How Open Data Contributes to Privacy

Open data can help achieve privacy aims through transparency or by changing business models, e.g. buyers are able to market themselves to sellers. Idea of self advertisingĀ is that people advertise themselves rather than the other way round. The aim is a positive outcome of innovation as well as protection: applied privacy.

Discussion of using the ICO notification register of data controllers to obtain information on how data is processed for e.g. for health, by banks and who the recipients are. The new EU law proposes to get rid of the register as it aims for a light touch and focusses on what organisations are doing internally. It is intended to lead to better data protection outcomes in the longer term.

One tool is freedom of information requests but only for public authorities. Questions can be asked regarding use of data and data breaches. ICO investigations- their parties do not get access to details. Customers may want open publishing of reportsā€œ advocacy would be needed to promote this. The downside is this might have a chilling effect and prevent companies from reporting breaches if it is made public.

We should not ignore the private sector discussions around big data and the role of transparency. For customer and stakeholders it is on the corporate agenda. It is about companies being transparent about what tracking they are doing when people use their websites. Certification schemes could be a good idea. Mozilla has done it recently.

Another barrier is the disruption of business models. Many companies trade on having data in a market where customers are the product sold to advertisers. This could be disrupted.

We need new tools for self-determination. People need to get control of their footprints which requires innovation policies for a human-centric society rather than corporation-centric.

It is not clear whether enough citizens care about the issue. The ease of the current route means many people may not want to create their own world of data. But there is demand within the data protection world. It is a social need. Companies need to find competitive advantage from doing it. The ICO’s scheme of red, yellow, green for compliance could be developed. The ICO is launching an accreditation scheme. It will relate to specific practices rather than companies. There is discussion around privacy as a competitive advantage e.g. Boston Consulting Group. But many people don’t care as long as their data is not lost. The EU data Protection Commissioner produces a report recently. Monetised value of data may outweigh the power of consumers.

There are three advantages:

    1) Accountability- companies get found out if they do wrong;
    2) Allows customers who care to make rational decisions; and
    3) For customers who don’t care, transparency in the system may preserve trust in the system in general (like open source software where people don’t read the code)

 

A concern is inappropriately shifting responsibility to the individual. This should not absolve companies of their obligations. Information mediator companies may be needed to get people a good deal. The regulator must oversee it. It could change to be the overseer of the privacy infrastructure. Privacy policies put the responsibility on the individual to read them all. People don’t want to make decisions on data everyday. Companies like Google promote transparency for hidden interests. ‘Open-washing’, like ‘green-washing’. Most open data is not demand driven at present. We need lobbying for ‘my data’. The government or regulator should have a role in ‘my data’ but it may create more work in terms of complaints. We need to see examples of being effective but it is hard when the benefit is intangible such as transparency. We should look at sectors where there is an incentive for individuals to repurpose the information. We could look at the Netherlands in terms of subject access requests to telcos. Customer switching is a measure.

We are looking for a mapping of the space and the barriers. Transparency is a stepping stone but just revealing bad things does not solve the problem.

The ‘AHAs’:

1) Three uses of transparency:

       a) Accountability- companies get found out if they do wrong;
       b) Allows customers who care to make rational decisions; and
       c) For customers who don't care, transparency in the system may preserve trust in the system in general (like open source software where people don't read the code

2) Barriers:

       a) Chilling effect- companies may become secretive.
       b) Transparency itself is not enough, need to do something with the data that is made transparent.
       c) Engagement- people have other concerns as well as privacy and we should not place too much responsibility in consumer's hands.