[MyData & Open Data] Blog on open data ABOUT privacy

Thu Mar 20 08:29:36 UTC 2014

Laura’s definition:

“Transformed Data is information about individuals, where some effort has been made to anonymise or aggregate the data to remove individually identified elements.”

is dangerously loose, allowing others with less noble intent far too much wriggle room. Though I appreciate the definition is not solely hers – the ICO’s Code of Practice on Anonymisation effectively boils down to the same thing – “some effort” is nowhere near good enough. Especially for rich data about human beings’ lives, such as health data.

The graphic immediately below the definition of ‘transformed data’ in her post http://personal-data.okfn.org/2013/12/13/open-data-privacy/ is very apposite. It was also used by the company (PDF attached) that was revealed in last weekend’s Sunday Times to have been sold over a billion hospital records under commercial re-use license by HSCIC:

http://www.thesundaytimes.co.uk/sto/news/uk_news/Health/article1388324.ece (£)

and

http://www.theguardian.com/technology/2014/mar/17/online-tool-identify-public-figures-medical-care 

and

http://medconfidential.org/2014/commercial-re-use-licences-for-hes-disappearing-webpages/ 

As I said at my talk at ODI, organised by ORG, this Monday – the Open Data community needs to be a LOT clearer about what Open Data is and isn’t (JeniT absolutely gets this) and needs to defend its ‘brand’ / territory against the very real threat of co-option and/or confusion in the public mind from those pushing government data sharing initiatives that are nothing even close to Open Data – like care.data.

To make myself absolutely clear: we (medConfidential) are in a live fight right now over the confidential medical information (GP records) of every man, woman and child in England. Our goal is to make every flow of data into, across and out of the NHS and care system consensual, safe and transparent - of the 3 of those, consent is by far the most tricky. But we don’t have the luxury of talking theoretically, or about stuff way off in some indefinite future. 

Open Data absolutely has its place in this – as statistical releases, aggregated and properly treated as already appear on data.gov.uk (and MedRed via BT) – but it is being actively (ab)used as ‘cover’ by those driving the scheme, who either claim or don’t bother to correct the misconception that what they are doing is some sort of ‘open data’.

If you weren’t aware of this already, you now are. Please don’t allow Open Data to become part of the problem. 

Sorry, but it’s time to choose sides.

Cheers,

Phil

From: Mark L [mailto:mark.lizar at gmail.com] 
Sent: 19 March 2014 20:13
To: Javier Ruiz
Cc: Phil Booth; opennotice at googlegroups.com; mydata-open-data at lists.okfn.org
Subject: Re: [MyData & Open Data] Blog on open data ABOUT privacy

Ah! The Meaty issues. 

On 19 Mar 2014, at 18:59, Javier Ruiz <javier at openrightsgroup.org> wrote:

Hey, I am not saying that we should give up on consent and transparency :-)  just that maybe we should spread our bets. Data minimisation could be as important,  for example. 

I see data minimisation as being a result of meaningful consent and transparency..  The one in many ways needs to proceed the other. 

Consent gets really tricky to handle  in open data 

Isn't Open Data and Consent orthogonal? From what I understand from Laura James post - Open Data Privacy <http://personal-data.okfn.org/2013/12/13/open-data-privacy/>  - Open Data is transformed data.  A.K.A. "Transformed Data is information about individuals, where some effort has been made to anonymise or aggregate the data to remove individually identified elements."

. Maybe you can consent to known unknowns with some clever legal formulation.

Unknown Unknowns is Googles argument to not need consent from all of us Google users to change their privacy policies.  (still not clear what that is)  

But the unknown unknowns?

So beyond the scenario where people consent, (consent of the governed, consent of the customer, etc)  What are the exceptions for when Big Data, or Open Data can be created, used, aggregated, etc. without consent?  What are the exceptions to the exceptions? 

E.g. —> Employee Data, Criminal Data, National Security, Health Emergence, etc. 

This seems pretty black and white, either there is consent or their is not.    Ingenuity in enabling people to consent is the real opportunity and challenge here. Not, how do we get around it. Why the grey? 

What is a known unknown?  (please define)

So, the question really should be —>  How can people consent to transform their data to open data or Our Data?  What infrastructure, technology, tools, politics do we need? 

I hope we get to discuss more about the free market approach of personal datastores and fair monetisation of data.

IMO - the answer is obvious, - This is on fair and equitable terms, where/when people can leverage and benefit from their own data, control the use of their ‘real identities’.   

Mark

Javier 

On 19 Mar 2014 18:24, "Phil Booth" <phil at einsteinsattic.com> wrote:

Sure. We understand psychology and behavioural economics – but without transparency and consent (which we’re not even close to yet) you don’t get a ‘free market’ for privacy. You get systemic misuse, abuse and worse...

Phil

From: mydata-open-data [mailto:mydata-open-data-bounces at lists.okfn.org] On Behalf Of Javier Ruiz
Sent: 19 March 2014 16:41
To: Mark L
Cc: mydata-open-data at lists.okfn.org; opennotice at googlegroups.com
Subject: Re: [MyData & Open Data] Blog on open data ABOUT privacy

Hi, I don’t want to open up a huge debate (yet ;-) but! 

transparency and consent will only get you so far, worth looking at the wok of Alessandro Acquisti on behavioural economics applied to privacy (quick summary: humans seem unable to make sensible decisions)

http://www.ted.com/talks/alessandro_acquisti_why_privacy_matters

-- 
Javier Ruiz
 <mailto:javier at openrightsgroup.org> javier at openrightsgroup.org

+44(0)7877 911 412 <tel:%2B44%280%297877%20911%20412> 

@javierruiz

 <http://www.openrightsgroup.org/> www.OpenRightsGroup.org

On Wednesday, 19 March 2014 at 16:26, Mark L wrote:

Great Post Reuben, 

Another reason why open data about transparency over data control is so important and an indicator of how this transparency (or Open Notice) can solve lots of personal data problems we face today.  

- Mark

On 18 Mar 2014, at 16:28, Javier Ruiz <javier at openrightsgroup.org> wrote:

Reuben Binns has posted an excellent blog on our Working Group’s page on his research around a little know open-data-set: the UK Register of Data Controllers.  

The data is about what organisations declare they might do, not what they do in practice, but it raises lots of interesting questions.

http://personal-data.okfn.org/blog/

-- 
Javier Ruiz
 <mailto:javier at openrightsgroup.org> javier at openrightsgroup.org

+44(0)7877 911 412 <tel:%2B44%280%297877%20911%20412> 

@javierruiz

 <http://www.openrightsgroup.org/> www.OpenRightsGroup.org

_______________________________________________
mydata-open-data mailing list
mydata-open-data at lists.okfn.org
https://lists.okfn.org/mailman/listinfo/mydata-open-data

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2014.0.4336 / Virus Database: 3722/7217 - Release Date: 03/19/14

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/mydata-open-data/attachments/20140320/1ae34f19/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ?H?a?r?v?e?y? ?W?a?l?s?h? ?_? ?O?n?e? ?B?i?l?l?i?o?n.pdf
Type: application/pdf
Size: 282403 bytes
Desc: not available
URL: <http://lists.okfn.org/pipermail/mydata-open-data/attachments/20140320/1ae34f19/attachment-0003.pdf>