I’ve written on open data and privacy before here and here. The release of large amounts of public open data require a serious analysis of the privacy-risks. The more data that is out there, the easier it becomes to de-anonymize and de-aggregate the data. Think first, then act. In the Netherlands, a serious analysis of the impact of open data policy on privacy is still lacking.
In the UK, there seems to be a greater awareness of how the release of large amounts of public data could have a negative effect on privacy. Information commissioner Christopher Graham on the issue:
The Information Commissioner’s Office (ICO) has been closely engaged with the Cabinet Office in its work on this, Graham says. And he is glad that the ICO’s role is being recognised and some of the areas where it believes caution is required are being addressed.
They include the anonymisation of data where, Graham says, there is a lot of work still to be done. His office is currently consulting on a draft code of practice on anonymisation and it is tendering for a contract to set up a ‘good practice network’ for anonymisation, intended to develop expertise and spread good practice.
“It’s important to get this right, because there’s a view that anonymisation is a mirage, and that through two bits of information you can always work out who the individual is,” Graham says.
“We think that concern is overdone, in the sense that where things have gone wrong, research shows that it’s because a basic step hasn’t been taken.” (Source: The Guardian)
This greater awareness can be explained partly by the fact that in the UK, the promotion of access to official information and protection of personal information are both tasks of the Information Commissioner’s Office, whereas in the Netherlands, these tasks are separated. Freedom of information and open data are promoted by the the Ministry of the Interior, and data protection is a task of the Dutch Data Protection Agency.
Also in the UK Cabinet Office’s open data white paper, attention is paid to privacy:
We are announcing the appointment of a privacy expert to the Public Sector Transparency Board to make sure we bring in the latest expertise on privacy measures. More broadly, we’re making sure that privacy experts are brought into all sector panel discussions across Whitehall when data releases are being considered. [...]
Therefore privacy is not to be considered as an afterthought. Privacy issues will be considered alongside transparency at the beginning of all discussions concerning the release of a new dataset, which is why we are appointing a privacy expert to the Public Sector Transparency Board. This appointment is one of the key recommendations of the O’Hara report.
Open data and privacy are two sides of the same coin. They need an integrated policy. I hope this gets through to the Dutch open data movement soon.