[MyData & Open Data] Advice on EU Open Data project

Friedrich Lindenberg friedrich at pudo.org
Sat Jan 3 11:17:14 UTC 2015

Hey all,

I'm new to this group, and I wanted to ask advice on a privacy-related
issue that I am facing with an open data project. I apologise for the
length of my message, but I hope it may be of interest to the people in
this group.

The project is called "OpenInterests.eu" and it combines data from a
variety of European-level data sources into a sort of social network of who
is lobbying and doing business with the EU institutions. By it's very
nature, this project collects large amounts of information about
individuals, especially registered lobbyists (i.e. people who signed up for
the EU's transparency register, TR).

The problem comes when the people who sign up for the TR are basically
"civilians" (e.g. people who run a small NGO and want to visit an EU
consultation), or when people are mentioned in one of the related datasets
I import (such as direct EU expenditure for consultants).

Adding to this, I have a larger "memory" than the EU TR: people can remove
their own records from the official register, but that does not effect a
removal from my site. This is for two reasons: first, because some large
lobbying companies have actually de-registered in the past, deleting
valuable information about who their paid representatives are, and second,
because it is technically hard to implement a thorough deletion process
using the archival system I have set up.

Over the year or so that this has been in operation, I've received a
handful of removal requests, mostly from individuals where, admittedly, the
need for transparency isn't great: academics, part-time NGO activists etc.
However, given my limited ability to actually assess these requests and to
delete the records, I have refused to comply with these requests.

This has lead to trouble in only one case, where a person signed up for TR
and entered what they now claim is false information. They threatened to
sue me for libel for reproducing the data after they'd deleted it from TR.
I did a hack on the web site to replace their entries with a notice that
says that I was compelled to remove information about them - which promptly
rose to rank #1 for their name on Google. Today, they started threatening
to sue me for producing that notice...

In any case, I feel that I need to lay out a clear policy on personal
information for this site. I'm worried that, while what I am doing might be
legally OK, I am behaving like an arse towards these small-time/once-off
lobbyists. The goal of the project is to shed light on power, not to shame
people for being a bit stupid while filling out a messy online form.

I'd be interested to hear how people on this list would resolve some of
these issues:

* Should I (by default) delete entries from the TR when they get removed,
even if that means I loose information about some large lobbying groups
which try to escape transparency?

* What mechanism for arbitrating removal requests should I have? [nb. total
budget for the whole thing: 0 EUR :) ]

* What should be the criteria for such a mechanism? What makes a person
"irrelevant" in the context of such a database?

I think it may be interesting to discuss these issues in this group,
because the answers may also apply to other, similar projects.

Best regards,

- Friedrich
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/mydata-open-data/attachments/20150103/228ed186/attachment-0002.html>

More information about the mydata-open-data mailing list