[open-government] Openness and Privacy

Fri Jun 12 12:03:30 UTC 2015

Dear all

I had replied to Martin Tisné’s original post in another list, but I’ll paste it here below for completeness as Chris Taggart was referring to that email in the thread.

On the discussion here:

Marc Rotenberg has put it quite clearly: privacy is abused by the powerful like any other right, including the right to property. But that’s how power works. Funny that these arguments have typically been made by communists criticising liberal democracies, and now that leftists finally embrace human rights we go back to square one! Lets set the record straight: privacy laws in most places allow for information to hold people accountable to be made public while setting some limits. Do we really want to be able to track the postman via a GPS anklet? Privacy is not a blunt instrument, e.g. as it been explained elsewhere it allows for the taxes of everyone in Norway to be accessible online. Public registers everywhere make public personal information in exchange for social recognition (educational achievement, property, good citizenship, etc.).

But I think the main issue here is not the privacy vs accountability debate, which can be solved with goodwill, but the drive to use data (big data, data science, machine learning, etc.) in everything: from running transport systems by tracking users, to curing cancer by analysing detailed medical histories. Today a massive UK summer festival (Download) announced they will be the first using RFID armbands that will track everyone at checkpoints throughout the venue, and process all payments in a cashless system. Couple this with the well known problems with the standard privacy solutions of anonymisation or consent.

It is the interaction of open data ideology with this new world that I find concerning; and it is a simple corollary that all the above examples would benefit from being open in terms of efficiency. Firstly because the lack of proper considerations of privacy in the first wave of open data (when it was mainly driven by genuine activists) has pushed the debate really far, and only now we are catching up. Many later arrivals have found the rhetoric of open data great to support other agendas.

Open data has played a truly trojan horse role, for example in the case of care.data in the UK (as Phil Booth from MedConfidential has also explained elsewhere), which has become a shorthand for the wider debate about the future of the National Health Service. In this context information about people is there to be exploited and eventually captured and added to the valuation for the IPO, an “asset class”. People rebel against what they perceive as an expropriation of their data, even when legally speaking they’ve probably lost all rights by then. Hundreds of thousands in the UK have engaged in campaigns against sharing health and tax data with private companies.

But is not just the abuse of open data. There are some intrinsic problems in the slightly black and white approach of open data discourse, the obsession with fixed sets of principles or rankings in a very data-centric manner that does not take into account the context and people affected, or even the reasons for opening, which is seen as a goal in itself.

We need a more nuanced approach. In Ottawa I proposed that each data release involving personal information should have to justify why each principle (completeness, timeliness, machine readability, etc.) will not cause privacy harms, even if legally you are allowed to do it. This is just about the fairness, and in addition to having a legitimate purpose and a case with demonstrable benefits to open the data in the first place. One example of this is the recent changes to Norway’s tax register, which since 2014 requires registration to deter frivolous access.

Finally, and to clarify Phil’s comments, sorry if it wasn’t clear, I did not propose to pick and choose privacy principles, just to check them to understand what exactly you want to achieve in terms of privacy, and what room for manoeuvre you have (e.g. sensitive data). Generally we have to balance the rights to privacy and freedom of expression and information, and this is the right frame for the cases that Helen and Chris have to deal with. But in the specific context of open data, I think this balance is operationalised in ensuring that data releases respect privacy at the cost of complying with the open data principles.

Best, Javier

----

Hi Martin

I completely agree with the main point of involving privacy people and making the debate more nuanced and breaking down the elements of privacy control and openness to find the best compromise.

What you are describing in the article is quite similar to the Latin American model of privacy protections, which is based on the concept of Habeas Data: the right to ask for a court to show the body (of data). This also forms the basis for Freedom of Information. So in some contexts it is even true from a legal perspective that privacy and openness are the same, as explained by David Banisar elsewhere.

It is also true that every privacy policy is a data release policy, if they actually worked as they should they would be telling you more about where your data goes than about what cannot be done with it.

I agree with looking ahead, but we also need to consider the existing practices and the impacts they have in different contexts. Sharing tax data leads to gender parity in wages in Scandinavia, but the US disclosure of all forms of public records is more problematic.

The report by the US FTC on Data Brokers - organisations like Acxiom hoovering up all sorts of available data to build unaccountable profiles of the whole population - shows exactly why open personal information can cause harms right now in many places (and why the US urgently needs more privacy protections). https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf <https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf>

A fundamental problem is that for all the theoretical benefits of opening data it is unclear that these end up reaching those whose data is shared. The UK sharing of pseudonymised health data with the insurance industry (society of actuaries) saw millions of people’s premiums go up. And it was not even about linking individuals, just class profiling.

Opening personal data of the powerful for accountability is a lot more developed; for example the UK ICO has guidance for the responses to FOI. But ultimately every release needs to be examined in its own terms.

My proposal in Ottawa was to first look at the objectives you want to achieve, then the privacy principles you want to maintain and what flexibility is there (you may not have that much room anyway), and then look at the open data principles and see if you can justify each of them individually or removing them can help to preserve privacy.

But ultimately some form of general opt out from big/open data where you don’t require individual level granularity may be unavoidable to give people assurance.

 Best, Javier

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/open-government/attachments/20150612/ec0c149b/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.okfn.org/pipermail/open-government/attachments/20150612/ec0c149b/attachment-0003.sig>