What Does Privacy Have to Do with Open Government?
BY Christopher Wilson | Friday, April 4 2014
The answer to that question might not be obvious. Privacy is something we tend to associate with people and personal information, while open government is presumably about making government data and processes transparent for more accountability (see Open Knowledge Foundation’s distinction between Open Data and My Data). But it’s a question that’s getting asked, as privacy and surveillance are increasingly prominent concerns in a post-Snowden world. It’s also an issue that commanded the attention of the open government community at last year’s OGP Summit. Since then, though, there’s been relatively little discussion or progress made to understand the relationship between privacy and open government. As the open government community convenes regional meetings this spring, it’s important to take stock of how open data and data sharing are de-facto drawing boundaries around these norms, and take clear steps towards building privacy into the open government mandate.
From Outrage to Actual Harms
Privacy and surveillance concerns first began to surface in the open government community late last year, and came to a head at the OGP Summit when Indian activist Aruna Roy used a plenary session to confront Ministers and OGP funders on the duplicity of a government promoting openness while simultaneously conducting secret surveillance.
“..there is more transparency in governments, there is more accountability. But at the same time, there are more restrictive laws being passed by all governments today than ever before. There is an attempt at surveillance by my government, by your government. Why is this happening? I want to know, because if we are going to become a more open society, we should always trust each other.” (We covered the issue and link to the video of the session here.)
Roy’s question highlights a fundamental tension between transparency and surveillance, and it captured a tremendous amount of attention in the hours and days that followed. But aside from the fairly obvious observation that some governments pursue contrary objectives, there’s not a lot that can be done with that insight. Civil society organizations working to raise awareness and change surveillance policies continue to do so, as they would, independent of the open government movement. There’s been no obvious way to leverage OGP’s normative framework in this fight. Simultaneously, the open government community has focused on rethinking its structure and supporting national accountability processes, and - excepting a forthcoming chapter in the Opening Government Guide - has largely failed to engage a more substantive discussion about when opening government itself needs a critical review of privacy, security and ethical concerns.
This conversation needs to be restarted: here are four areas that merit close consideration.
Privacy and ethical concerns are most obvious when opening government involves some kind of personal data. In the UK for example, schools are no longer required to report on “troubled families” whose children require free or subsidized lunches in order to receive the funds those lunches require. This has largely resulted from the realization that several families do not apply for free lunches due to social stigma. There is an inclination, however, for national government to collect and mesh data from multiple agencies in order to identify economically “troubled families,” and to provide that information to schools so that schools can more effectively allocate budget resources towards services for appropriate children. This can be expected to raise objections from parents who didn’t want to be identified as such in the first place.
No such thing as anonymity
When personal data is opened and shared by government, it consistently provokes some public outcry (as with recent sharing of UK health data). The typical government response is to rely on the “anonymization” of data sets. It’s increasingly recognized, however, that there is no such thing as data anonymity. This is a consequence of new types of data and how much of it there is, coupled with the tremendous capacity of algorithms to combine and parse disparate data sets to re-identify individuals. We don’t know much about how this phenomenon works (called the mosaic effect), who can do it or how well. But we do know that simple anonymisation is easily defeated, and that the promise of anonymization is a poor comfort to concerns about private data sharing.
Slippery slope to data sharing
The school lunches example recalls a trend among big data enthusiasts to mobilize data for data’s sake (presumably the identification of student needs should occur in the classroom, and budget decisions be made by schools on the basis of this). The impetus to use data (often aggregating and running algorithms on data from multiple agencies) is something that has been discussed in several country contexts. It would seem that institutions sometimes willingly slide down the slippery slope from open government to unbridled data sharing, greased with the hype surrounding big data and algorithmic data sensing. Coordinating data aggregation across government agencies and institutions is a powerful way for pinpointing and understanding individuals. It’s receiving a lot of attention in the UK for identifying and pursuing fraud, and could potentially be applied to all kinds of social challenges, from preventing predatory financial services to better vetting hires for sensitive government positions. That isn’t quite open government, but it is justified by the same rhetoric of open government and open data (in the UK, such activities are coordinated by the Cabinet Office, also responsible for the OGP and National Security Surveillance).
It’s also worth thinking about privacy and ethics beyond the pale of personally identifiable data. Sharing and release of open data can also have community effects, causing concrete harm when no individuals are identified. The release of crime statistics and subsequent fall in home values is a well known example of this. And one can discuss whether such data release is appropriate or not in any given instance. The more important point is that the open government community should consider precisely how such considerations should be made, what resources government data publishers need to make smart decisions, and where the red lines are for protecting privacy and individual well-being in the data’s march towards public good and transparency.
Leading the Pack?
When trying to get a handle on these issues, it's important to look at how practice is actually developing in the absence of clear guidance. The examples above are all taken from practice or discussions in the UK context, where there is pronounced dissatisfaction among civil society regarding how the government is managing its policy and practice around privacy and surveillance. According to Javier Ruiz Diaz, Policy Director at Open Rights Group, the UK government is leading a general movement in Europe to claw back against data protection, including the new European Data Protection Regulation.
Reasserting the agenda
None of this is simple. The conceptual issues are clouded by complicated norms, competing interests and technical processes like data meshing and re-identification, which are extremely powerful and complex, making their scope and effectiveness difficult to grasp. It’s important, however, that they receive a central place in the discussions in the open government community, and find a home in the OGP agenda.
Lacking explicit guidance, practice by government will continue to be dictated by individual decisions and institutional expediency, which stands to constitute soft policy in the long run. Without engaging government decision makers and data publishers on questions of ethics and privacy, there’s little hope that the OGP community can identify appropriate safeguards or support smart policies in new OGP countries.
The Privacy Chapter of the Open Government Guide can be a key resource in this regard, as will be the forthcoming “Primer on responsible open data,” jointly developed by the Open Knowledge Foundation and Open Rights Group. These types of resources should be used as a mechanism both to support country considerations about when and how to release and share data, but also bring these issues into discussions within the steering committee, aiming for inclusion in the OGP issue areas, commitments or even articles of governance. The regional meetings this spring will be a good place to start: as civil society gather in Dublin and Jakarta, there are excellent opportunities to flesh out concepts of data privacy, identify the actual decisions and constraints faced by data publishers, and pinpoint the types of guidance that can make a difference. A smart approach to supporting discussions on privacy within open government can also provide stronger ground for confronting states on how their agendas relate to data secrecy and surveillance, and might serve as basis for a more robust discussion around government accountability systems toward their citizens’ personal data and right to privacy.
TechPresident partners with the engine room to surface and connect emerging tactics and initiatives.
Personal Democracy Media is grateful to the Omidyar Network and the UN Foundation for their generous support of techPresident's WeGov section.