In common with most people working in the field of open data – particularly now as I launch into my new role as Chair of the Open Data Institute Queensland – I often find myself talking about information privacy. A key problem is that we’re trying to hit a moving target. Most people only engage with the topic of information privacy when they need to, and it’s hard to know in advance when, or why, this will happen.
Most of us would like government to be more transparent. And most of us would like to be able to make more informed choices: where should I live, which insurance product should I buy, when’s the next bus and should I wait for it, which is the safest route to walk home, where can I take my children this weekend, and will parking be available nearby?
I’m confident 90% of the population agrees we want low-effort, low-stress interactions with our government, which we would like to provide us with better, more cost-effective services.
But here’s the problem.
Every one of these suggestions brings with it a set of privacy challenges, and on these we may not agree. In fact, most of us don’t even think about these considerations until we have to; until we’re ill, until we’re in trouble, until our details are disclosed inadvertently, until those buck’s night photos make an appearance. We don’t know what will befall us, so we don’t know how we will become engaged in information privacy, or when, or what stance we will take to protect our own interests. Hence, a moving target.
So in our planning for open data and information privacy we have to be ready for anything. It is impossible to win this fight through legislation alone, despite the good work that’s been done in both federal and state governments.
The APPs, accompanying guidelines and emergent case law are a good start but only that – the challenge is far richer and more complex. We must weigh the costs and benefits of each decision to publish data. We need to consider the risks associated with the disclosure of sensitive information or the re-identification of aggregated data. We not only need to manage risks, but be ready to manage ‘disclosure incidents’.
In my view this is less about litigation than it is about making a clear-eyed judgement as to the benefits of opening certain data to public access, and the potential costs when something goes wrong. The fact is, data analysts, social media evangelists and societal trends will always move faster than legislators can. Legislation and litigation cannot solve the problem or overcome the complexity.