[MyData & Open Data] Advice on EU Open Data project

Sat Jan 3 14:46:40 UTC 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Friedrich,

Before setting up EPFSUG, we had a meetings with European Parliament
Data Protection Officer in Luxembourg.

We wanted to know how to manage data protection and privacy liability
before such liability could be used to shut us down.

At the time, IIRC we (also*) used Hetzner Online AG, but were hoping the
EP would host our services which I guess is why the questions we had
were kindly and proactively considered and not simply dismissed.

I think you should start a similar dialogue, with the perspective that
the information you mine is as relevant for the EP to display to the
public, or even host, as any of the EP swag you can buy at Parlamentarium.

Maybe find the Director Generals of DG IPOL and DG EXPO and start a
discussion on a publicly archived mailinglist? Last year they said an
"EP Data Warehouse" was a priority (put the European Parliament Data
Protection Officer in cc):

http://erikjosefsson.eu/sites/default/files/dg-ipol-and-dg-expo-priorities-20140516.pdf

They should reasonably have similar problems. At least they should have
analysed them.

Here's a template on how to start such a "cold call":

https://www.dfri.se/wiki/ep-acta-docs/

Another path of action is of course the "Open Letter" approach, but you
already know that (as a signatory yourself):

http://europarl.me/open+letter+for+open+data+Welle

Good luck!

//Erik

*) http://www.tcpiputils.com/browse/ip-address/176.9.82.140

On 01/03/2015 12:17 PM, Friedrich Lindenberg wrote:
> Hey all,
> 
> I'm new to this group, and I wanted to ask advice on a privacy-related
> issue that I am facing with an open data project. I apologise for the
> length of my message, but I hope it may be of interest to the people in
> this group.
> 
> The project is called "OpenInterests.eu" and it combines data from a
> variety of European-level data sources into a sort of social network of who
> is lobbying and doing business with the EU institutions. By it's very
> nature, this project collects large amounts of information about
> individuals, especially registered lobbyists (i.e. people who signed up for
> the EU's transparency register, TR).
> 
> The problem comes when the people who sign up for the TR are basically
> "civilians" (e.g. people who run a small NGO and want to visit an EU
> consultation), or when people are mentioned in one of the related datasets
> I import (such as direct EU expenditure for consultants).
> 
> Adding to this, I have a larger "memory" than the EU TR: people can remove
> their own records from the official register, but that does not effect a
> removal from my site. This is for two reasons: first, because some large
> lobbying companies have actually de-registered in the past, deleting
> valuable information about who their paid representatives are, and second,
> because it is technically hard to implement a thorough deletion process
> using the archival system I have set up.
> 
> Over the year or so that this has been in operation, I've received a
> handful of removal requests, mostly from individuals where, admittedly, the
> need for transparency isn't great: academics, part-time NGO activists etc.
> However, given my limited ability to actually assess these requests and to
> delete the records, I have refused to comply with these requests.
> 
> This has lead to trouble in only one case, where a person signed up for TR
> and entered what they now claim is false information. They threatened to
> sue me for libel for reproducing the data after they'd deleted it from TR.
> I did a hack on the web site to replace their entries with a notice that
> says that I was compelled to remove information about them - which promptly
> rose to rank #1 for their name on Google. Today, they started threatening
> to sue me for producing that notice...
> 
> In any case, I feel that I need to lay out a clear policy on personal
> information for this site. I'm worried that, while what I am doing might be
> legally OK, I am behaving like an arse towards these small-time/once-off
> lobbyists. The goal of the project is to shed light on power, not to shame
> people for being a bit stupid while filling out a messy online form.
> 
> I'd be interested to hear how people on this list would resolve some of
> these issues:
> 
> * Should I (by default) delete entries from the TR when they get removed,
> even if that means I loose information about some large lobbying groups
> which try to escape transparency?
> 
> * What mechanism for arbitrating removal requests should I have? [nb. total
> budget for the whole thing: 0 EUR :) ]
> 
> * What should be the criteria for such a mechanism? What makes a person
> "irrelevant" in the context of such a database?
> 
> I think it may be interesting to discuss these issues in this group,
> because the answers may also apply to other, similar projects.
> 
> Best regards,
> 
> - Friedrich
> 
> 
> 
> _______________________________________________
> mydata-open-data mailing list
> mydata-open-data at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/mydata-open-data
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJUqADNAAoJEEQJK+0DIPSk4UYIAK0xqijR0qg7nRnsqsAjtlAg
HfBbiQy4+/ZHrfmCQiV1R+G8cgri6LHVMZm6vyV7ABF2I1t2gJBLhg+9+WxDUaVl
JiFjIw5SusWsKVnwrDZ08nkjGgx9JKa2dtmP7iaSG+A50BYQ5N4HSIhixD0Y17kz
Dn28aFK977XjGj7I5J2UE/qCnnF01uWs6kgL2P5hG0OIUWkTpcls9fbxRdJXHO3X
pYFZNO/18FGnjRVKbGlvT5rlFLdjk6UJoC8hWwQYLVTJzvJmPRk85kzZwDw4oLo5
YQxCT/nV8l49szZCeqApflOHQNQNeRJ6cMzmr7UVVw132Ry20hlmgcdD1mHkrrs=
=2YxH
-----END PGP SIGNATURE-----