[MyData & Open Data] Blog on open data ABOUT privacy

Sally Deffor sally.deffor at okfn.org
Thu Mar 20 12:22:40 UTC 2014


Hi Mark, Javier,



One exception and grey area is people wanting to share their personal data
with the world. Not all their data, but maybe something they feel proud of
(e.g. weight loss, miles run), or they are patients hoping a cure will
come. And throw in a few extras to make it more useful (postcode, gender,
age). Soon you have a privacy situation.


The ability for people to volunteer personal information is a key to many
problems in this space.  But, this ability needs a bit of work to be
useful, e.g. pseudonyms with attributes attached, time limits on use of
attributes, post consent control - etc.


The question is whether they can have any control over what happens to
their data afterwards. Legally it is not clear if you disclose your
personal information yourself. But we could follow the consent principle
and say that these people consent to share.


My concern here is whether we ought to be prescribing any sorts of
standards  for  people who want to open up their data totally without
considerations for re-use, future third-party access, explicit
identification etc. Wouldn't that go against the principle of My Control?



On 20 March 2014 11:16, Mark L <mark.lizar at gmail.com> wrote:

> Great Discussion Javier,
>
> On 19 Mar 2014, at 22:00, Javier Ruiz <javier at openrightsgroup.org> wrote:
>
> So beyond the scenario where people consent, (consent of the governed,
> consent of the customer, etc)  What are the exceptions for when Big Data,
> or Open Data can be created, used, aggregated, etc. without consent?  What
> are the exceptions to the exceptions?
>
> E.g. --> Employee Data, Criminal Data, National Security, Health Emergence,
> etc.
>
>
>
> This seems pretty black and white, either there is consent or their is
> not.    Ingenuity in enabling people to consent is the real opportunity and
> challenge here. Not, how do we get around it. Why the grey?
>
> I also think that consent and not opening personal data should be the
> standard.
>
>
>
> One exception and grey area is people wanting to share their personal data
> with the world. Not all their data, but maybe something they feel proud of
> (e.g. weight loss, miles run), or they are patients hoping a cure will
> come. And throw in a few extras to make it more useful (postcode, gender,
> age). Soon you have a privacy situation.
>
>
> The ability for people to volunteer personal information is a key to many
> problems in this space.  But, this ability needs a bit of work to be
> useful, e.g. pseudonyms with attributes attached, time limits on use of
> attributes, post consent control - etc.
>
>
> The question is whether they can have any control over what happens to
> their data afterwards. Legally it is not clear if you disclose your
> personal information yourself. But we could follow the consent principle
> and say that these people consent to share.
>
> Consent should be specific and informed - that's why some privacy policies
> just throw every permutation of data types and purposes, making it worse.
> But on the other extreme, you cannot just consent to your data to "be
> open". It is not specific.
>
>
> Well, if consent is not informed and specific it is not consent, the
> companies that do the every purpose in the book approach are not compliant
> with the current data protection law.   We need to Open Notice so we can
> see the good and the bad.
>
>
> There are advocates for consent to "big data processing" to be admitted as
> valid, but this is just asking for trouble down the line.
>
>
> well, if people controlled the transformation of their own data this would
> not be such a big problem.
>
>
> I think that you need to figure out some solution (dynamic consent,
> transferable consent?). It is a difficult problem.
>
>
> contextual use of PII - not that big of a problem.
>
>
> In the case of the other exceptions you mention above there are some other
> issues:
>
> 1. currently nobody needs your consent to anonymise your data, and
> once anonymised it's not yours. There is an argument that you should have
> some form of moral right over your data, even if you cannot be identified.
> For example, you may not want to contribute to the development of
> biological weapons, albeit indirectly. Besides, that data could be used to
> profile you with detrimental effects, even if you cannot be identified.
>
>
> They do need my consent to have my data, and if I don't consent to the
> purpose of anonymising the data then it is not informed consent - Am I
> missing something here?
>
>
> 2.  compulsory disclosures of personal data like those above are still
> subjected to privacy laws, at least in Europe. Even if personal data is
> public, you cannot just do whatever you want.
>
> Most people criticising consent want to bypass it. But we can be critical
> to improve it.
>
>
> +1 to that
>
> What is a known unknown?  (please define)
>
>
> In my view:
>
> Known unknowns would be where you consent to your data being freely
> re-used for - say - research on unspecified medical conditions, or even
> public interest scientific, social or medical research in the broadest
> sense, or even non public interest.
>
>
> Again this can't be informed consent if it is not purpose limited.
>
>
> Unknown unknowns is when your health data ends up being used to develop
> biological weapons.
>
>
> Health data and its use needs to be very strongly regulated and
> controlled, not privatised.   As Phil Booth mentioned this is a critical
> and very alarming issue that can see people sold out to pharmaceutical
> companies etc.
>
>
> So, the question really should be -->  How can people consent to transform
> their data to open data or Our Data?  What infrastructure, technology,
> tools, politics do we need?
>
> I hope we get to discuss more about the free market approach of personal
> datastores and fair monetisation of data.
>
> IMO - the answer is obvious, - This is on fair and equitable terms,
> where/when people can leverage and benefit from their own data, control the
> use of their 'real identities'.
>
>
> I think this could work to a point with some data, but we have to be
> sceptic until we see evidence. People like Morozov already disagree on
> this. They see Privacy is a social good, not an individual property to be
> sold, and personal data in the context of existing social relationships
> where accumulation of wealth and power mean that your data will end up
> being syphoned by a few companies who create value through volume.
>
>
> Morozov seems cynical, but, I do and don't agree with him..  There is a
> very good point in there.  One of my early fears was that work in personal
> data control will end up spurring a market for digital slavery. While this
> is a concern, Privacy is not necessarily a social good as it is more a
> social condition of the individual.  Privacy is not property that can be
> sold.  Even so our attributes in various contexts are being sold, albeit,
> without benefit to the data subject. (or what I like to call the Master
> Controller)
>
> Wether we like it or not our data is already being sold, the question is
> at what point (or in what way) will people get apart of the profits or reap
> personal benefits from this information exchange? Privacy and attributes
> are two different things.
>
> Morozov thinks that "
>
> "like financialisation, mediatisation is primarily a failure of
> regulation."
>
> Not sure he understands what privacy is.
>
> Best
>
> Mark
>
>
>
> best, javier
>
>
>
>
> Mark
>
> Javier
> On 19 Mar 2014 18:24, "Phil Booth" <phil at einsteinsattic.com> wrote:
>
> Sure. We understand psychology and behavioural economics - but without
> transparency and consent (which we're not even close to yet) you don't get
> a 'free market' for privacy. You get systemic misuse, abuse and worse...
>
> Phil
>
> *From:* mydata-open-data [mailto:mydata-open-data-bounces at lists.okfn.org] *On
> Behalf Of *Javier Ruiz
> *Sent:* 19 March 2014 16:41
> *To:* Mark L
> *Cc:* mydata-open-data at lists.okfn.org; opennotice at googlegroups.com
> *Subject:* Re: [MyData & Open Data] Blog on open data ABOUT privacy
>
> Hi, I don't want to open up a huge debate (yet ;-) but!
>
> transparency and consent will only get you so far, worth looking at the
> wok of Alessandro Acquisti on behavioural economics applied to privacy
> (quick summary: humans seem unable to make sensible decisions)
>
> http://www.ted.com/talks/alessandro_acquisti_why_privacy_matters
>
> --
> Javier Ruiz
> javier at openrightsgroup.org
> +44(0)7877 911 412
> @javierruiz
> www.OpenRightsGroup.org <http://www.openrightsgroup.org/>
>
>
> On Wednesday, 19 March 2014 at 16:26, Mark L wrote:
>
> Great Post Reuben,
>
> Another reason why open data about transparency over data control is so
> important and an indicator of how this transparency (or Open Notice) can
> solve lots of personal data problems we face today.
>
> - Mark
>
>
> On 18 Mar 2014, at 16:28, Javier Ruiz <javier at openrightsgroup.org> wrote:
>
>
>  Reuben Binns has posted an excellent blog on our Working Group's page on
> his research around a little know open-data-set: the UK Register of Data
> Controllers.
>
> The data is about what organisations declare they might do, not what they
> do in practice, but it raises lots of interesting questions.
>
> http://personal-data.okfn.org/blog/
>
> --
> Javier Ruiz
> javier at openrightsgroup.org
> +44(0)7877 911 412
> @javierruiz
> www.OpenRightsGroup.org <http://www.openrightsgroup.org/>
>
> _______________________________________________
> mydata-open-data mailing list
> mydata-open-data at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/mydata-open-data
>
>
>
>
>
>
>
>
> _______________________________________________
> mydata-open-data mailing list
> mydata-open-data at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/mydata-open-data
>
>


-- 


*Sally DefforOpen Data & Privacy Project Coordinator | skype:deffor.selase
| @SDeffor | +44 (0)7774 734206 The **Open Knowledge
Foundation*<http://okfn.org/>

*Empowering through Open Knowledge**http://www.okfn.org*<http://www.okfn.org/>*
| **@okfn* <https://twitter.com/OKFN>* | **OKF on
Facebook*<http://www.facebook.com/OKFNetwork>*
| **Blog* <http://blog.okfn.org/>* |
**Newsletter*<http://okfn.org/?s=Newsletter>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/mydata-open-data/attachments/20140320/e97db0bc/attachment-0003.html>


More information about the mydata-open-data mailing list