OKFestival 2014 was a phenomenal event during which over a 1,000 individuals gathered to discuss and share ideas around the transformative power of open knowledge (information, data etc). However, also on the agenda was the crucial issue of how to ensure and enhance privacy and security in an increasingly open landscape. A number of sessions during the main festival as well as some  fringe events tackled various aspects of  this issue. Here is a recap of some of them.

 

Fringe events

• The Open Data Control: Convergence and Hack fringe event (aptly named Convergathon) took place on the 12th and 13th of July in Berlin with satellite events held simultaneously  in Tel Aviv and San Francisco. It was led by Mark Lizar of Open Notice and Reuben Binns. Day one featured talks and workshops on Personal Data control infrastructure and systems by Eve Maler, Doc Searls and also Rufus Pollock of Open Knowledge, among others. The sprint (which saw a team hacking around a specific tool) concluded events for day two. We consider this a good first step and look forward to a bigger collaborative event next year.

• On Tuesday the 15th, a networking event was hosted by the  MyData Working Group of Open Knowledge Finland and the Finnish Institute in Berlin. Foremost among the challenges that were raised by those present were the concerns around who owns your data, how  personal data is abused by corporations and how having control over ones data does not guarantee immunity from  privacy violations. Therefore, some calls were made for a greater understanding of how open works and how it is validated (evidenced by  the benefits outweighing the risks).

• The Open Development community’s fringe event took place at the Wikimedia Deutschland on Friday July 18th. A sub-session on privacy and protection and how to analyse risk of open data in the developing world was led by  Zara Rahman and Linda Raftree. It emerged from the discussions that though privacy violations are comparatively more severe in this area, most systems are ill-equipped to deal with them. For example, individuals identified from health and social care data datasets as belonging to a particular group in some countries have to live in fear of being assaulted or killed. Participants traced the security and privacy concerns at each stage of the information sharing loop- looking at citizens,  infomediaries, and governments.

Sessions at main festival

• The first of privacy sessions at the main festival took place on Wednesday where Ulrich Atz and Kathryn Corrick of the  ODI took participants through a hands-on anonymisation exercise using data from the Titanic ship passenger list. Discussions also centered around the different ways de-anonymisation can be possible with any particular dataset. Some opinions were that anonymisation is rarely ever fool-proof and therefore privacy protection cannot be entirely guaranteed but what is important is to establish what is the value to be gained from the information contained in the released dataset and to weigh this against the risks before doing so.

 

• In the Can Open Data Can Go Wrong? session, Javier Ruiz of the Open Rights Group and Reuben Binns both shared experiences of the UK NHS care.data program and how it showcased that open data can be entirely misconstrued. While most of the harm stories spanned different cases and contexts, the underlying theme was that open data and information needs to be handled responsibly and ethically.

 

• On  Thursday, Javier Ruiz together with Fabrizio Scrollini and Renata Avila led discussions on the understanding of the surveillance systems in place in different parts of the world and how the related issues of ethical and privacy  concerns it raises can be tackled. While a few participants emphasized how useful encryption tools can be in managing this, others noted that surveillance is very much a political issue which  requires diplomatic and strategic institutional collaboration (beyond just the technology).

 

• Taking Privacy Considerations Forward was the final privacy-related session for the main festival and was facilitated by Sally Deffor, Javier Ruiz, Walter van Holst and Christopher Wilson of the Personal Data and Privacy Working Group. Participants explored and validated the underlying issues and solutions surrounding personal data licensing, anonymisation techniques, control of personal data, among others which have been determined beforehand in a previous workshop. Among the key recommendations made was for clarity on when open personal data (and by inference anonymisation) is necessitated and when it is not. There was also the recognition that regulations on disclosure and privacy are not consistent across different contexts, and this needs to be considered when crafting communicative resources.

Evidently, the attention on how privacy and security is handled in the open environment is only going to increase and there are a number of activities post OKFestival 2014 including the Open Development Camp 2014 and the  Responsible Data Forum that are going to explore the issues further and collaborate on some specific actions. The work of the Personal Data and Privacy WG is also continuing with the next group call planned for mid August to undertake a resources sprint. Do sign-up if you wish to be involved!

 

Photo credits: Marieke Guy & Gregor Fischer