > >  
> > > www.OpenRightsGroup.org (http://www.openrightsgroup.org/)
> > >  
> > >   
> > >  
> > >  
> > > On Wednesday, 19 March 2014 at 16:26, Mark L wrote:
> > > > Great Post Reuben,  
> > > >   
> > > >  
> > > > Another reason why open data about transparency over data control is so important and an indicator of how this transparency (or Open Notice) can solve lots of personal data problems we face today.   
> > > >  
> > > >   
> > > >  
> > > > - Mark
> > > >  
> > > >   
> > > >  
> > > >   
> > > > On 18 Mar 2014, at 16:28, Javier Ruiz <javier at openrightsgroup.org (mailto:javier at openrightsgroup.org)> wrote:
> > > >  
> > > >  
> > > >  
> > > > Reuben Binns has posted an excellent blog on our Working Group’s page on his research around a little know open-data-set: the UK Register of Data Controllers.   
> > > >   
> > > >  
> > > > The data is about what organisations declare they might do, not what they do in practice, but it raises lots of interesting questions.
> > > >  
> > > >   
> > > >  
> > > > http://personal-data.okfn.org/blog/
> > > >  
> > > >   
> > > >  
> > > > --  
> > > > Javier Ruiz
> > > > javier at openrightsgroup.org (mailto:javier at openrightsgroup.org)  
> > > > +44(0)7877 911 412 (tel:%2B44%280%297877%20911%20412)
> > > >  
> > > > @javierruiz
> > > >  
> > > > www.OpenRightsGroup.org (http://www.openrightsgroup.org/)
> > > >  
> > > >   
> > > >  
> > > >  
> > > > _______________________________________________
> > > > mydata-open-data mailing list
> > > > mydata-open-data at lists.okfn.org (mailto:mydata-open-data at lists.okfn.org)
> > > > https://lists.okfn.org/mailman/listinfo/mydata-open-data
> > > >   
> > > >  
> > > >  
> > >  
> > >   
> > >  
> > >  
> > >  
> >  
> >  
> >  
>  
>  
>  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/mydata-open-data/attachments/20140319/01308917/attachment-0003.html>


More information about the mydata-open-data mailing list