Cary, NC – I am in Ireland for the Open Government Partnership (OGP) European Summit. Today as I was attending the Civil Society Day that precedes the summit and was listening to people talking about privacy issues, something crystallized in my mind that had been percolating for a while – we need a new data license.
As the CEO for the Open Data Institute node in North Carolina, our mission is to evangelize open and unfettered access to data, more specifically Open Data. Open Data is defined as data that is machine readable in a non-proprietary format, is easy to access, use and reuse without license at no cost to the user. Open Data does not contain any personally identifiable information (PII), confidential information or information of a security nature.
Personal Data and Privacy Concerns
But what about all this government data (and other data) that is available when requested as a public record via something like a FOIA request? This data can and does contain PII in many cases. How do we protect people from the release of this information in bulk? A good example of this sort of problem is the “Westchester Gun Map” that was published soon after the tragedy at Sandy Hook in the states. The PII in the gun registry was a public record, but the release of this information in bulk created so many unintended consequences and violations of privacy!
Proposed New Data License
Here is the solution that I am thinking of. It is not perfect and will need much input before it is ready to be finalized and applied.
We need a restricted data license for public records that include PII. The license will state that the receiver of the records can perform analysis on the data and can publish aggregated or anonymized information from the data, but cannot release the original data set to any other people. The receiver of the data set is liable for any harm caused by the release of the copy of the data set they have received. Also if the PII data is used to approve or deny service of any kind to any person, the provider of that service is required to disclose the PII data they used in their decision to that person.
This restricted data license would go a long way to easing the privacy concerns people have about the use and misuse of their personal information. The license may even solve the problem completely.
The Open Data Institute is the best organization to manage development of and certify the proper use of this envisioned new data license. Implementation of the license will need to be as a legislative action in all countries so that the license can be codified into law and become a sustainable part of our protection of privacy.
What do you think?
What do you think? We will be actively working on this new restricted data license at the open Data Institute of North Carolina and indeed also at the Open Data Institute. Let your voice be heard.
The Open Data Institute of North Carolina
This article was originally published on the blog of the Open Data Institute of North Carolina on May 8, 2014.
Picture by Open Source.com