The coalition government has made a central plank of its economic growth strategy the development of products and services based on open data. The current policy consultation, Making Open Data Real, repeatedly stresses that personal privacy will be one of the red lines that open data will not cross. However, government papers make clear that the plan is that "anonymised" open data from public services, such as health and education, will generate a revolution in analytical services and population profiling that will help take the UK out of the recession.
There are profound implications for privacy in making that kind of data available online without restrictions. These touch upon several key aspects of data protection, from consent and purpose to the limitations of national frameworks.
One of the key issues relate to anonymised personal data, such as census extracts, which in a controlled environment can be considered safe to a point, but which once it is placed online could be open to reidentification by combining it with other datasets. There is a raging debate on how practical it is in reality for these attacks to take place, but generally there is not dissent on the theoretical impossibility of anonymity with open data. In the UK the problem is compunded by the weak protection given to non explicitly personal data.
After wide consultation with privacy experts our basic policy is based on the following elements:
- ORG supports open data, but privacy is paramount
- The government must acknowledge the risks of reidentification with open data
- There should be a proper public debate before embarking on a major plan for commercialising anonymised data
- Anonymisation technologies shpould be subjected to open peer review
- There should be a responsible disclosure mechanism for safe notification of privacy breaches
We are quite dismayed to hear from the Cabinet Office that the independent review they commisioned on Privacy and Open Data will be treated as simply another contribution to the Making Open Data real consultation, despite being a major effort involving interviews with dozens of people. ORG believes that is dangerous to disregard this review, which we believe should be the starting point for a deeper exploration of the issues. There are related policy lines that will benefit from this, such as the use
You can download the Independent Open Data and Privacy Review here.
ORG does not fully endorse all the recommendations, but we believe that it is a good introduction to the issues, and an honest attempt to tackle the complexities.