One of the objectives of the Personal Data and Privacy Working Group is to have a dedicated resources section maintained on the webpage where relevant updates, publications, documents and other outputs from this and other projects are shared and archived. Tools and Information:
- Information on De-identification practices
- European Data Protection Roundtable document which describes state of Data Protection and Technology in Europe
- Anonymisation Standard for Publishing Health and Social Care Data
Publications:.
- In a rebuttal to Dr Ann Cavoukian and Daniel Castro’s paper on anonymisation, this paper by Arvind Narayanan and Edward W. Felten argues that anonymisation still does not work.
- Jane Yakowitz discusses balancing privacy risks and concerns with the need for a data commons in a 2011 paper titled Tragedy of the Data Commons.
- A new study report by the Omidyar Network Open for Business, makes an economic case for open data.
- A research report by Ctrl-Shift finds that the emerging markets of Personal Information Management Services could grow exponentially.
- A paper by Dr Ann Cavoukian and Daniel Castro attempts to argue that re-identification is a myth.
- A paper by the Open Science that collates public perception on open data, with sections addressing specific concerns around personal data management, data sharing and privacy.
- The Final Report of the Open data dialogue addresses the issues surrounding open data, and data management policies in research.
- Much Ado About Data Ownership is a journal publication which discusses the thorny issue of who owns data, and if by owning their data, individuals are offered some form of control over privacy.
- A series of engagements between civil society groups and the UK government on data sharing. More information here.
- This article by the Data Protection Working Party discusses the current opinions on the techniques of anonymization.
- The UK ICO (Information Commissioner’s Office) issues a code of practice on anonymization and the management of data protection risks.
- This journal article discusses the possibility of having a single international body, specifically to oversee the governance of data privacy at the international level.
- The 2012 review and consultation report of the UK midata scheme offers insight into the considerations that were taken into account in the development of the scheme. It also responds to some of the concerns raised, and invites input into the process.
Below, we have collated some of the recent projects and activities that may be of interest to our community. The Horizon Digital Economy Research Institute is exploring the issues surrounding privacy concerns in personal data management platforms. At the initial stakeholders’ event, the UK’s midata project was used as the case study. Ideas coming out of this meeting include the need to pursue the development of anonymisation mechanisms and the rights of consumers to privacy with regards to the use of their personal data. It was also proposed that there should be a focus on ‘privacy by design’-where privacy elements are embedded in data stores by default. For the next stage in the process, stakeholders would be considering which of the many ideas it is going to focus on for further development (either as a research initiative or a project). The Open Government Guide is giving considerations to issues of privacy concerns in government data management in a chapter (currently under development) by Privacy International. The guide proposes a series of steps (from immediate to innovative) to addressing the identified issues on privacy. Examples of proposed activities under these steps include publishing educational material on the protection of personal data; enacting and reforming legislations, publishing transparency reports on government actions in relation to privacy concerns and establishing an oversight body to ensure government agencies conform to ‘right to privacy’ legislations. There are also other reports emerging from Privacy International that tackle privacy concerns (especially surveillance) in the developing world more broadly, but there are sections that consider specifically the privacy considerations of ‘big-data’ (see also this blog post). The Human-Data-Interactive (HDI) focuses on the various issues involved with the management of personal data (including privacy). The idea proposed by HDI is that humans are placed at the centre of managing the information that is held on them, and where clear processes are provided that allow them to interact with these (data) systems. More on this in this article. A forthcoming workshop focuses on various aspects of this in relation to big data, with no explicit strand however on privacy. The Responsible Data Forum, is a series of events convened by the Engine Room and Aspiration (with support from various other agencies/networks including the OKF) where stakeholders would be developing, prototyping and testing tools and strategy that deal with the various issues (including privacy) that come with data-driven advocacy. First event is in early March in Oakland, with one planned for spring (possibly May) in London and a final one in Budapest in June. The Open Notice held a hackathon in early February to build tools for data privacy. The site also maintains a directory of individuals, groups and projects that develop/offer tools to protect rights to personal data online. It is looking into collaborating with the Personal Data and Privacy Working Group to organise a similar event at OKFestival 2014. The Privacy Tools for Sharing Research Data is a multidisciplinary project based at Harvard University focused on supporting personal data use in research in a manner that ensures privacy. A series of workshops are currently being undertaken to consider various issues in relation to privacy and big data. The most recent one held on March 3 was aptly titled Big Data Privacy: Advancing the State of the Art in Technology and Practice. Privacy by Design (PbD) is a framework developed by the Information and Privacy Commissioner of Ontario, Canada to ensure that measures to protect user/consumer privacy are integrated into personal data management systems by default. It outlines 7 Foundational Principles which if followed ensures that this privacy by default ideal is achieved. Resources that have been developed on this platform include the publication Big Privacy: Bridging Big Data and the Personal Data Ecosystem through Privacy by Design (see it here). SemPrivacy offers a platform for developers, researchers and practitioners to ‘meet’ to investigate the issues surrounding privacy on the web. Their focus is not only on the technology and how it is posing particular threats to privacy, but they also investigate the particular properties of technological tools that enable privacy to be supported in datasets. The resources offered include case studies, as well as examples of tools being deployed. LAPSI 2.0 is a European Commission initiative that is investigating legal barriers to the access and use of public sector information. As part of its mandate, it also considers the issue of privacy in personal data management. Its Working Group on privacy therefore produced a policy recommendations document which among things recommended for greater consideration of privacy by design and a revisit of the issue of mandatory anonymisation of personal data. Aside from publications, a series of meetings are organised throughout the year. Are there any other relevant project resources we missed? Join the WG mailing list and share them.
Leave a Reply