[MyData & Open Data] Advice on EU Open Data project

Sat Jan 3 13:16:58 UTC 2015

Dear Walter,

many thanks for your response! I think you are making very good points,
responses inline:

On Sat, Jan 3, 2015 at 1:49 PM, Walter van Holst <walter.van.holst at xs4all.nl
> wrote:

> On 03/01/2015 12:17, Friedrich Lindenberg wrote:
>
> > Over the year or so that this has been in operation, I've received a
> > handful of removal requests, mostly from individuals where, admittedly,
> > the need for transparency isn't great: academics, part-time NGO
> > activists etc. However, given my limited ability to actually assess
> > these requests and to delete the records, I have refused to comply with
> > these requests.
>
> Most European DPAs (the UK's CIO excepted) are unlikely to find that a
> compelling argument against deletion records. If you can't comply with
> such requests, you simply cannot bring up the diligence required to
> ensure the veracity of your records.
>

To be clear: I didn't mean to argue against deleting PII just because I
couldn't be bothered to build a better database system - I just mentioned
this in the interest of honesty, to explain why I had been slow to set up a
removal mechanism.

> That doesn't mean your database cannot be made compliant. Also, it would
> be a shame to lose it. I would be extremely interested in it for
> transparency reasons. Also, this would be a good case for pseudonymisation.
>

That's an interesting idea - can you elaborate a bit on how a
pseudonym-based solution for this might look?

>
> > * Should I (by default) delete entries from the TR when they get
> > removed, even if that means I loose information about some large
> > lobbying groups which try to escape transparency?
>
> I think it would be worth to look into making them inaccessible. It
> would be even more worthwhile to look into a way of separating
> individuals and smaller NGOs from the bigger ones.
>

Separating these would be easy in a better register, but the current one
just has very inconsistent information on aspects such as organisational
budget that could be used to make a cut. Without a crowd-sourcing
initiative to classify the entries, the default would therefore be to
remove.

Interesting, I'd be keen to hear the opinions of more people!

> > * What mechanism for arbitrating removal requests should I have? [nb.
> > total budget for the whole thing: 0 EUR :) ]
>
> Ultimately, you must at least be willing to spend time on it. I think
> that in light of the clear public interest in transparency in lobbying
> you can request a higher burden of proof for deletion requests than the
> average data controller can.
>

I'm certainly willing to spend time on it, again this comment wasn't
intended to legitimise inappropriate data hoarding. It just comes down to
this: if the choice is between retaining a lawyer and shutting down the
site, I'll have to go for the latter.

> > * What should be the criteria for such a mechanism? What makes a person
> > "irrelevant" in the context of such a database?
>
> I would say that the bar for irrelevance is a lot higher than usual,
> unless we are talking about clear cases of impersonating people. The
> fact that someone no longer lobbies at the European level does not make
> the fact that that person did so irrelevant. It must be data that *at
> the time of entry into public record* was irrelevant or false.
>

Does this include false information submitted by the person making the
submission?

> I mean, ending up in a lobby register is not a typical youthful
> indiscretion about which we should be forgetful.
>

Thanks again for your thoughts!

- Friedrich

p.s. Loved your talk at Chaos!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/mydata-open-data/attachments/20150103/0c8f816b/attachment-0003.html>