Summary: ‘Openness’ may create privacy problems, but it also has a role to play in solving them.
Context: Having been at the Open Knowledge Festival last week, I came away wondering how open data and openness might intersect with my PhD research on personal data and privacy. What follows is a rather abstract account of how two vaguely defined terms – ‘openness’ and ‘privacy’ – might conflict or complement one another.
The movement for ‘openness’ – open knowledge, open data, open government, open culture – has been picking up pace in recent years. Universal access to information and data, for re-use and remix, is heralded as a guiding principle for the digital age.
But if opening up information becomes the norm, what will be the effect on individual privacy? Open data – increasingly released by governments, businesses and organisations – might contain personally identifiable information (PII), or information which would enrich pre-existing PII. The failure of attempts to anonymize such data has been well documented. On the face of it, the drive to open up information resources will always have potentially damaging effects on the privacy of individuals. For those who are both drawn to the emancipatory power of openness, and yet concerned for the gradual erosion of individual privacy, a conflict arises between these two apparently irreconcilable principles.
But reconciliation may be possible; rather than only creating and exacerbating problems of privacy, openness can go some way to solving them too. We now live in a time where the flow of personal data is inevitable; it is the oil of the digital economy. But when personal data is collected covertly, without informed consent, and traded with unknown third parties, the problem is not openness. When governments sell ‘anonymised’ personal data to private companies who de-anonymise it, the problem is not openness. When someone doesn’t get hired on the basis of personal data which the prospective employer obtained secretly from an unknown source, the problem is not openness. None of these privacy-violating nightmare scenarios are caused by openness. Rather, they are a consequence of the secrecy, opacity and information asymmetries which characterize the current approach to personal data.
Far from exacerbating privacy concerns, openness could be a powerful counterweight to them. Universal access to information and data about the collection, exchange and use of personal data is a building block for informed privacy choices. Open data and information on privacy policies, data protection registers, audits and compliance with data protection law should be seen as an essential piece of public infrastructure on which informed privacy decisions and privacy-enhancing services can be built.
The solution to privacy concerns cannot be to turn back the clock on openness. Instead, the power of openness should be applied to the infrastructure on which sound privacy decisions depend, bringing real transparency and accountability to the collection and use of personal data.