[open-government] OGD principles : Completeness versus Primacy

Mon Feb 4 18:01:30 UTC 2013

hi, glad it's useful
>   
> The issue you brought up concerning the patch-work of US privacy laws is something that is troubling to me as well. From our own initiative and the long range vision we are proposing for the (local) region we do want to have a consistent de-identification policy.  
>  
>  
>  

what we advocate in UK as a first step is transparency and peer review of the de-identification technologies. open source approach if possible or at least to an expert panel.  

> There is not much right now I can do about jurisdictions above my own but I can advocate through persuasion and public acceptance a position based on the City of Raleigh model. Already I have been in contact with our neighboring cities and we have agreed to work on building a model of open data that protects citizen identification as far as the laws allow.

the inclusion of privacy clauses (e.g. thou shall not deidentify)  in open licenses is untested, I would love to hear more opinions. Duke may have people to help you in NC (James Boyle's team)

best, javier

>  
>   
> Your last sentence reflects our local reality. Through “Request for Information” acts on behalf of citizens in my own jurisdiction one can get home ownership, lien and other publicly identifiable data from the city. We can, as you said, not make these data sets re-usable or machine readable. Access to this identifiable data would require a formal request and delivered in a non-reusable form. Nowhere would this data be on our open data por  
>  
>  
>  

>  
>   
> For now that is the best I can do for my own initiative. I appreciate the advice and the helpful tips for all that have answered me. This helps me develop a policy that hopefully I can persuade others in my region to follow. So far I have found most of my regional colleagues are in agreement with me on adhering to the protection of citizen identities.
>   
> Best regards,
>   
> Jason Hare
> Open Data Program Manager
> City of Raleigh - Information Technology
> One Exchange Plaza, Suite 900
> P. O. Box 590
> Raleigh, North Carolina 27602-0590
> Mobile: 919-323-2767
> Office: 919-996-3599
> jason.hare at raleighnc.gov (mailto:jason.hare at raleighnc.gov)
> http://www.raleighnc.gov/open
>   
>   
>   
> From: Javier Ruiz [mailto:javierruizorg at gmail.com] On Behalf Of Javier Ruiz
> Sent: Monday, February 04, 2013 11:56 AM
> To: Hare, Jason
> Cc: Antoine Logean; Open Government WG List
> Subject: Re: [open-government] OGD principles : Completeness versus Primacy  
>   
> Hi Jason
>  
>   
>  
> The UK is developing some practice but not a proper policy yet. Unfortunately it is based on the assumption that de-identification is reliable against all evidence, including a government sponsored review, which urged a precautionary principle.
>  
>   
>  
> The underlying discussions have been taking place for a long time in the context of balancing Freedom of Information with Data Protection. David Banisar has a very good international overview
>  
>   
>  
> http://wbi.worldbank.org/wbi/Data/wbi/wbicms/files/drupal-acquia/wbi/Right%20to%20Information%20and%20Privacy.pdf
>  
>   
>  
> although access is very different from mass open reuse.
>  
>  
>  
>   
>  
> From a EU perspective the US has some very problematic issues with access to and reuse of personal information in public records such as schools, courts, etc. In the book Privacy in Context by Helen Nissenbaum there is a chapter about companies harvesting these public data and building profiles on millions of US citizens.  
>  
>   
>  
> The European Data Protection Supervisor issued an opinion in relation to the directive on Public Sector Information reuse. The paper addresses concerns with US-style personal data harvesting, and clearly shows that open data applied to personal information is fundamentally incompatible with several basic data protection principles (original purpose limitation, proportionality, controlled export outside Europe, etc.). The EDPS does not say that reuse of personal data must never happen, but it basically says that you cannot have uncontrolled commercial and non-commercial reuse. He calls for privacy impact assessments to set detailed constraints to a full open data approach. For example, he proposed privacy clauses to be added to licenses although this might not work for cascading open licenses.  
>  
>  
>   
>  
> http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2012/12-04-18_Open_data_EN.pdf
>  
>   
>  
> As a result, the new EU PSI directive will be clear on excluding personal data from its scope. But this only means no obligation to make the data reusable if it's personal, not that it cannot be done at all.
>  
>   
>  
> best
>  
> --  
> Javier Ruiz
> javier at openrightsgroup.org (mailto:javier at openrightsgroup.org)  
> +44(0)7877 911 412
>  
> @javierruiz
>  
> www.OpenRightsGroup.org (http://www.OpenRightsGroup.org)
>  
> Winners of Liberty's Human Rights Campaigner of the Year Award 2012
>  
>   
>  
>  
> On Monday, 4 February 2013 at 14:58, Hare, Jason wrote:
> >  
> > Good question.  
> >  
> >  
> >   
> >  
> >  
> > I know that privacy issues tend to be cultural in nature but I would like to see the OKFN and ODG add some language around disclosure of citizen identity. Though in the US requests for information can disclose the identity of a citizen, I do not believe that an open data portal should expose a citizen’s name or address in association with a single data set or through cross linked data sets.  
> >  
> >  
> >   
> >  
> >  
> > I see England has expended some effort toward having a national policy on this issue. The US is more fragmented and different jurisdictions have different standards.  
> >  
> >  
> >   
> >  
> >  
> > I would like to have an authoritative guideline. Since our open data initiative is based on the principles outlined in the OKFN Open Data Handbook and guidelines on this issue would be welcomed.
> >  
> >  
> >   
> >  
> >  
> > Jason Hare
> >  
> >  
> > Open Data Program Manager
> >  
> >  
> > City of Raleigh - Information Technology
> >  
> >  
> > One Exchange Plaza, Suite 900
> >  
> >  
> > P. O. Box 590
> >  
> >  
> > Raleigh, North Carolina 27602-0590
> >  
> >  
> > Mobile: 919-323-2767
> >  
> >  
> > Office: 919-996-3599
> >  
> >  
> > jason.hare at raleighnc.gov (mailto:jason.hare at raleighnc.gov)
> >  
> >  
> > http://www.raleighnc.gov/open
> >  
> >  
> >   
> >  
> >  
> >   
> >  
> >  
> >   
> >  
> >  
> > From: open-government-bounces at lists.okfn.org (mailto:open-government-bounces at lists.okfn.org) [mailto:open-government-bounces at lists.okfn.org] On Behalf Of Antoine Logean
> > Sent: Monday, February 04, 2013 9:15 AM
> > To: Open Government WG List
> > Subject: [open-government] OGD principles : Completeness versus Primacy
> >  
> >  
> >  
> >  
> >   
> >  
> >  
> > Dear all,
> >  
> >  
> >   
> >  
> >  
> >  
> > I have some questions relative to the 2 first OGD principles:
> >  
> >  
> >  
> >   
> >  
> >  
> >  
> > > 1) Data Must Be Complete  
> > > All public data are made available. Data are electronically stored information or recordings, including but not limited to documents, databases, transcripts, and audio/visual recordings. Public data are data that are not subject to valid privacy, security or privilege limitations, as governed by other statutes.
> > >
> >  
> >  
> >  
> > > 2) Data Must Be Primary  
> > > Data are published as collected at the source, with the finest possible level of granularity, not in aggregate or modified forms.
> >  
> >  
> >  
> >   
> >  
> >  
> >  
> > Does not the completion of the "completeness" principle automatically implies the "primary" principle ?  
> >  
> >  
> >  
> >   
> >  
> >  
> >  
> > Completeness can be expressed in two directions:  
> >  
> >  
> > "horizontal" completeness: all public data are made available from any public topics (health, education, finance, …)
> > "vertical" completeness: for a given public topic, all data relative to this topic are available  
> >  
> >  
> >  
> > Which one it is ? both ?
> >  
> >  
> >  
> >  
> >   
> >  
> >  
> >  
> > Thanks vor your help
> >  
> >  
> >  
> >   
> >  
> >  
> >  
> > Antoine Logean
> >  
> >  
> >  
> >   
> >  
> >  
> >  
> > Opendata.ch (http://Opendata.ch) - Enabling Open Government Data in Switzerland  
> > Antoine Logean | Founding Board Member | Community & Communication FR  
> > +41 79 3518482 | antoine.logean at opendata.ch (mailto:antoine.logean at opendata.ch) | http://twitter.com/ecolix
> >  
> >  
> >  
> >  
> >  
> >   
> >  
> >  
> >  
> > “E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties by an authorized City or Law Enforcement official.”
> >  
> >  
> > _______________________________________________
> >  
> > open-government mailing list
> >  
> > open-government at lists.okfn.org (mailto:open-government at lists.okfn.org)
> >  
> > http://lists.okfn.org/mailman/listinfo/open-government
> >  
> > Unsubscribe: http://lists.okfn.org/mailman/options/open-government
> >  
> >  
> >  
>  
>   
>  
>  
> “E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties by an authorized City or Law Enforcement official.”  
>  
>  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/open-government/attachments/20130204/442cbb1b/attachment-0001.html>