Search
Close this search box.

We are creating some awesome events for you. Kindly bear with us.

EXCLUSIVE – In-progress UN report on Big Data and Open Data – Defining issues and mitigating risks

EXCLUSIVE - In-progress UN report on Big Data and Open Data - Defining issues and mitigating risks
EXCLUSIVE - In-progress UN report on Big Data and Open Data - Defining issues and mitigating risks

Earlier this year, OpenGov spoke to Adjunct Professor David Watts, Commissioner for Privacy and Data Protection for the State of Victoria in Australia to learn about the Victorian Protective Data Security Framework.

In July, Commissioner Watts was appointed by United Nations (UN) Special Rapporteur on the Right to Privacy’s lead on a Big Data and Open Data study. OpenGov caught up with him to discuss his new role, and the objectives and scope of the study. Commissioner Watts talked about the importance of defining the terms, studying the risks and mitigation strategies.

Can you tell us about your new role as the lead on the UN global study on Big Data and Open Data?

Let me start with some background. The UN Human Rights Council’s Special Rapporteur on the Right to Privacy, Professor Joe Cannataci, has a mandate to “raise awareness concerning the importance of promoting and protecting the right to privacy, including with a view to particular challenges arising in the digital age, as well as concerning the importance of providing individuals whose right to privacy has been violated with access to an effective remedy, consistent with international human rights obligations”.  

In his first report to the Human Rights Council in March 2016, the SRP announced his intention to focus on a number of significant privacy themes. One of those being Big Data and Open Data. The aim of the project I am leading is to produce a report on Big Data and Open Data for the Special Rapporteur for presentation to the UN Human Rights Council and General Assembly in the latter part of 2017.

We have divided the Big Data/ Open Data theme into a number of areas of inquiry. The first area of inquiry relates to how best to frame the issues. The starting point is to define both Big Data and Open Data.

         Interestingly, there is no agreed definition of Big Data.  There are only descriptions.  People talk about the 3, 4 or 5 Vs. When last I counted it was 8 Vs.  Even the National Institute of Standards and Technology (NIST) in the US which attempted a definition, only arrived at a description. The lack of a definition is a coneptual issue.
         
         
         
         

Defining Open Data is  easier. The definition that I find most useful is that Open Data is data that can be freely used, reused and redistributed by anyone, subject only at most to a requirement to attribute and to share alike.

Open Data has become a mantra for many governments, including UK, USA, Australia and Singapore. They believe it will stimulate research and development, drive innovation and generate knowledge to improve society. But there are risks.  One of the most significant is the risk of re-identification of deidentified data.  For example, Australia’s Department of Health released over a billion lines of “deidentified” personal health data a few weeks ago but had to withdraw it shortly afterwards because Melbourne University researchers re-identifed it.

How would success be evaluated?

The extent to which the paper provides the global community with a basis for a sensible and informed debate.

By our ability to produce a report that defines and demystifies the issues, makes sense of them, that identifies the risks and opportunities and points to solutions.

Who are the major stakeholders you would want to involve in this?

The Special Rapporteur has indicated that he wishes to be everybody’s Special Rapporteur.  He has indicated he will be inclusive and is interested in all points of view.  So, contributions from civil society, the academy, government, the private sector, non-government organisations, special interest-groups like health consumers all have an important role to play.

         Broad engagement is needed. Often the debates around privacy become Euro-centric or US-centric.  It is very important to understand Asian perspectives.
         
         
         

The Asia-Pacific region is growing very rapidly and is frequently at the forefront of developing new services, new ICT technologies and new approaches to data.

What is the scope of the report?

The report will be divided into parts:

  • Framing the issues –Defining Big Data, Open Data , Structured and unstructured data
  • Technologies and processes – Analytics, what the process is for management and analysis, and interpretation, algorithms, data linkage, distributed ledger, privacy enhancing technologies etc.
  • Participants – public sector, private sector, Information intermediaries and what each seeks to do with Big Data and Open Data
  • Value – public value, private value and individual value
  • The Ethical, legal and regulatory context
  • Risks
  • Addressing the risks

The difficulty with the subject matter is that it moves so fast.   This means that our understanding of new technologies must constantly evolve.  One issue I have noticed is that much of the discourse about big data is contested  A key task will be to sift what is authoritative from what is not.

What are some of the key benefits and risks in your view?

Although some say that big data’s benefits are unproven, there appears to be a broadening consensus that it can produce insights: for example evidence relevant to some of our most complex social and economic problems such as climate change, healthcare, and to address serious crime and corruption.

In Africa, mobile telephone records were used to track Ebola.  Frequently, the disease vectors could be tracked more effectively this way than by reports from healthcare facilities.

The challenge is how to harness these benefits while protecting privacy. We need to ensure that these techniques do not become so intrusive that we have no personal and private space to ourselves. Drawing global attention to these issues is an important part of the project.  

         As I mentioned earlier, one of the most controversial issues regarding Big Data – Open Data is whether personal informaiton can ever be re-identified.
         
         
         

If you assemble various government data sets, or combine them with other commercially purchased data, then there is a significant risk of the data being re-identified. Blanket assertions that released data has been de-indentified are problematic.  The projects de-identification focus will be evidence-based to provide an opportunity to test their claims of de-identification solutions.

Can you tell us about some of the mitigation measures you are looking at?

Non-exhaustively, we are looking at Privacy Enhancing Technologies, de-identification, differential privacy, distributed ledger technology, the semantic web1, and other technological approaches together with security controls, legal controls at the national and international level, business processes, policies and standards, frameworks, governance, structures, capability, transparency and resourcing.

I am sceptical about technological solutions that assert that they are going to be perfect in every circumstance.

         For example, at the moment the jury is out over whether differential privacy works. Differential privacy involves the preservation of data sets, sufficient to answer queries accurately, but reducing the likelihood of disclosing personal information. Some say that the noise added to the data makes it useless. Others say that the noise that is added to the data is protective of personal information. Which claims stand up to scrutiny?
         
         
         
         

The Semantic web can be used to constitute permissions that would accompany information, from which the automation of informaiton transactions can occur.  Perhaps personal information coud be stored in the equivalent of an electronic envelope, associated with an application that can negotiate how the information can be used through smart contracting.

Distributed ledger technology has been mooted as being able to protect privacy and security.  Distributed ledger implementations such as blockchain show good potential to make transactions accountable, transparent and secure to anyone who can read the blocks in the chain. But in many cases you may not want your private personal information to be transparent.  Maybe there is an encryption solution for this. These are early days. My feeling is, it is a technology that has a range of potential benefits, probably some of them haven’t been invented yet. Again, we need to examine the claims and test them.

Technology moves quickly. So, to underpin regulatory and oversight efforts on one or a suite of technologies seems perilous to me. I think technologies can be used as ways to implement broader policies and regulatory frameworks. It’s important to have principles, standards, frameworks and structures that are risk-based and technology neutral.

What are your thoughts on data ownership?

When different professions and disciplines communicate, they face terminology problems. As a lawyer I understand confidentiality to mean a certain thing. But security professionals have a slightly different meaning and policy professionals have yet another meaning.

         Data ownership is one of those expressions.  Legally the term doesn’t make sense. There is no property right in information per se.  ICT professionals understand data ownership as a stewardship issue that goes to who has management responsibility and who is accountable for the data.
         
         
         

So I think “data ownership” has to be used with care.

It’s better to manage risk against the indicators of accountability and responsibility, rather than trying to work out who owns data.

1 The Semantic Web is a set of data standards promoting common data formats and exchange protocols on the web. 

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

As a Titanium Black Partner of Dell Technologies, CTC Global Singapore boasts unparalleled access to resources.

Established in 1972, we bring 52 years of experience to the table, solidifying our position as a leading IT solutions provider in Singapore. With over 300 qualified IT professionals, we are dedicated to delivering integrated solutions that empower your organization in key areas such as Automation & AI, Cyber Security, App Modernization & Data Analytics, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Renowned for our consulting expertise and delivering expert IT solutions, CTC Global Singapore has become the preferred IT outsourcing partner for businesses across Singapore.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and consulting services provider, helping clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,800 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently, and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity, and service. For more information, visit www.ibm.com