16 December 2015

Open Data and Consent

With Australia's newfound enthusiasm for the Open Government Partnership it is interesting to see 'Open Data, Privacy, and Fair Information Principles: Towards a Balancing Framework' by Frederik J. Zuiderveen Borgesius, Mireille Van Eechoud and Jonathan Gray in Berkeley Technology Law Journal (Forthcoming) comments
Open data are held to contribute to a wide variety of social and political goals, including strengthening transparency, public participation and democratic accountability, promoting economic growth and innovation, and enabling greater public sector efficiency and cost savings. However, releasing government data that contain personal information may threaten privacy and related rights and interests. In this paper we ask how these privacy interests can be respected, without unduly hampering benefits from disclosing public sector information. We propose a balancing framework to help public authorities address this question in different contexts. The framework takes into account different levels of privacy risks for different types of data. It also separates decisions about access and re-use, and highlights a range of different disclosure routes. A circumstance catalogue lists factors that might be considered when assessing whether, under which conditions, and how a dataset can be released. While open data remains an important route for the publication of government information, we conclude that it is not the only route, and there must be clear and robust public interest arguments in order to justify the disclosure of personal information as open data.
The enthusiasm doesn't go as far as a statement that the Government will walk away from its commitment to abolish the Office of the Australian Information Commission and will abandon the Hawke Report about winding back the FOI regime.

'Informed Consent: We Can Do Better to Defend Privacy' by Frederik Zuiderveen Borgesius in (2015) 13(2) IEEE 103-107 comments
We need to rethink our approach to defend privacy on the internet. Currently, policymakers focus heavily on the idea of informed consent as a means to defend privacy. For instance, in many countries the law requires firms to obtain an individual’s consent before they use data about her; with such informed consent requirements, the law aims to empower people to make privacy choices in their best interests. But behavioural studies cast doubt on this approach’s effectiveness, as people tend to click OK to almost any request they see on their screens. To improve privacy protection, this article argues for a combined approach of protecting and empowering the individual. 
This article, based on the author’s PhD thesis, discusses practical problems with informed consent as a means to protect privacy, and illustrates the problems with current data privacy rules regarding behavioural targeting. First, the privacy problems of behavioural targeting, and the central role of informed consent in privacy law are discussed. Following that, practical problems with informed consent are highlighted. Then, the article argues that policymakers should give more attention to rules that protect, rather than empower, people.