You are browsing the archive for privacy.

Suomi digitaalisten henkilötietojen edelläkävijäksi – maailman johtavat asiantuntijat Helsingissä elokuussa

- July 4, 2018 in data protection, Events, Featured, human-centered approach, My Data, mydata, omadata, personal-data, privacy

Palvelujen digitalisoituminen on synnyttänyt kasvavan määrän henkilötietojen kertymistä eri palveluntarjoajille. Samaan aikaan kuluttajien luottamus henkilötietojen asialliseen käyttöön on heikentynyt.

Suomalaiset asiantuntijat, aktivistit ja yritykset ovat eturintamassa kehittämässä tulevaisuuden mallia digitaalisten henkilötietojen hallintaan. Tavoitteena on rakentaa maailmanlaajuinen toimintamalli, jossa yksilö voi itse määritellä millaisin ehdoin hänen tietojaan käytetään. Reilu datatalous hyödyttää kaikkia ja avaa uusia mahdollisuuksia eettisesti kestävään liiketoimintaan.

Liikenne- ja viestintäministeriön tänään julkaisema raportti (https://www.lvm.fi/-/suomi-toimii-omadata-mallin-suunnannayttajana-980281), Sitran IHANⓇ-hanke ja elokuussa Helsingin Kulttuuritalolla järjestettävä MyData 2018 -konferenssi vievät maailmanlaajuisten yhteisten pelisääntöjen kehittämistä aimo harppauksen eteenpäin.

”Toukokuussa 2018 voimaan astunut EU:n tietosuoja-asetus GDPR on merkittävä askel oikeaan suuntaan. Tämä asetus ei kuitenkaan yksin riitä takaamaan oikeudenmukaista tietoyhteiskuntaa tai ruokkimaan innovatiivista liiketoimintaa ja teknologiaa. Tarvitsemme uusia käytäntöjä ja työkaluja, joilla oikeudet toteutetaan käytännössä. Siksi tarvitsemme MyDataa”, selittää raportin toimittanut Antti Poikola, Aalto-yliopiston tutkija ja yksi kansainvälisen MyData-verkoston perustajista.

MyData on 2010-luvulla syntynyt kansainvälinen ilmiö, uudenlainen ajattelumalli ja tulevaisuuden kuva. Tämän päivän päätöksillä on suuri vaikutus siihen, syntyykö oman datan jakamiseen ja hallintaan yhteisiä standardeja kuten aiemmin rahansiirtoihin pankkien välillä, matkapuheluihin tai sähköpostiin, vai jatkuuko muutaman jätin valta datamarkkinoilla.

MyData 2018 konferenssi pureutuu tietosuoja-asetuksen vaikutuksiin ja tuo alan pioneerit ja teknologiajätit Suomeen

Tietosuoja-asetuksen vaikutuksia yrityksille ja kansalaisille punnitaan elokuussa, kun kolmatta kertaa järjestettävä MyData-konferenssi tuo henkilötiedon ammattilaiset ympäri maailmaa Helsinkiin. Esiintyjäkaartiin kuuluu yli sata kotimaista ja kansainvälistä huippuasiantuntijaa mm. Googlelta, BBC:ltä ja F-Securelta.

”Konferenssiin saapuu arviolta 800 henkilöä yli 30 maasta. Mukana on liike-elämän johtajia, yrittäjiä, teknologian kehittäjiä, juristeja, yhteiskuntatieteilijöitä ja aktivisteja. Keskustelujen aiheina ovat uusi liiketoiminta, tekoälyn ja henkilötiedon etiikka, tietojärjestelmien yhteentoimivuus sekä henkilötiedon yhteiskunnalliset vaikutukset”, kuvailee MyData-konferenssin projektijohtaja Viivi Lähteenoja.

Kulttuuritalolla 29.-31.8.2018 järjestettävän konferenssin pääkumppani on Suomen itsenäisyyden juhlarahasto Sitra. Konferenssin järjestävät Open Knowledge Finland ry ja Aalto yliopisto yhteistyössä ranskalaisen ajatuspajan Fingin kanssa. www.mydata2018.org

Lisätietoja:

Antti ‘Jogi’ Poikola
Ohjelmapäällikkö, MyData 2018
Aalto-yliopisto
jogi@mydata.org +358 44 337 5439
 
Riikka Kämppi
Viestintäpäällikkö, MyData 2018
riikka@mydata.org
+358 40 5729733

www.mydata2018.org

MyData-konferenssi järjestetään kolmatta kertaa 29.-31.8.2018 Helsingin Kulttuuritalolla. Konferenssi on maailmanlaajuisen MyData-verkoston lippulaivatapahtuma, joka kokoaa monialaisen yleisön oppimaan toisiltaan ja rakentamaan toimivaa datataloutta ja reilua tietoyhteiskuntaa.

Open Knowledge Finland ry on vuonna 2012 perustettu yhteisölähtöinen, voittoa tavoittelematon kansalaisjärjestö, joka toimii osana kansainvälistä Open Knowledge -verkostoa. Yhdistys edistää tiedon avoimuutta, avoimen tiedon hyödyntämistä ja avoimen yhteiskunnan kehittymistä.

Aalto-yliopisto on monitieteinen yhteisö, jossa tiede ja taide kohtaavat tekniikan ja talouden.

Fing on riippumaton ranskalainen voittoa tavoittelematon tutkimusorganisaatio, joka löytää, luo ja jakaa uusia ja käytännöllisiä ideoita, jotka ennakoivat digitaalisia muutoksia.

The post Suomi digitaalisten henkilötietojen edelläkävijäksi – maailman johtavat asiantuntijat Helsingissä elokuussa appeared first on Open Knowledge Finland.

Suomi digitaalisten henkilötietojen edelläkävijäksi – maailman johtavat asiantuntijat Helsingissä elokuussa

- July 4, 2018 in data protection, Events, Featured, human-centered approach, My Data, mydata, omadata, personal-data, privacy

Palvelujen digitalisoituminen on synnyttänyt kasvavan määrän henkilötietojen kertymistä eri palveluntarjoajille. Samaan aikaan kuluttajien luottamus henkilötietojen asialliseen käyttöön on heikentynyt.

Suomalaiset asiantuntijat, aktivistit ja yritykset ovat eturintamassa kehittämässä tulevaisuuden mallia digitaalisten henkilötietojen hallintaan. Tavoitteena on rakentaa maailmanlaajuinen toimintamalli, jossa yksilö voi itse määritellä millaisin ehdoin hänen tietojaan käytetään. Reilu datatalous hyödyttää kaikkia ja avaa uusia mahdollisuuksia eettisesti kestävään liiketoimintaan.

Liikenne- ja viestintäministeriön tänään julkaisema raportti (https://www.lvm.fi/-/suomi-toimii-omadata-mallin-suunnannayttajana-980281), Sitran IHANⓇ-hanke ja elokuussa Helsingin Kulttuuritalolla järjestettävä MyData 2018 -konferenssi vievät maailmanlaajuisten yhteisten pelisääntöjen kehittämistä aimo harppauksen eteenpäin.

”Toukokuussa 2018 voimaan astunut EU:n tietosuoja-asetus GDPR on merkittävä askel oikeaan suuntaan. Tämä asetus ei kuitenkaan yksin riitä takaamaan oikeudenmukaista tietoyhteiskuntaa tai ruokkimaan innovatiivista liiketoimintaa ja teknologiaa. Tarvitsemme uusia käytäntöjä ja työkaluja, joilla oikeudet toteutetaan käytännössä. Siksi tarvitsemme MyDataa”, selittää raportin toimittanut Antti Poikola, Aalto-yliopiston tutkija ja yksi kansainvälisen MyData-verkoston perustajista.

MyData on 2010-luvulla syntynyt kansainvälinen ilmiö, uudenlainen ajattelumalli ja tulevaisuuden kuva. Tämän päivän päätöksillä on suuri vaikutus siihen, syntyykö oman datan jakamiseen ja hallintaan yhteisiä standardeja kuten aiemmin rahansiirtoihin pankkien välillä, matkapuheluihin tai sähköpostiin, vai jatkuuko muutaman jätin valta datamarkkinoilla.

MyData 2018 konferenssi pureutuu tietosuoja-asetuksen vaikutuksiin ja tuo alan pioneerit ja teknologiajätit Suomeen

Tietosuoja-asetuksen vaikutuksia yrityksille ja kansalaisille punnitaan elokuussa, kun kolmatta kertaa järjestettävä MyData-konferenssi tuo henkilötiedon ammattilaiset ympäri maailmaa Helsinkiin. Esiintyjäkaartiin kuuluu yli sata kotimaista ja kansainvälistä huippuasiantuntijaa mm. Googlelta, BBC:ltä ja F-Securelta.

”Konferenssiin saapuu arviolta 800 henkilöä yli 30 maasta. Mukana on liike-elämän johtajia, yrittäjiä, teknologian kehittäjiä, juristeja, yhteiskuntatieteilijöitä ja aktivisteja. Keskustelujen aiheina ovat uusi liiketoiminta, tekoälyn ja henkilötiedon etiikka, tietojärjestelmien yhteentoimivuus sekä henkilötiedon yhteiskunnalliset vaikutukset”, kuvailee MyData-konferenssin projektijohtaja Viivi Lähteenoja.

Kulttuuritalolla 29.-31.8.2018 järjestettävän konferenssin pääkumppani on Suomen itsenäisyyden juhlarahasto Sitra. Konferenssin järjestävät Open Knowledge Finland ry ja Aalto yliopisto yhteistyössä ranskalaisen ajatuspajan Fingin kanssa. www.mydata2018.org

Lisätietoja:

Antti ‘Jogi’ Poikola
Ohjelmapäällikkö, MyData 2018
Aalto-yliopisto
jogi@mydata.org +358 44 337 5439
 
Riikka Kämppi
Viestintäpäällikkö, MyData 2018
riikka@mydata.org
+358 40 5729733

www.mydata2018.org

MyData-konferenssi järjestetään kolmatta kertaa 29.-31.8.2018 Helsingin Kulttuuritalolla. Konferenssi on maailmanlaajuisen MyData-verkoston lippulaivatapahtuma, joka kokoaa monialaisen yleisön oppimaan toisiltaan ja rakentamaan toimivaa datataloutta ja reilua tietoyhteiskuntaa.

Open Knowledge Finland ry on vuonna 2012 perustettu yhteisölähtöinen, voittoa tavoittelematon kansalaisjärjestö, joka toimii osana kansainvälistä Open Knowledge -verkostoa. Yhdistys edistää tiedon avoimuutta, avoimen tiedon hyödyntämistä ja avoimen yhteiskunnan kehittymistä.

Aalto-yliopisto on monitieteinen yhteisö, jossa tiede ja taide kohtaavat tekniikan ja talouden.

Fing on riippumaton ranskalainen voittoa tavoittelematon tutkimusorganisaatio, joka löytää, luo ja jakaa uusia ja käytännöllisiä ideoita, jotka ennakoivat digitaalisia muutoksia.

The post Suomi digitaalisten henkilötietojen edelläkävijäksi – maailman johtavat asiantuntijat Helsingissä elokuussa appeared first on Open Knowledge Finland.

Προς έναν κώδικα δεοντολογίας της επιστήμης δεδομένων

- February 23, 2018 in code of conduct, data science, ethics, News, privacy, επιστήμη

Πριν μερικούς μήνες ο οργανισμός Data For Democracy, σε συνεργασία με το  Bloomberg και το BrightHive, ανακοίνωσε την πρωτοβουλία για την σκιαγράφηση ενός κώδικα δεοντολογίας για τους επιστήμονες δεδομένων (data scientists). Ο κώδικας φέρει τον τίτλο Community Principles on Ethical Data Sharing (CPEDS) και θα παρέχει ένα γενικό πλαίσιο για την υπεύθυνη χρήση και διαμοιρασμό δεδομένων σε μια προσπάθεια της κοινότητας να κερδίσει την εμπιστοσύνη της κοινωνίας.

GDPR: Τα δικαιώματά μου ως χρήστης

- February 14, 2018 in consent, eu, gdpr, privacy, protection, Rights, Μη κατηγοριοποιημένο

Ο Γενικός Κανονισμός για την Προστασία Δεδομένων (ΓΚΠΣ) θα ισχύσει από τις 25 Μαΐου 2018 αντικαθιστώντας την οδηγία 95/46/ΕΚ για την Προστασία Προσωπικών Δεδομένων. Στα πλαίσια των αρχών του κανονισμού, τα υποκείμενα των δεδομένων αποκτούν νέα δικαιώματα, μεταξύ άλλων αυτών της ενημέρωσης, της πρόσβασης και της λήθης.

Introducing: MyData

- May 25, 2016 in community, OK Finland, privacy

this post was written by the OK Finland team What is MyData? MyData is both an alternative vision and guiding technical principles for how we, as individuals, can have more control over the data trails we leave behind us in our everyday actions. The core idea is that we, you and I, should have an easy way to see where data about us goes, specify who can use it, and alter these decisions over time. To do this, we are developing a standardized, open, and mediated approach to personal data management by creating “MyData operators.” Standardised operator model A MyData operator account would act like an email account for your different data streams. Like an email, different parties can host an operator account, with different sets of functionalities. For example, some MyData operators could also provide personal data storage solutions, others could perform data analytics or work as identity provider. The one requirement for a MyData operator is that it lets individual receive and send data streams according to one interoperable set of standards. What “MyData” can do? “MyData” model does a few things that the current data ecosystem does not. It will let you to re-use your data with a third party – For example, you could take data collected about your purchasing habits from a loyalty card of your favourite grocery store and re-use it in a financing application to see how you are spending your money on groceries. It will let you see and change how you consent to your data use Currently,  different service providers and applications use complicated terms of service where most users just check ‘yes’ or ‘no’ once , without being entirely sure what they agree to. It will let you change services – With MyData you will be able to take your data from one operator to another if you decide to change services. mydata-banner-transp Make it happen, make it right MyData2016 conference will be held in Aug 31st- Sep 2nd in Helsinki Hall of Culture. Right now, the technical solutions for managing your data according to MyData approach exist. There are many initiatives, emerging out of both the public and private sectors around the world, paving the way for human-centered personal data management. We believe strongly in the need to collaborate with other initiatives to develop an infrastructure in a way that works with all the complicated systems at work in the current data landscape. Buy your tickets for early bird discount before May 31st. Follow MyData on social media for updates: Twitter https://twitter.com/mydata2016 Facebook https://www.facebook.com/mydata2016/

Introducing: MyData

- May 25, 2016 in community, OK Finland, privacy

this post was written by the OK Finland team What is MyData?
MyData is both an alternative vision and guiding technical principles for how we, as individuals, can have more control over the data trails we leave behind us in our everyday actions. The core idea is that we, you and I, should have an easy way to see where data about us goes, specify who can use it, and alter these decisions over time. To do this, we are developing a standardized, open, and mediated approach to personal data management by creating “MyData operators.” Standardised operator model A MyData operator account would act like an email account for your different data streams. Like an email, different parties can host an
operator account, with different sets of functionalities. For example, some MyData operators could also provide personal data storage solutions, others could perform data analytics or work as identity provider. The one requirement for a MyData operator is that it lets individual receive and send data streams according to one interoperable set of standards.
What “MyData” can do?
“MyData” model does a few things that the current data ecosystem does not. It will let you to re-use your data with a third party – For example, you could take data collected about your purchasing habits from a loyalty card of your favourite grocery store and re-use it in a financing application to see how you are spending your money on groceries. It will let you see and change how you consent to your data use Currently,  different service providers and applications use complicated terms of service where most users just check ‘yes’ or ‘no’ once , without being entirely sure what they agree to. It will let you change services – With MyData you will be able to take your data from one operator to another if you decide to change services. mydata-banner-transp Make it happen, make it right MyData2016 conference will be held in Aug 31st- Sep 2nd in Helsinki Hall of Culture. Right now, the technical solutions for managing your data according to MyData approach exist. There are many initiatives, emerging out of both the public and private sectors around the world, paving the way for human-centered personal data management. We believe strongly in the need to collaborate with other initiatives to develop an infrastructure in a way that works with all the complicated systems at work in the current data landscape.

Buy your tickets for early bird discount before May 31st. Follow MyData on social media for updates: Twitter https://twitter.com/mydata2016
Facebook https://www.facebook.com/mydata2016/

Newsflash! OKFestival Programme Launches

- June 4, 2014 in Events, Featured, Free Culture, Join us, network, News, OKFest, OKFestival, Open Access, Open Data, Open Development, Open Economics, Open GLAM, Open Government Data, Open Humanities, Open Knowledge Foundation, Open Knowledge Foundation Local Groups, Open Research, Open Science, Open Spending, Open Standards, open-education, Panton Fellows, privacy, Public Domain, training, Transparency, Working Groups

At last, it’s here! Check out the details of the OKFestival 2014 programme – including session descriptions, times and facilitator bios here! Screen Shot 2014-06-04 at 4.11.42 PM

We’re using a tool called Sched to display the programme this year and it has several great features. Firstly, it gives individual session organisers the ability to update the details on the session they’re organising; this includes the option to add slides or other useful material. If you’re one of the facilitators we’ll be emailing you to give you access this week.

Sched also enables every user to create their own personalised programme to include the sessions they’re planning to attend. We’ve also colour-coded the programme to help you when choosing which conversations you want to follow: the Knowledge stream is blue, the Tools stream is red and the Society stream is green. You’ll also notice that there are a bunch of sessions in purple which correspond to the opening evening of the festival when we’re hosting an Open Knowledge Fair. We’ll be providing more details on what to expect from that shortly!

Another way to search the programme is by the subject of the session – find these listed on the right hand side of the main schedule – just click on any of them to see a list of sessions relevant to that subject.

As you check out the individual session pages, you’ll see that we’ve created etherpads for each session where notes can be taken and shared, so don’t forget to keep an eye on those too. And finally; to make the conversations even easier to follow from afar using social media, we’re encouraging session organisers to create individual hashtags for their sessions. You’ll find these listed on each session page.

We received over 300 session suggestions this year – the most yet for any event we’ve organised – and we’ve done our best to fit in as many as we can. There are 66 sessions packed into 2.5 days, plus 4 keynotes and 2 fireside chats. We’ve also made space for an unconference over the 2 core days of the festival, so if you missed out on submitting a proposal, there’s still a chance to present your ideas at the event: come ready to pitch! Finally, the Open Knowledge Fair has added a further 20 demos – and counting – to the lineup and is a great opportunity to hear about more projects. The Programme is full to bursting, and while some time slots may still change a little, we hope you’ll dive right in and start getting excited about July!

We think you’ll agree that Open Knowledge Festival 2014 is shaping up to be an action-packed few days – so if you’ve not bought your ticket yet, do so now! Come join us for what will be a memorable 2014 Festival!

See you in Berlin! Your OKFestival 2014 Team

The “right to be forgotten” – a threat to Transparency and Open Data?

- May 22, 2014 in Featured, Ideas and musings, privacy

A recent European Court Justice (ECJ) ruling may affect how privacy, transparency, and open data interact and has a direct relation with growing discussion about the “right to be forgotten”. Roughly summarized the ruling finds that organisations which publish information may be obliged to “take down” and remove information when an individual requests that removal even when the information is true and is a matter of “public record”. This is potentially a significant change, adding to the work and responsibilities not just of big corporations like Google, but also to the creators of open databases big and small. The so-called “right to be forgotten” undoubtedly encapsulates a justified fear that lots of us have about our loss of personal privacy. However, this decision also appears to have the potential for significant (unintended) negative consequences for the publication and availability of key public interest information – the kind of information that is central to government and corporate accountability. More discussion on this and related topics in area of open data and privacy in the Personal Data, Privacy and Open Data working group Forgotten

The Ruling and What it Means

The core of the case was the request by a citizen to have web pages about him dating from 1998 removed from online newspaper archives of La Vanguardia, and significantly, for the Google Search results linking to that article also to be removed. Now the pages in question contained information that one would normally consider to be of reasonable “public record”, specifically as summarized by the ECJ they “contained an announcement for a real-estate auction organised following attachment proceedings for the recovery of social security debts owed [by the citizen]“. The Spanish Data Protection Agency (AEPD) who handled this in the first instance made what seemed a somewhat surprising ruling in that:
  • They rejected the complaint against La Vanguardia, taking the view that the information in question had been lawfully published by it.
  • But they upheld the complaint against Google and “requested those two companies [Google Spain and Google Inc] to take the necessary measures to withdraw the data from their index and to render access to the data impossible in the future.”
The ECJ (which opines on law not facts) essentially upheld the legal logic of AEPD’s decision, stating:
Court holds that the operator [e.g. Google] is, in certain circumstances, obliged to remove links to web pages that are published by third parties and contain information relating to a person from the list of results displayed following a search made on the basis of that person’s name. The Court makes it clear that such an obligation may also exist in a case where that name or information is not erased beforehand or simultaneously from those web pages, and even, as the case may be, when its publication in itself on those pages is lawful.
At first glance, this decision has some rather substantial implications, for example:
  • It imposes potentially very substantial obligations on those who collect and curate “public” (open) data and information. For example, to respond to requests to remove information (and to continue to track this going forward to ensure continuing compliance).
  • It appears to entitle individuals to request the take-down of information with a strong “public-interest” component. For example, imagine an online database providing information on corporate entities which may list the (true) fact that someone was a director of a company convicted of fraud. Would this ruling allow the director to request their removal?
What is especially noteworthy is that the decision appears to imply that even if the data comes from an official source (and is correct) a downstream collector or aggregator of that information may be required to remove it (and even where the original source does not have to remove the information). We should, of course, remember that any holder of information (whether an original source or an aggregator) has legal (and moral) obligations to remove content in a variety of circumstances. Most obviously, there is an obligation to remove if something is false or some private information has been mistakenly published. This already has implications for transparency and open data projects. For example, in the OpenSpending project information is collected from official sources about government finances including (in the UK) details of individual spending transactions. It is possible that (by accident) the description of a published transaction could provide sensitive information about a person (for example, it could be a payment to social services regarding an abused child where the child’s name is listed). In such circumstances both the original source (the government data) and OpenSpending would have a responsibility to redact the personal information as quickly as possible. However, the case discussed here concerned what one would normally consider “public-interest” information. Traditionally, society has accepted that transparency concerns trump privacy in a variety of public interest areas: for example, one should be able to find who are the directors of limited liability companies, or know the name of one’s elected representatives, or know who it is who was convicted of a crime (though we note that some countries have systems whereby an offender’s conviction is, after some period, expunged from the record). This ruling appears seriously to undermine this either in theory or in fact. In particular, whilst a company like Google may dislike this ruling they have the resources ultimately to comply (in fact it may be good for them as it will increase the barriers to entry!). But for open data projects this ruling creates substantial issues – for example, it now seems possible that open projects like Wikipedia, Poderopedia, OpenCorporates or even OpenSpending will now have to deal with requests to remove information on the basis of infringing on personal data protection even though the information collected only derives from material published elsewhere and has a clear public interest component. The everlasting memory of the internet, and the control of our personal data by corporations like Facebook and Google, undoubtedly present huge challenges to our rights to privacy and our very conception of the public/private divide. But we mustn’t let our justified concerns about ancient Facebook photos prejudicing our job prospects lead to knee-jerk reactions that will harm transparency and undermine the potential of open data. More discussion on this and related topics in area of open data and privacy in the Personal Data, Privacy and Open Data working group

Excerpted Summary from the ECJ Summary

Excerpted from the ECJ Summary:
In 2010 Mario Costeja González, a Spanish national, lodged with the Agencia Española de Protección de Datos (Spanish Data Protection Agency, the AEPD) a complaint against La Vanguardia Ediciones SL (the publisher of a daily newspaper with a large circulation in Spain, in particular in Catalonia) and against Google Spain and Google Inc. Mr Costeja González contended that, when an internet user entered his name in the search engine of the Google group (‘Google Search’), the list of results would display links to two pages of La Vanguardia’s newspaper, of January and March 1998. Those pages in particular contained an announcement for a real-estate auction organised following attachment proceedings for the recovery of social security debts owed by Mr Costeja González. With that complaint, Mr Costeja González requested, first, that La Vanguardia be required either to remove or alter the pages in question (so that the personal data relating to him no longer appeared) or to use certain tools made available by search engines in order to protect the data. Second, he requested that Google Spain or Google Inc. be required to remove or conceal the personal data relating to him so that the data no longer appeared in the search results and in the links to La Vanguardia. In this context, Mr Costeja González stated that the attachment proceedings concerning him had been fully resolved for a number of years and that reference to them was now entirely irrelevant. The AEPD rejected the complaint against La Vanguardia, taking the view that the information in question had been lawfully published by it. On the other hand, the complaint was upheld as regards Google Spain and Google Inc. The AEPD requested those two companies to take the necessary measures to withdraw the data from their index and to render access to the data impossible in the future. Google Spain and Google Inc. brought two actions before the Audiencia Nacional (National High Court, Spain), claiming that the AEPD’s decision should be annulled. It is in this context that the Spanish court referred a series of questions to the Court of Justice. [The ECJ then summarizes its interpretation. Basically Google can be treated as a data controller and ...] … the Court holds that the operator is, in certain circumstances, obliged to remove links to web pages that are published by third parties and contain information relating to a person from the list of results displayed following a search made on the basis of that person’s name. The Court makes it clear that such an obligation may also exist in a case where that name or information is not erased beforehand or simultaneously from those web pages, and even, as the case may be, when its publication in itself on those pages is lawful. Finally, in response to the question whether the directive enables the data subject to request that links to web pages be removed from such a list of results on the grounds that he wishes the information appearing on those pages relating to him personally to be ‘forgotten’ after a certain time, the Court holds that, if it is found, following a request by the data subject, that the inclusion of those links in the list is, at this point in time, incompatible with the directive, the links and information in the list of results must be erased.
Image: Forgotten by Stephen Nicholas, CC-BY-NC-SA

Open Data Privacy

- August 27, 2013 in Featured, Ideas and musings, Open Data, Open Data and My Data, Open Government Data, privacy

“yes, the government should open other people’s data”
Traditionally, the Open Knowledge Foundation has worked to open non-personal data – things like publicly-funded research papers, government spending data, and so on. Where individual data was a part of some shared dataset, such as a census, great amounts of thought and effort had gone in to ensuring that individual privacy was protected and that the aggregate data released was a shared, communal asset. But times change. Increasing amounts of data are collected by governments and corporations, vast quantities of it about individuals (whether or not they realise that it is happening). The risks to privacy through data collection and sharing are probably greater than they have ever been. Data analytics – whether of “big “ or “small” data – has the potential to provide unprecedented insight; however some of that insight may be at the cost of personal privacy, as separate datasets are connected/correlated. Medical data loss dress Both open data and big data are hot topics right now, and at such times it is tempting for organisations to get involved in such topics without necessarily thinking through all the issues. The intersection of big data and open data is somewhat worrying, as the temptation to combine the economic benefits of open data with the current growth potential of big data may lead to privacy concerns being disregarded. Privacy International are right to draw attention to this in their recent article on data for development, but of course other domains are affected too. Today, we’d like to suggest some terms to help the growing discussion about open data and privacy. Our Data is data with no personal element, and a clear sense of shared ownership. Some examples would be where the buses run in my city, what the government decides to spend my tax money on, how the national census is structured and the aggregate data resulting from it. At the Open Knowledge Foundation, our default position is that our data should be open data – it is a shared asset we can and should all benefit from. My Data is information about me personally, where I am identified in some way, regardless of who collects it. It should not be made open or public by others without my direct permission – but it should be “open” to me (I should have access to data about me in a useable form, and the right to share it myself, however I wish if I choose to do so). Transformed Data is information about individuals, where some effort has been made to anonymise or aggregate the data to remove individually identified elements. big-data_conew1 We propose that there should be some clear steps which need to be followed to confirm whether transformed data can be published openly as our data. A set of privacy principles for open data, setting out considerations that need to be made, would be a good start. These might include things like consulting key stakeholders including representatives of whatever group(s) the data is about and data privacy experts around how the data is transformed. For some datasets, it may not prove impossible to transform them sufficiently such that a reasonable level of privacy can be maintained for citizens; these datasets simply should not be opened up. For others, it may be that further work on transformation is needed to achieve an acceptable standard of privacy before the data is fit to be released openly. Ensuring the risks are considered and managed before data release is essential. If the transformations provide sufficient privacy for the individuals concerned, and the principles have been adhered to, the data can be released as open data. We note that some of “our data” will have personal elements. For instance, members of parliament have made a positive choice to enter the public sphere, and some information about them is therefore necessarily available to citizens. Data of this type should still be considered against the principles of open data privacy we propose before publication, although the standards compared against may be different given the public interest. This is part of a series of posts exploring the areas of open data and privacy, which we feel is a very important issue. If you are interested in these matters, or would like to help develop privacy principles for open data, join the working group mailing list. We’d welcome suggestions and thoughts on the mailing list or in the comments below, or talk to us and the Open Rights Group, who we are working with, at the Open Knowledge Conference and other events this autumn.

Give me *my* data: online crowd-sourcing platform

- December 19, 2011 in community, data-collection, Europe, open, privacy

This particular idea is quite large in scale. The foundation for this idea is that in Europe, companies (e.g. supermarkets, energy companies, telephone companies, marketing firms, even Facebook and Google, ...) are obliged to turn over 'any' information they have about any citizen, should he or she personally request for it. So, the idea is to make such public information requests happen easily and intuitively, on a massive scale, and to make the aggregation and (anonymous) sharing of this data possible. As the first step, there should exist a website at which any citizen can download a relevant letter template and the relevant address of any company she is a customer with. This contact data and template could be created through crowd-sourcing. As a result, the citizen should be able to mail, fax or send a personal and legally binding request for her data within the timespan of 5 minutes or less. Dedicated company profiles can then track the performance of the companies to these requests (e.g. average time to answer, quality of response, etc.), allow people to share tips of how to get an answer, and so on. Through this public platform, specific companies can be more easily compared and reviewed, similar to TripAdvisor, for instance. Data can be aggregated and compared by company, by business area, and so on. As the second step, there should exist a collection of easy-to-use tools that can digitize and upload any information that has been given to the citizen by the companies. Such data might be provided on paper, in weird formats, unconventional time periods, and whatever. There might thus be a need to develop a specific tool, for a specific company. Again, this could happen through crowd-sourcing and by encouraging private developers to share their tools. As the third step, there should exist some sort of online platform that allows the citizen to open up her information to others, even anonymously, so this data can be shared and compared (e.g. does a similar family in terms of number and age of children, house, etc. consume the same amount of energy than my family, and if they do, what do they pay for it). It would be interesting to compare such data locally, but as much internationally, for instance, based on real, 'individual' data. There might well be the case that people are intrinsically inclined to share their data if they can benefit from it, for instance by learning from others... Greetings - infoscape.