Why does online privacy matter?First, you have to define why you value privacy. Privacy has been described as an elusive social value that varies across cultures and changes as the world evolves. I like to think of it not as a fixed concept, but rather a practice or process, which, as historian Sarah E. Igo explains, requires us to define the boundaries between our private affairs and our public selves, as a core component of building our citizenship.
So much information about us is now being tracked online. And as time passes on, that gives government and private bodies a clearer picture of our behaviour, our social and private activities. It also puts this idea of having authorship over how we project our public identity at stake. We tend to focus a lot on privacy when we talk about data, because that’s where it really hits the individual level. But it’s also important to talk about collective data rights, and the impacts that are societal.
Tell me about the work you do at the International Open Data Charter?
We’re a global organisation that works with governments and civil society organisations to study the way information is collected, used and shared, and how that is regulated. We promote policies and practices that facilitate well governed data. We think that context really matters and promote “publishing with purpose” – you don’t treat data about health the same as you do data about transportation, for example. Once that clear purpose is defined, it’s helpful to think about how information can be governed in a way that balances both the benefits and the risks.
Ten years later, after the horrors of World War II, George Orwell published 1984, which described a dystopian future far less comforting than Huxley’s, and was positively terrifying in many ways. A cypherpunk is any activist advocating widespread use of strong cryptography and privacy-enhancing technologies as a route to social and political change.
Data exists on a spectrum. We don’t want all data to be open and freely available. But data collection is an inherently political process and it manifests how power is distributed. Behind the creation of data, there’s always someone making decisions about what data to collect, how it’s structured, where it lives, who’s being left out, etc.
By opening up data, we aim to redress that power so that access to data has been handled responsibly, that safeguards have been put in place where needed, and that it’s fairly distributed. It’s about setting out a path where the benefits of data can be stewarded for a public purpose, while also making sure that you’re safeguarding privacy and other fundamental rights.
How do you balance that call for openness with individual and collective data rights?
We spend a lot of time advocating for the need to balance between openness and privacy, but actually doing it is the hard part. First, you need to define the types of risks and benefits and the communities that are involved around that type of data. Some data should be open by default, some kept closed and some sensibly shared. Understanding where data sits across that spectrum is important.
A trustworthy data governance model that is dynamic and able to adapt is also important. It’s about being open and transparent about how you’re making those decisions and allowing the public and others to test your assumptions and influence the outcomes. It’s important to reach out to communities and groups that may be impacted by the way that data about them is used, uncover unintended consequences or unforeseen risks that may arise, and learn about people’s demands and concerns. This type of exercise should also be periodical, rather than a one-off, ticking-the-box exercise. You need to be able to monitor the impact both at the individual and collective level.
Choosing providers that support data residency helps companies satisfy their customers’ increasingly regional expectations of privacy — especially when paired with a robust, globally-focused privacy program.Working with service providers that support data residency helps ensure that information can be collected, processed, and stored in a way that meets different expectations.
And finally, there are more practical measures and tools such as conducting privacy impact assessments, and using anonymisation techniques to publish data while protecting privacy. It’s a complex policy challenge, and there is no simple, one-size-fits-all solution.