topic report 3: privacy
Post on 07-Apr-2018
227 Views
Preview:
TRANSCRIPT
-
8/3/2019 Topic Report 3: Privacy
1/18
EuropeanPublicSectorInformationPlatform
TopicReportNo.2011/3
Opengovernmentdata:reconciling
PSIre-userightsandprivacy
concerns
Author:HansGraux
Published:October2011
-
8/3/2019 Topic Report 3: Privacy
2/18
PrivacyprotectioninPSI
ePSIplatform Topic Report No: 2011 / 3 October 2011 Page 2
Keywords
OpenGovernmentData,PSIDirective,DataProtectionDirective,privacy
Abstract
European Open Government Data (OGD) initiatives are frequently forced to balance
uncomfortably betweentwo legitimatebutoccasionallyconflictingpolicyspheres.Onthe
onehand,therearePublicSectorInformation(PSI)regulations,whichaimtoenableand
encourage the re-use of existing documents held by public sector bodies. This leads to
openness,stimulatesgovernmenttransparency,andcreatesneweconomicopportunities.
Ontheotherhand,dataprotectionregulationsaimtocreateacertainmeasureofprivacy
protectionoverpersonaldata,bydeterminingthecircumstancesunderwhichpersonaldata
canbeprocessed.WhenPSIconsistspartiallyofpersonaldata,tensionsbetweenthetwo
policy spheres inevitably occur. This topic report examines how the principal European
regulationsrelatetoeachother,anddescribesafewreal-lifecasesofconflictsandhow
theywereaddressed.
-
8/3/2019 Topic Report 3: Privacy
3/18
PrivacyprotectioninPSI
ePSIplatform Topic Report No: 2011 / 3 October 2011 Page 3
Tableofcontents
Tableofcontents 3
Abstract 4
Content 4
1 Theopennessofgovernmentdata:twopolicyperspectives 4
1.1 ThetensionbetweenthePSIDirectiveandtheDataProtectionDirective 4
1.2 Theprimacyoffundamentalrights 6
2 Apracticalperspective:dataprotectionchallengesinreallifePSIcases 8
2.1 Fair-PlayAlliance:combiningpubliclyavailablepersonaldataandpublishing
theresultcanbeunlawful 8
2.2 CrimemapsintheUK:adetailedmapmaybreachdataprotectionlaws 11
3 Conclusion:strikingabalancebetweenPSIre-useanddataprotection? 16
Onlineresources 17
-
8/3/2019 Topic Report 3: Privacy
4/18
PrivacyprotectioninPSI
ePSIplatform Topic Report No: 2011 / 3 October 2011 Page 4
Abstract
European Open Government Data (OGD) initiatives are frequently forced to balance
uncomfortably betweentwo legitimatebutoccasionallyconflictingpolicyspheres.Onthe
onehand,therearePublicSectorInformation(PSI)regulations,whichaimtoenableand
encourage the re-use of existing documents held by public sector bodies. This leads to
openness,stimulatesgovernmenttransparency,andcreatesneweconomicopportunities.
Ontheotherhand,dataprotectionregulationsaimtocreateacertainmeasureofprivacy
protectionoverpersonaldata,bydeterminingthecircumstancesunderwhichpersonaldata
canbeprocessed.WhenPSIconsistspartiallyofpersonaldata,tensionsbetweenthetwo
policy spheres inevitably occur. This topic report examines how the principal European
regulations relate toeachother,and describes a fewreal-life casesofconflicts andhow
theywereaddressed.
Content
ThistopicreportexamineshowthePSIDirectiveandtheDataProtectionDirectiverelateto
eachother,anddescribesafewreal-lifecasesofconflictsandhowtheywereaddressed.
1 Theopennessofgovernmentdata:twopolicyperspectives
1.1 ThetensionbetweenthePSIDirectiveandtheDataProtectionDirective
The term Open Government Data (OGD) is generally used to refer to the principle or
objective that information produced or commissioned by government or government
controlled entities should bemade available for free use, re-use and redistribution by
anyone1.InEUpolicyinitiatives,thisobjectiveassuchhasnoclearlegalbasis,inthesense
that thereis nogenericobligationtomakeallgovernmentdataavailablefor free re-use.
Rather, thePSIDirective2 tacklesthis issue from adifferentperspective: it regulates the
obligationsofpublicsectorbodiesintheMemberStateswhentheydecidetoallowforre-
use of their data, and provides corresponding rights to re-users. However, it does not
defineageneralrighttore-useassuch.
None the less, the PSI Directive certainly aims to stimulate the internal market by
encouraging the development of services that can build on the information held by
Europeanpublicsectorbodies3,andpresentsthepublicationofgenerallyavailablepublic
1 See e.g. http://opengovernmentdata.org/what/, http://data.gov.uk/about, and
http://gov.opendata.at/site/history2Directive2003/98/ECoftheEuropeanParliamentandoftheCouncilof17November2003onthe
re-useofpublicsectorinformation,OfficialJournaloftheEuropeanUnionL345,31/12/2003P.90-
96.3SeeRecitals(1)-(5),(15)and(25)ofthePSIDirective
-
8/3/2019 Topic Report 3: Privacy
5/18
PrivacyprotectioninPSI
ePSIplatform Topic Report No: 2011 / 3 October 2011 Page 5
sector information as a fundamental instrument forextending the right to knowledge,
whichisabasicprincipleofdemocracy4.Clearly,thePSIDirectivebuildsontheprinciple
thatthereareclearbenefitstobereapedfromPSIavailabilityandre-use.
The data to whichthe PSIDirectiveapplies is defined inArticle 2.3 as (a)any content
whateveritsmedium(writtenonpaperorstoredinelectronicformorasasound,visualor
audio-visual recording), or (b) any part of such content.5 This is obviously a broad
descriptionthatmaycoverawiderangeofinformationinmanyareasofactivity,suchas
social, economic, geographical, weather, tourist, business, patent and educational
information6. Because of the wide net that is cast by the PSI Directive, its scope of
applicationmayoverlapwithaseparatekeylegislation:theDataProtectionDirective7.
TheDataProtectionDirectiveaimstoprotectthefundamentalrighttoprivacyofnatural
personswithrespecttotheprocessingoftheirpersonaldata8.Itstrivestoreachthisgoal
by creating a common legal framework that determines the conditions under which
personaldatacanbeprocessed.AswiththePSIDirective, thebasicbuildingblockof the
Data ProtectionDirectivehasbeengiven abroad definition:personal data isdefined in
Article2(a)oftheDataProtectionDirectiveasanyinformationrelatingtoanidentifiedor
identifiable natural person ('data subject'); an identifiable person is one who can be
identified,directlyorindirectly,inparticularbyreferencetoanidentificationnumberorto
oneormore factors specificto hisphysical, physiological, mental, economic, cultural or
social identity. The recitals to the Data Protection Directive clarify that in order to
determinewhetherapersonisidentifiable,accountshouldbetakenofallthemeanslikely
reasonablytobeusedeitherbythecontrollerorbyanyotherpersontoidentifythesaid
person9.Generally,wheneverinformationcanbereasonablylinkedtoaspecificindividual,
itislikelytobequalifiedaspersonaldata.
Itis clear thatmuch ofthe information targetedby thePSIDirectivewill also constitute
personaldata,anditwillthereforealsobesubjecttothespecificrestrictionsoftheData
Protection Directive. This creates an immediate tension: one Directive aims to favour
opennessandre-use,whereastheotheremphasizestheimportanceofprivacyprotection
rules.Howdothese frameworks relateto eachother,andhowcanpublic sectorbodies
ensurethattheycomplywithboth?
4SeeRecital(16)ofthePSIDirective5Excludinganumberofcategoriesofdata,suchasdocumentsthesupplyofwhichisanactivity
fallingoutsidethescopeofthepublictaskofthepublicsectorbodies;documentsforwhichthird
partiesholdintellectualpropertyrights,;documentswhichareexcludedfromaccessbyvirtueofthe
accessregimesintheMemberStates;documentsheldbypublicservicebroadcasters,educationand
researchestablishmentsorculturalestablishments.6SeeRecital(4)ofthePSIDirective7 Directive 95/46/ECof the EuropeanParliament and of the Council of 24 October 1995 on the
protectionofindividualswithregardtotheprocessingofpersonaldataandonthefreemovement
ofsuchdata,OfficialJournalL281,23/11/1995P.003100508Article1oftheDataProtectionDirective9SeeRecital(26)ofthePSIDirective
-
8/3/2019 Topic Report 3: Privacy
6/18
PrivacyprotectioninPSI
ePSIplatform Topic Report No: 2011 / 3 October 2011 Page 6
1.2 TheprimacyoffundamentalrightsTherelationshipbetweenbothframeworksispartiallyresolvedbythePSIDirectiveitself.It
containsanumberofdirectacknowledgementsoftheimportanceofdataprotection,and
indeedreferencestheDataProtectionDirectivedirectly.Specifically:
Recital(21)ofthePSIDirectivenotesthat:ThisDirectiveshouldbeimplementedandappliedinfullcompliancewiththeprinciplesrelatingtotheprotectionofpersonaldata
inaccordancewithDirective95/46/ECoftheEuropeanParliamentandoftheCouncil
of24October1995ontheprotectionof individualswithregard totheprocessingof
personaldataandofthefreemovementofsuchdata.
Article1 (4)ofthePSIDirectiveconfirmsthat:ThisDirectiveleaves intactandinnoway affects the level of protection of individuals with regard to the processing of
personaldataunder theprovisionsof Communityandnationallaw,andinparticular
doesnotaltertheobligationsandrightssetoutinDirective95/46/EC.
Article 2 (5) finally emphasizes, for the avoidance of doubt, that the PSI DirectiveappliesthesamedefinitionofpersonaldataastheDataProtectionDirective.
Theresultisfairlyclearandunambiguous,atleastintheory:whenre-usingpersonaldata
coveredbythePSIDirective,theDataProtectionDirectivemustbeadheredtoatalltimes.
Thus, anyentities processingpersonal data in thecourseof re-use (including thepublic
sectorbodiesthatproduceorcollectthedataandmakeitavailable,serviceprovidersthat
re-usethedatatoprovideservices,andanyconsumersthataccessorusethedatathrough
theseservices)willneedtoensuretheycomplywiththeprovisionsoftheDataProtection
Directive10.
Thisprincipleappearstoberelativelysimple,especiallyincaseswherethedatabeingre-
usedcanbeunambiguouslyclassifiedaspersonaldata(e.g.identityinformation,healthor
taxrecords,informationonsocialstatus,etc.).However,complexitiescaneasilyarise.In
somecases,thiscansimplybetheresultofthenationalimplementationoftheDirectives.
InBelgiumforinstance,thefederallawgoverningthere-useofpublicsectorinformation
stipulates11thatpublicsectorinformationwhichcontainspersonaldatamayonlybemade
availablefor re-useif thepublic sectorbodyhas firsttakenthenecessaryprecautionsto
concealtheidentityofanypersonswhomaybeimplicatedintheinformation,specificallybyanonymisingthedatainaccordancewiththerulesofaspecificRoyalDecree.Thisvery
strict approach essentiallyeliminates anyoverlapbetween thePSI sphere and thedata
10 Thispositionwasalso affirmedby theArticle29WorkingParty,whichacts asan independent
Europeanadvisorybodyondataprotectionissues,inits2003Opiniononthere-useofpublicsector
informationandtheprotectionofpersonaldata;Opinion7/2003,WP83ofArticle29WorkingParty,
adoptedon12December200311 Article4 oftheLawof 7March 2007transposing the PSI Directive (Wettotomzetting van de
richtlijn 2003/98/EGvanhet EuropeesParlement en de Raad van17 november2003 inzake het
hergebruik van overheidsinformatie | Loi transposant la directive 2003/98/CE du Parlementeuropen et du Conseil du 17 novembre 2003 concernant la rutilisation des informations du
secteurpublic)
-
8/3/2019 Topic Report 3: Privacy
7/18
PrivacyprotectioninPSI
ePSIplatform Topic Report No: 2011 / 3 October 2011 Page 7
protectionsphere:aslongasdataprotectionlawsapply,re-useisnotpermitted.
But even in the absence of laws that exceed the requirements of the European legal
framework,thesimpleprincipleofobservingdataprotectionruleswhenre-usingdatacan
presentseriouschallenges.Thisismainlytheresultofthebroadinterpretationgiventothe
conceptofpersonaldata,whichmeansthatdataprotectionruleswillapplyinmanymore
casesthanthesimpleexamplesmentionedabove, includingin caseswherepublicsector
bodiesorre-usersmightnotintuitivelyrecognizeaprivacyrisk.Inthesectionsbelow,we
willexamineafewreallifecaseswherere-useinitiativesweremetwithprivacychallenges,
andlookathowtheywereresolved.
-
8/3/2019 Topic Report 3: Privacy
8/18
PrivacyprotectioninPSI
ePSIplatform Topic Report No: 2011 / 3 October 2011 Page 8
2 A practical perspective: data protectionchallengesinreallifePSIcases
2.1 Fair-PlayAlliance:combiningpubliclyavailablepersonaldataandpublishingtheresultcanbeunlawful
ArecentexampleofprivacyrightscollidingwithaPSI initiativeoccurredin Slovakia,and
involvedanawardwinningapplicationcreatedbytheFair-PlayAlliance,aSlovakianNGO
withastatedmissionofpushingforethical,transparent,professionalandeffectivepublic
administrationandpoliticalrepresentation12.Oneofits initiativeswastheZnasichdani.sk
site, whichoffereda simple yet compelling service to the public: byenteringa specific
individualsname,thesitewouldcreateaquickoverviewofanypublicprocurementswon
byanentityinwhichthatindividualhasaleadingrole,alongwiththeamountsawardedto
theseentities.ThenameZnasichdani.skisderivedfromtheSlovakznaichdan,meaning
fromourtaxes.
Fair-Play argued that this would bea useful tool todetectpotential corruption, since it
would allow site users to determine how often an individual citizen was successful in
procurements, irrespective of thecompanythey were using toparticipate in abid. This
could allow investigators to determine cases where an individual could be said to be
unusually(orpossiblyevensuspiciously)successfulinpublicprocurementcontracts.
The application was relatively simple from a technical perspective, as it relied on two
alreadypublicdatabases:ontheonehandadatabaseofpublicprocurementcontracts(the
BulletinofPublicTenders)thatindicatedwhichentitieshadwonspecificbids,andonthe
otherhandacompanyregister(theBusinessRegisteroftheSlovakRepublic)thatindicated
whichindividualshadcontrollingrolesinspecificentities.Thus,anindividualsnamecould
belinkedtoanynumberofrelevantcompanies,whichinturncouldbelinkedtoawarded
procurements.Theresultwasanicevisualoverviewofthepublicfunds(includingspecific
amounts)whichflowedtoanycompaniesthattheindividualwasinvolvedin:
12Seehttp://www.fair-play.sk/index_en.php
-
8/3/2019 Topic Report 3: Privacy
9/18
PrivacyprotectioninPSI
ePSIplatform Topic Report No: 2011 / 3 October 2011 Page 9
Resultsofasamplesearch,usinganexamplepublishedonEPSIplatform.eu13
Theapplicationwasgenerallywellreceived,andwonfirstprizeattheJune2011OpenData
ChallengeduringtheDigitalAgendaAssemblyinBrussels.
Fromaprivacyperspective,theapplicationmightatfirstseeminnocentenough.Afterall,it
does not publish information that cannot also be found by searching the two source
databases,which are already (and presumably legitimately)publiclyaccessible. Thus, no
new information is created by the application; it merely facilitates the collection and
analysisprocess.
None theless,the application raisescertaindata protectionconcerns.It isclearbeyond
discussionthattheinformationprovidedbytheapplicationispersonaldataasdefinedin
theDataProtectionDirective,asitallowstheidentificationofaspecificindividual.Indeed,
13http://epsiplatform.eu/news/news/open_data_challenge_winner_ordered_to_remove_certain_d
ata.
-
8/3/2019 Topic Report 3: Privacy
10/18
PrivacyprotectioninPSI
ePSIplatform Topic Report No: 2011 / 3 October 2011 Page
10
theprimary function of theapplication isprecisely toallowusers toobtain information
relatingtospecificindividuals.Asaresult,therulesoftheDataProtectionDirectiveapply
totheapplication.Thisraisesseveralquestions.
One of the key principles of the Data Protection Directive is the purpose restriction:
personaldatamayonlybecollectedforspecified,explicitandlegitimatepurposes,andit
maynotbefurtherprocessedinawayincompatiblewiththosepurposes(Article6.1(b)of
theDataProtectionDirective).TheZnasichdani.skapplicationprocessespersonaldataby
retrievinginformationfromtwosourcedatabases,andcombiningitintoanoverviewthat
createsaclearaddedvalue.However,onemightquestionwhetherobtainingpersonaldata
from these sources and re-using it for the purposes of publishing the results of public
procurementsiscompatiblewiththepurposerestriction.
Thisdependslargelyonthepurposeforwhichpersonaldataintheoriginalsourcesismade
available. If, for instance, data in theCompaniesRegister ismade available only forthe
purposesofallowingthirdpartiestodetermineifcompanydecisionswerelawfullymade
(e.g.whetheracontractwasindeedsignedbyanauthorisedrepresentativeofacompany),
then using this informationforentirely differentpurposes(e.g.to provideindications of
possible wrongdoings such as violations of Slovak procurement laws or anti-corruption
laws)couldbeaviolationofthepurposerestrictionrule.
Of course, in this case the possible violation depends on the stated purpose of the
CompaniesRegisterintheSlovakRepublic,andonthestatedpurposeofZnasichdani.sk.On
thelatterpurpose,thewebsiteindicatesthatZnasichdani.skisbasedontheassumption
thatifpeoplegetaccesstothiskindofdetailedinformation,managementofpublicmoney
inSlovakiawillbecomemoretransparent.Procurementofoverpricedgoodsandservices
will get a new dimension if citizens are able to connect the benefits from these
procurements with specific names and faces.14 Thus, Znasichdani.sk is declared to
primarily be a tool for improving procurement transparency. Provided that this is
compatible with the purpose forwhich information in the Companies Register ismade
available,thepurposerestrictionruleshouldnotpresentanyproblems.
ThelegitimacyoftheZnasichdani.sksitewascalledintoquestioninarecentcase,wherea
specificindividualobtainedaninjunctionfromacourtinBratislava,orderinghernameand
thelinktoanyprocurementvaluesrelatingtohertobecensoredfromthesearchresults15.
Whilethe argumentspresented inthe caseand the reasoning of the judge are not yet
available,theorderprovidedbythecourtnamelytheblurringoftheindividualsnamein
ordertomaketheresultsunlinkabletoherstronglysuggestthattheissuewasdrivenby
dataprotectionconcerns.
Theoutcomeisratherbizarre:notonlydoestheorderonlyapplytothisspecificapplicant
thusleavingtheinformationofanyotherSlovakcitizenavailableforsearchingbuteven
searchingfortheapplicantsnameandobtainingtherelevantresultsisstillpossible.Only
14
Seehttp://znasichdani.sk/info 15http://spectator.sme.sk/articles/view/43180/2/court_orders_removal_of_public_procurement_da
ta.html
-
8/3/2019 Topic Report 3: Privacy
11/18
PrivacyprotectioninPSI
ePSIplatform Topic Report No: 2011 / 3 October 2011 Page
11
thepresentationof theresultshaschanged,withsome informationbeingblurredin the
overview of procurements. Perhaps more importantly, the proceedings have done the
applicantverylittlefavourswithrespecttoherprivacy,as thecaseincludinghername
andemploymentdetailshavenowbeenwidelypublished.
The decision of the court in Bratislava has been appealed, and should additionally be
followedbyafullhearingonthemeritsofthecase.Hopefully,thiswillclarifythereasoning
behindthedispute,andclearupthelegitimacyoftheZnasichdani.skplatform.Meanwhile,
PSIapplicationdeveloperswillneedtocarefullyconsiderwhethertheirintendedre-useof
personaldataiscompatiblewiththeintendedpurposeofitspublication.
2.2 CrimemapsintheUK:adetailedmapmaybreachdataprotectionlaws
In theSlovakexample above, theapplicabilityofdata protection lawswasa fairly clear
matter,sincetheinformationrelateddirectlytoanidentifiednaturalperson.However,the
scopeofdataprotectionlawscanalsoextendtoothertypesofdata,inwhichthelinktoa
naturalpersonmaynotbeasimmediatelyclear.
Maps are an interestingcase inpoint. Intrinsically, amaponly needs toprovidecertain
geographic informationallowing it tobe linked toa specific location. Simplemaps that
containonlyinformationonalandscapewillhavenoclearlinktonaturalpersons,andwill
thereforenotfallwithinthescopeofdataprotectionlaw.However,thissituationchanges
when information is added to themap. Adding theoutlines ofhouses already provides
informationonthepersonswho live there.Satelliteimagerywillenhancethepictureby
showingthetypeofdwelling,aswellasflaggingwhoinyourneighbourhoodownsoutdoor
swimming pools,saunasand extensive terraces.Addingreal estatevalueswill providea
decent indicator of the income category or of the assets of the inhabitants. The more
detailed and fine grained the information becomes, the more likely it is that amap is
qualified aspersonal data. Afterall, amap containing all of the information above will
certainly provide information on natural persons, namely the socio-economic status of
individuals who can be identified simply by visiting the location. Thus, any sufficiently
detailedmapisboundtoeventuallycrossthelineintopersonaldata.
ThisissuecanalsobehighlyrelevantinthePSIsector,wheregeographicinformationcan
belinkedwithotherdatasourcestoprovideusefulinformationonthecharacteristicsofa
region,city,neighbourhoodorstreet.Aninterestingexampleisthecrimemapsthathave
been published recently in the UK, driven in part by the UKs open data policies16. A
multitude of such applications exist17, including the national crime mapping website,
Police.uk18,andUKCrimeStats
19.Thelatterapplicationprovidesaccesstocrimestatisticsat
thenationallevel,butalsoforspecificneighbourhoodsandstreets,basedonofficialpolice
16Seehttp://data.gov.uk/
17 See the list at http://data.gov.uk/apps, specifically in the crime subcategory
(http://data.gov.uk/search/apachesolr_search/?filters=tid%3A245type%3Aapps&retain-filters=1)18
Seehttp://www.police.uk/19Seehttp://www.ukcrimestats.com
-
8/3/2019 Topic Report 3: Privacy
12/18
PrivacyprotectioninPSI
ePSIplatform Topic Report No: 2011 / 3 October 2011 Page
12
reports. It breaks the crimes up into several categories (including anti-social behaviour,
burglary,robbery,vehiclecrime,violentcrime,andothers20),andlinkstheseincidentsto
thespecificlocationswheretheyoccurredviaeasilysearchablemaps.
CrimeinManchesterprimarilyanti-socialbehaviouroutsidethecitycentre;mainlyviolentcrimeandother
crimeswithin
Undoubtedly,suchmapsareusefultoolsforanyonelookingforanewresidence,allowing
themtogeta firstimpressionofcrimeprevalence.Equallyimportantly,itallowsexisting
residents to assess howmuch crime objectively occurs (or more accurately, howmuch
crimeisreported)intheirneighbourhood,ratherthanhavingtorelyonimpressions 21.
None the less, there is alsoa clear privacy risk. Conceptually, it isperfectly possible to
pinpoint each crime to a precise address. However, this approach meets with serious
problems. Firstly, the location of a crime is of course not always an indicator of who
committedit:aviolentcrimebeingcommittedataspecificaddressdoesnotsuggestthat
theinhabitantofthataddresswastheperpetrator.Indeed,heorshemayinsteadbethe
victim,ortheincidentmaysimplyhaveoccurredontheirdoorstep.Nonetheless,thereis
arealriskthatobserversofthisdatamightdrawthewrongconclusions,possiblyledby
their own presumptions or biases about the inhabitants. Clearly, this would not be a
desirableoutcome.
Fromadataprotectionperspective,themainquestioniswhethertheprovidedinformation
can be qualified as personal data. According to the definition of the Data Protection
Directive, this is the case when the information relates to an identified or identifiable
naturalperson.Evenindirectidentificationcanmeetthisdefinition:whilerealestatevalue
only relates directly to an object (the property itself), it can also relate indirectly to a
20
The latter including sex offences, which are not identified separately as a privacy enhancingmeasure.Seehttp://www.guardian.co.uk/uk/2011/feb/01/online-crime-maps-power-hands-people21Foranoverviewofapplications,seehttp://www.bbc.co.uk/truthaboutcrime/crimemap/
-
8/3/2019 Topic Report 3: Privacy
13/18
PrivacyprotectioninPSI
ePSIplatform Topic Report No: 2011 / 3 October 2011 Page
13
naturalperson(namelywhenanaturalpersonlivesthere)22.Thesamealsoappliestocrime
information linked to a specific location: even if the information does not necessarily
identifyapersonasaperpetrator,victim,observer,orsimplyapersonwholivesnearthe
incident, it can certainly relate to them onone of those points. For this reason, crime
information attached to sufficiently detailed maps can be considered personal data,
meaningthatalloftherequirementsoftheDataProtectionDirectivemustbemet.Thiscan
be particularly burdensome for PSI application providers in this sphere, since the
requirements for processing sensitive personal data (namely crime data) can be very
stringent.
Ofcourse,theseobservationsonlyapplyifthecrimeinformationcanbelinkedtoanatural
person, either because the details of the report include such a link, or because of the
geographicalinferencementionedabove.Ifthereportonlymentionsthetypeofincident
(withoutdetailsofpersonalinvolvement)andhasnoclearlinktoaspecificlocation,then
theinformationdoesntrelatetoanaturalpersonandwillnotbeconsideredaspersonal
data.Indeed,whenclickingonacrimepinontheUKCrimeStatsmapshownabove, the
followingpop-upappears:
Nodetailsonthecrimeoritsexactlocation
TheinformationprovidedviatheUKCrimeStatsapplicationdoesnotprovidedetailsonwho
wasinvolvedintheburglary(asaperpetrator,victimorobserver),nordoesitindicatethe
preciselocation.ItonlystatesthatitoccurredonornearCharlesStreet,andstressesthat
crimes aremapped to points onor near the road where they occurred, as a privacy
22TheexampleisalsoreferredtointheArticle29WorkingPartys2007Opinionontheconceptof
personaldata;Opinion4/2007,WP136ofArticle29WorkingParty,adoptedon20June2007.
-
8/3/2019 Topic Report 3: Privacy
14/18
PrivacyprotectioninPSI
ePSIplatform Topic Report No: 2011 / 3 October 2011 Page
14
protectingmeasure.Theresultisthattheinformationdoesnot relatetoan identifiedor
identifiablenaturalperson,andthusnolongerqualifiesaspersonaldata.Ineffect,ithas
beenanonymisedtoeliminatetheprivacyrisk(andtheapplicabilityofdataprotectionlaw)
withoutundulyharmingtheusefulnessoftheapplication.
Thissolutionseemsideal,butcanbedifficulttoapplyinpractice.Theinformationmapsare
automatically generated by linking maps to crime reports, an approach which doesnt
necessarilytakeintoaccountpopulationdensity.IntheCityofManchester,statingthata
crimeoccurredonornearaspecificstreetprovidesnoreallinktoanidentifiableperson.
However,inaverysparselypopulatedregionwhereperhapsonlyafewresidentsliveina
radius of several kilometres, even such generalized information can provide clear
indications of a persons relation to a crime. If this problem is not addressed, the
informationwill still need tobequalified aspersonal data andprocessed in accordance
withdataprotectionlaws.
Forthis reason, theUK InformationCommissioner (ICO),whomonitorscompliancewith
data protectionlaws in theUK, hasissued specific guidelines23 oncrimemapsanddata
protectioncompliance.TheICOnotedthatrelevantfactorsforassessingcompliancewould
include:
thegranularityofthecrime-map, theregularityofdatauploads, thesensitivityofthecrime, theinformationrecordedonthemap,and theavailabilityofothersourcesofinformation.
The guidelines require those who publish crime maps to implement appropriate
procedurestoaddresstheconcernsofvictimsofcrimewhofearthatthemapsrevealtheir
identity,ortheobjectionsofhouseownerswhosepropertyvaluediminishesasaresultof
incorrectlyattributeddata.TheICOalsoexplicitlywarnsagainstanypracticesthatwould
allowaspecifichouseholdtobelinkedtoaparticularcrime,notingthatthiswouldlikely
constitutean unfairprocessing ofpersonaldata.Thus, therecommendation isto clearly
avoidmakingtheinformationneedlesslyspecific.
Of course, this approach is not too surprising, and is indeed in line with general data
protection principles, and mainly the principle of data minimisation: the processed
personaldatashouldbeadequate,relevantandnotexcessiveinrelationtothepurposes
forwhichtheyarecollectedand/orfurtherprocessed(Article6.1(c)oftheDataProtection
Directive). In terms of PSI, this implies refraining from the use of personal data (i.e.
avoidinglinkstoidentifiablenaturalpersons)wheneverpossibleforthepurposesofthere-
use, and limiting the use ofpersonal data to the maximumextent possible inall other
cases. This approach will undoubtedlybecomemore andmore important as open data
23 Crime-mapping, privacy and transparency: advice from the Information Commissioners Office,
published on 24 November 2010; seehttp://www.ico.gov.uk/~/media/documents/library/Data_Protection/Detailed_specialist_guides/cri
me_mapping_advice.ashx
-
8/3/2019 Topic Report 3: Privacy
15/18
PrivacyprotectioninPSI
ePSIplatform Topic Report No: 2011 / 3 October 2011 Page
15
applicationsspreadtoothersectorswithcomparabledataprotectionconcerns,including
health,education,justiceandtransportation24.
24
See http://www.cabinetoffice.gov.uk/news/government-publish-new-data-health-schools-courts-and-transport for a summary of comparable open data initiatives, as well as
http://www.guardian.co.uk/news/datablog/2011/jul/07/government-transparency-data-releases
-
8/3/2019 Topic Report 3: Privacy
16/18
PrivacyprotectioninPSI
ePSIplatform Topic Report No: 2011 / 3 October 2011 Page
16
3 Conclusion:strikingabalancebetweenPSIre-useanddataprotection?
Thetwoexamplesaboveillustratesomeofthedataprotectionchallengesthatmayoccur
whendesigningandofferingPSIapplications,fromtwoentirelydifferentperspectives.IntheSlovakcase, the application inevitably resulted in theprocessing andpublicationof
personaldata,asthiswasapartofitscorefunctionality.Here,themainquestionis(and
currentlyremains)whetherthere-useofthepersonaldataiscompatiblewiththepurposes
forwhichitwasmadeavailablebythedatasources.IntheUKcase,theapplicationdidnot
inherently require personal data, andthefocuswasmore onmitigatingprivacy risksby
eliminatingtheprocessingofpersonaldatainasfaraspossible,includingthroughtheuse
ofanonymisingtechniques,andprovidingmeansofredressifanyincidentsoccurred.
Both caseshowevershow an importantprinciple,namely that thePSI contextdoes not
provide any unique rules or exemptions for data protection compliance. The samequestions that were raised in these cases could have occurred and would need to be
resolvedinthesamewayiftheinformationsourceshadbeenmadeavailablebyaprivate
sectorbody.Fromthatperspective,theterminologyofstrikingabalancebetweenPSIre-
useanddata protection seems somewhat deceptive, despite itscommonuse25: both in
theoryandinpractice,thecurrentlegalframeworkdoesnotcallforabalancingofinterests
inPSIandprivacy,butforcompliancewithbothsetsofrules.
Nonetheless,thereisstillalargegrayareaandmuchuncertaintyintheapplicationofdata
protection law. Good practices are certainly emerging, aswitnessed by thecrimemaps
caseandtheICOopinion,whichhighlighttheimportanceofdataminimization,privacybydesign andanonymisation
26. In somecases however, the processing of personal data is
unavoidable.TheSlovakexampleofZnasichdani.skshowedthedifficultyofmeasuringthe
legitimateinterestofthere-usersandtheSlovakpublicinhavingoptimallyeffectiveaccess
toPSI,against theprivacy interest ofan individualwhowaspersonally impacted by this
newlyestablishedtransparency.Arulingonthemeritsisstillmissinginthiscase,andwill
undoubtedlyimpacthowsuchissuesareexaminedinthefuture.
In the meantime, PSI re-users will need to face the challenge of complying with data
protectionrulesinanevolvingregulatorylandscape.Thisisnosmalltask,butitssuccessful
completionwillbecrucialtoensurethelegitimacyandpositivepublicperceptionofPSIre-
useinthefuture.
25MostnotablyintheaforementionedArticle29WorkingPartyOpinion7/2003onthere-useof
publicsectorinformationandtheprotectionofpersonaldata,subtitledStrikingthebalance26
See e.g. the recent paper by the Information and Privacy Commissioner of Ontario, AnnCavoukian,Dont StopAnonymizingtheDataIt remainsa safe,securewaytoprotectPrivacy;
http://www.ipc.on.ca/english/Resources/News-Releases/News-Releases-Summary/?id=1085
-
8/3/2019 Topic Report 3: Privacy
17/18
PrivacyprotectioninPSI
ePSIplatform Topic Report No: 2011 / 3 October 2011 Page
17
Onlineresources
http://opengovernmentdata.org/ - website of the Open Government Data WorkingGroupoftheOpenKnowledgeFoundation.
http://data.gov.uk/-OGDwebsiteoperatedbytheUKgovernment
http://gov.opendata.at/-OverviewofAustrianOGDinitiatives http://www.lapsi-project.eu/ -EuropeanThematicNetworkonLegalAspectsofPublic
Sector Information, including an overview of relevant European cases:
http://www.lapsi-project.eu/decisions
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2003/wp83_en.pdf -Opinion 7/2003 on the re-use of public sector information and the protection of
personal data - Striking the balance; publication of the Article 29 Working Party,
adoptedon12December2003
http://znasichdani.sk/l?l=en websiteoftheZnasichdani.skapplication http://epsiplatform.eu/news/news/open_data_challenge_winner_ordered_to_remove
_certain_data-articleontheZnasichdani.skdispute
http://spectator.sme.sk/articles/view/43180/2/court_orders_removal_of_public_procurement_data.html-articleontheZnasichdani.skdispute
http://www.edri.org/edrigram/number9.15/slovak-open-data-court-order - article ontheZnasichdani.skdispute
http://blog.okfn.org/2011/07/18/why-censoring-slovak-spending-app-means-bad-news-for-open-data/-articleontheZnasichdani.skdispute
http://www.police.uk/nationalcrimestatisticsintheUK http://www.ukcrimestats.com, an application which links official crime statistics
(includingcategoriesofcrime)tospecificlocations
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2007/wp136_en.pdf -Opinion4/2007ontheconceptofpersonaldata;publicationoftheArticle29Working
Party,adoptedon20June2007
http://www.guardian.co.uk/news/datablog/2011/feb/01/crime-maps-data-top-100-streets-Articleonthescopeandcontentofcrimemapdata
http://www.cabinetoffice.gov.uk/news/government-publish-new-data-health-schools-courts-and-transport-announcementofopendataplansinkeysectorsintheUK
http://www.bbc.co.uk/truthaboutcrime/crimemap/ - overview and demonstration ofcrimemappossibilities
http://www.ico.gov.uk/~/media/documents/library/Data_Protection/Detailed_specialist_guides/crime_mapping_advice.ashx - Guidance on crime-mapping, privacy and
transparencyfromtheInformationCommissionersOffice,publishedon24November
2010
http://law-in-society.blogspot.com/2011/02/privacy-risks-from-crime-mapping-jamie.html-analysisofdataprotectionchallengesrelatedtocrimemappingbyJamie
Grace,LecturerinLawintheSchoolofLaw&CriminologyattheUniversityofDerby.
-
8/3/2019 Topic Report 3: Privacy
18/18
PrivacyprotectioninPSI
About the Author
HansGrauxisabarlawyerandfoundingpartnerattheBrusselsbasedlawfirmtime.lex
(www.timelex.eu),whichspecializesinICTlawandICTpolicychallenges.Inaddition,heis
anaffiliatedresearcherattheInterdisciplinaryCentreforLawandICT(www.icri.be)atthe
K.U.Leuven. He also acts as the independent legal advisor to the Vlaamse
Toezichtscommissie (Flemish Supervisory Committee -
http://www.vlaamsetoezichtscommissie.be/ ), which supervises personal data exchanges
withinFlemishpublicsectorbodies.
Copyright information
2011EuropeanPSIPlatform-Thisdocumentandallmaterialthereinhasbeencompiled
withgreatcare;however,theauthor,editorand/orpublisherand/oranypartywithinthe
EuropeanPSIPlatformoritspredecessorprojectstheePSIplusNetworkprojectorePSINet
consortiumcannotbeheldliableinanywayfortheconsequencesofusingthecontentof
this document and/or anymaterial referenced therein. The opinions expressed are the
viewoftheauthorsandtheirsoleresponsibilityandnotnecessarilythoseoftheEuropean
Commissionoranyofitsservices.NeithertheEuropeanCommissionnoranypersonactingonbehalfoftheEuropeanCommissionisresponsiblefortheusethatmightbemadeofthe
followinginformation.
ThereportmaybereproducedprovidingacknowledgementismadetotheEuropeanPublic
SectorInformation(PSI)Platform.TheEuropeanPublicSectorInformation(PSI)Platformis
fundedundertheEuropeanCommissioneContentplusprogramme.
top related