Balancing the Benefits of Openness with the Risks of Privacy
I attended the UK Anonymisation Network (UKAN) Symposium which was held at the Wellcome Collection in London yesterday, September 11. It was a great opportunity for my colleague Javier Ruiz (of ORG) and I to connect face-to-face with other people doing work in this area since our Open Data & Privacy expert workshop in June and OKFestival 2014 in July.
Aptly titled Anonymisation: Techniques, Risks and Benefits, the symposium saw a healthy debate around both the benefits as well as the risks of anonymisation, and also about open (and big) data generally.
In the opening speeches, it was emphasised that UKAN exists to harmonise practices and knowledge of anonymisation in the country. This aligns well with our own goal on the Open Data & Privacy project, which is to harmonise understanding about the various issues at the intersection of open data, personal data and privacy (where possible!)
The event saw a great participation, with over 150 individuals representing academia and other research groups, both public and private sector data controllers and publishers, and civil society organisations in attendance. The diversity in speakers brought a robustness to all the debates (especially the panel discussions) which was necessary if we are to effectively explore the different aspects of the benefits and risks that are inherent in open data.
While it is not possible to capture all the rich discussions that took place, a couple of points certainly stood out for me which I highlight below.
The importance of trust and transparency
The words trust and transparency were repeatedly mentioned, where it was acknowledged that generally, there needs to be a level of trust within all spheres of the data (sharing) environment. For example, Sir Nigel Shadbolt maintained that privacy considerations matter to the ODI and are taken seriously because engenders at it engenders the trust of their constituents and protects their reputation. This certainly applies also to other actors in the open space such as Open Knowledge and ORG.
Additionally, there were calls for anonymisers to be transparent about the procedures (and techniques) being used so the public can have a trust in the systems in place. The view that data subjects have the right to know the logic behind how data is processed or shared, and what reusers are allowed to do with the data was also advanced. Along a similar vein, there was a call for data breach stories to be shared between organisations especially those that are linked. This atmosphere of trust and transparency is seen as more likely to build the confidence of the public.
‘Benefits versus risks’ is an on-going debate
There is often a polarised debate on the issue of how to handle data so that there is utility but also confidentiality. It was no different at the symposium as both utopian and dystopian perspectives were freely shared. Most of the speakers were of the the view that anonymisation is possible and can be done effectively so that it protects privacy, while at the at the same time unlocking benefits (of data and information) for a variety of purposes. However, there was also the view that anonymisation can be done badly, depending on several factors.
In the two best practice case studies showcased (by the Department of Energy and Climate Change, and the Department for Works and Pension) it was fairly apparent that this debate was crucial in getting them to improve their existing processes of anonymisation prior to publishing the data-sets.
Many of the issues are not settled
Within the open data, personal data and privacy community, there seems to be an acknowledgement that there is a lack of common understanding about most of the terminologies being used in the space, as well as the relevant laws. For example, the issue of what what exactly constitutes consent was once again highlighted. A few of the discussions also flagged in particular pseudonymisation (and also personal data) which have often been interpreted differently in the various laws. The seeming confusion between what is prescribed in the various laws, for instance in the data protection regulations (including the proposed Data Protection Regulation), and the ICO’s Code of Practice was identified to be one of the real challenges that actors in the environment are having to deal with.
Jurisdictional disharmony in interpretations of these laws also compounds the issue, especially where data flows and exports are concerned. For instance, member states within the Article 29 Working Party approach things differently. There are also marked differences in the perspectives from different disciplines and sectors which affect how policies (for instance on giving access to data and managing privacy breaches) could be applied, especially for commercial versus research uses of data.
Role of the UKAN
The continuing debate about balancing openness with privacy makes interdisciplinary bodies such as the UKAN very relevant. Apart from making available the expertise to ensure that anonymisation is done effectively, it also enables a system of checks to be in place as the various institutions act as a check on each other.
As both Sir Nigel Shadbolt and Sir Mark Walport highlighted in their keynotes, the challenges with how to handle all the data from the Internet of Things remain, so interactive meetings such as this are therefore important in providing a critical look at the salient issues. The interdisciplinary and intersectoral Personal Data and Privacy Working Group creates a platform where such conversations can continue. Join the mailing list to keep informed.
Leave a Reply