Open Data, Open Citizens? Open Data and Privacy
Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic (CIPPIC)
David Fewer, Director
“Open data” is data that can be freely used, shared and built-on by anyone, for any purpose. The Canadian government collects an enormous amount of personal information about individuals. This information is often stored in datasets that could be released as open data. Governments are obliged by privacy laws to avoid disclosing personal information except for authorized purposes. However, Canada’s strategies to maintain privacy are not explicitly described in the federal government’s open data policies. No new legislative framework has been created to specifically guide the move towards an open government either.
In this project, CIPPIC surveys government open data portals and the use of this data by commercial private sector data analytic firms, and assesses potential implications for Canadians’ privacy.
Specifically, the project: (a) surveys data made available through open data portals of different levels of government in Canada with a view to identifying open data that relates to individuals, and; (b) assesses the collection, use and disclosure of open data by private sector “big data” analytics enterprises.
Data is labelled as “anonymous” when all personal identifiable information is removed. But individuals can be “re-identified” from imperfectly anonymized data or by combining anonymized data with other data sets. Privacy risks arise when 1) non-anonymized data is leaked accidentally; 2) imperfectly anonymized data is re-identified; or 3) perfectly anonymized data is combined with other data creating re-identified data.
The challenge for open data is to reconcile competing goals: utility and privacy. Anonymized data loses utility. To balance these goals, Canada can adopt processes that include privacy impact assessments of datasets released as open data. These assessments should consider both the likelihood of data being associated with individuals and the potential impact of that association. Canada can also standardize these assessments as part of the open data release process. Finally, Canada can adopt anonymization strategies that evolve over time in order to remain state-of-the-art.
Project deliverables are available in the following language(s):
OPC Funded Project
This project received funding support through the Office of the Privacy Commissioner of Canada’s Contributions Program. The opinions expressed in the summary and report(s) are those of the authors and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada. Summaries have been provided by the project authors. Please note that the projects appear in their language of origin.
100 Thomas More, Suite 306
- Date modified: