Javier Ruiz’s session at the International Open Data Conference in Ottawa looked at open data privacy principles, risks to be aware of, and strategies to ensure the privacy risks of open data are well managed.
The full notes are thorough and well worth reading, but some particular highlights included:
- an edited version of the Sunlight Foundation’s list of open data impact case studies, with questions that ORG would ask the project developers if they had to do a privacy evaluation.*
- A taxonomy of risks:
- disclosure or re-identification: discrimination, reprisals, reputation
- inference, open data linking, individual profiles: as above, also control and fairness, reidentification of other datasets
- collective profiling through big data (even if anonymised): discrimination in services or prices
- data value: transfer of resources, expropriation, privatisation of collective goods
*Note the disclaimer: ‘the “potential privacy issues” listed in the spreadsheet do not amount to accusations or even serious concerns….They are not systematic and only provided in order to assist workshop participants. This list of issues would require a lot of extra work before publication could be considered.’