Topic Report 3: Privacy

8/3/2019 Topic Report 3: Privacy

1/18

EuropeanPublicSectorInformationPlatform

TopicReportNo.2011/3

Opengovernmentdata:reconciling

PSIre-userightsandprivacy

concerns

Author:HansGraux

Published:October2011


2/18

PrivacyprotectioninPSI

ePSIplatform Topic Report No: 2011 / 3 October 2011 Page 2

Keywords

OpenGovernmentData,PSIDirective,DataProtectionDirective,privacy

Abstract

European Open Government Data (OGD) initiatives are frequently forced to balance

uncomfortably betweentwo legitimatebutoccasionallyconflictingpolicyspheres.Onthe

onehand,therearePublicSectorInformation(PSI)regulations,whichaimtoenableand

encourage the re-use of existing documents held by public sector bodies. This leads to

openness,stimulatesgovernmenttransparency,andcreatesneweconomicopportunities.

Ontheotherhand,dataprotectionregulationsaimtocreateacertainmeasureofprivacy

protectionoverpersonaldata,bydeterminingthecircumstancesunderwhichpersonaldata

canbeprocessed.WhenPSIconsistspartiallyofpersonaldata,tensionsbetweenthetwo

policy spheres inevitably occur. This topic report examines how the principal European

regulationsrelatetoeachother,anddescribesafewreal-lifecasesofconflictsandhow

theywereaddressed.


3/18



Tableofcontents

Tableofcontents 3

Abstract 4

Content 4

1 Theopennessofgovernmentdata:twopolicyperspectives 4

1.1 ThetensionbetweenthePSIDirectiveandtheDataProtectionDirective 4

1.2 Theprimacyoffundamentalrights 6

2 Apracticalperspective:dataprotectionchallengesinreallifePSIcases 8

2.1 Fair-PlayAlliance:combiningpubliclyavailablepersonaldataandpublishing

theresultcanbeunlawful 8

2.2 CrimemapsintheUK:adetailedmapmaybreachdataprotectionlaws 11

3 Conclusion:strikingabalancebetweenPSIre-useanddataprotection? 16

Onlineresources 17


4/18



Abstract

European Open Government Data (OGD) initiatives are frequently forced to balance

uncomfortably betweentwo legitimatebutoccasionallyconflictingpolicyspheres.Onthe

onehand,therearePublicSectorInformation(PSI)regulations,whichaimtoenableand

encourage the re-use of existing documents held by public sector bodies. This leads to

openness,stimulatesgovernmenttransparency,andcreatesneweconomicopportunities.

Ontheotherhand,dataprotectionregulationsaimtocreateacertainmeasureofprivacy

protectionoverpersonaldata,bydeterminingthecircumstancesunderwhichpersonaldata

canbeprocessed.WhenPSIconsistspartiallyofpersonaldata,tensionsbetweenthetwo

policy spheres inevitably occur. This topic report examines how the principal European

regulations relate toeachother,and describes a fewreal-life casesofconflicts andhow

theywereaddressed.

Content

ThistopicreportexamineshowthePSIDirectiveandtheDataProtectionDirectiverelateto

eachother,anddescribesafewreal-lifecasesofconflictsandhowtheywereaddressed.

1 Theopennessofgovernmentdata:twopolicyperspectives

1.1 ThetensionbetweenthePSIDirectiveandtheDataProtectionDirective

The term Open Government Data (OGD) is generally used to refer to the principle or

objective that information produced or commissioned by government or government

controlled entities should bemade available for free use, re-use and redistribution by

anyone1.InEUpolicyinitiatives,thisobjectiveassuchhasnoclearlegalbasis,inthesense

that thereis nogenericobligationtomakeallgovernmentdataavailablefor free re-use.

Rather, thePSIDirective2 tacklesthis issue from adifferentperspective: it regulates the

obligationsofpublicsectorbodiesintheMemberStateswhentheydecidetoallowforre-

use of their data, and provides corresponding rights to re-users. However, it does not

defineageneralrighttore-useassuch.

None the less, the PSI Directive certainly aims to stimulate the internal market by

encouraging the development of services that can build on the information held by

Europeanpublicsectorbodies3,andpresentsthepublicationofgenerallyavailablepublic

1 See e.g. http://opengovernmentdata.org/what/, http://data.gov.uk/about, and

http://gov.opendata.at/site/history2Directive2003/98/ECoftheEuropeanParliamentandoftheCouncilof17November2003onthe

re-useofpublicsectorinformation,OfficialJournaloftheEuropeanUnionL345,31/12/2003P.90-

96.3SeeRecitals(1)-(5),(15)and(25)ofthePSIDirective


5/18



sector information as a fundamental instrument forextending the right to knowledge,

whichisabasicprincipleofdemocracy4.Clearly,thePSIDirectivebuildsontheprinciple

thatthereareclearbenefitstobereapedfromPSIavailabilityandre-use.

The data to whichthe PSIDirectiveapplies is defined inArticle 2.3 as (a)any content

whateveritsmedium(writtenonpaperorstoredinelectronicformorasasound,visualor

audio-visual recording), or (b) any part of such content.5 This is obviously a broad

descriptionthatmaycoverawiderangeofinformationinmanyareasofactivity,suchas

social, economic, geographical, weather, tourist, business, patent and educational

information6. Because of the wide net that is cast by the PSI Directive, its scope of

applicationmayoverlapwithaseparatekeylegislation:theDataProtectionDirective7.

TheDataProtectionDirectiveaimstoprotectthefundamentalrighttoprivacyofnatural

personswithrespecttotheprocessingoftheirpersonaldata8.Itstrivestoreachthisgoal

by creating a common legal framework that determines the conditions under which

personaldatacanbeprocessed.AswiththePSIDirective, thebasicbuildingblockof the

Data ProtectionDirectivehasbeengiven abroad definition:personal data isdefined in

Article2(a)oftheDataProtectionDirectiveasanyinformationrelatingtoanidentifiedor

identifiable natural person ('data subject'); an identifiable person is one who can be

identified,directlyorindirectly,inparticularbyreferencetoanidentificationnumberorto

oneormore factors specificto hisphysical, physiological, mental, economic, cultural or

social identity. The recitals to the Data Protection Directive clarify that in order to

determinewhetherapersonisidentifiable,accountshouldbetakenofallthemeanslikely

reasonablytobeusedeitherbythecontrollerorbyanyotherpersontoidentifythesaid

person9.Generally,wheneverinformationcanbereasonablylinkedtoaspecificindividual,

itislikelytobequalifiedaspersonaldata.

Itis clear thatmuch ofthe information targetedby thePSIDirectivewill also constitute

personaldata,anditwillthereforealsobesubjecttothespecificrestrictionsoftheData

Protection Directive. This creates an immediate tension: one Directive aims to favour

opennessandre-use,whereastheotheremphasizestheimportanceofprivacyprotection

rules.Howdothese frameworks relateto eachother,andhowcanpublic sectorbodies

ensurethattheycomplywithboth?

4SeeRecital(16)ofthePSIDirective5Excludinganumberofcategoriesofdata,suchasdocumentsthesupplyofwhichisanactivity

fallingoutsidethescopeofthepublictaskofthepublicsectorbodies;documentsforwhichthird

partiesholdintellectualpropertyrights,;documentswhichareexcludedfromaccessbyvirtueofthe

accessregimesintheMemberStates;documentsheldbypublicservicebroadcasters,educationand

researchestablishmentsorculturalestablishments.6SeeRecital(4)ofthePSIDirective7 Directive 95/46/ECof the EuropeanParliament and of the Council of 24 October 1995 on the

protectionofindividualswithregardtotheprocessingofpersonaldataandonthefreemovement

ofsuchdata,OfficialJournalL281,23/11/1995P.003100508Article1oftheDataProtectionDirective9SeeRecital(26)ofthePSIDirective


6/18



1.2 TheprimacyoffundamentalrightsTherelationshipbetweenbothframeworksispartiallyresolvedbythePSIDirectiveitself.It

containsanumberofdirectacknowledgementsoftheimportanceofdataprotection,and

indeedreferencestheDataProtectionDirectivedirectly.Specifically:

Recital(21)ofthePSIDirectivenotesthat:ThisDirectiveshouldbeimplementedandappliedinfullcompliancewiththeprinciplesrelatingtotheprotectionofpersonaldata

inaccordancewithDirective95/46/ECoftheEuropeanParliamentandoftheCouncil

of24October1995ontheprotectionof individualswithregard totheprocessingof

personaldataandofthefreemovementofsuchdata.

Article1 (4)ofthePSIDirectiveconfirmsthat:ThisDirectiveleaves intactandinnoway affects the level of protection of individuals with regard to the processing of

personaldataunder theprovisionsof Communityandnationallaw,andinparticular

doesnotaltertheobligationsandrightssetoutinDirective95/46/EC.

Article 2 (5) finally emphasizes, for the avoidance of doubt, that the PSI DirectiveappliesthesamedefinitionofpersonaldataastheDataProtectionDirective.

Theresultisfairlyclearandunambiguous,atleastintheory:whenre-usingpersonaldata

coveredbythePSIDirective,theDataProtectionDirectivemustbeadheredtoatalltimes.

Thus, anyentities processingpersonal data in thecourseof re-use (including thepublic

sectorbodiesthatproduceorcollectthedataandmakeitavailable,serviceprovidersthat

re-usethedatatoprovideservices,andanyconsumersthataccessorusethedatathrough

theseservices)willneedtoensuretheycomplywiththeprovisionsoftheDataProtection

Directive10.

Thisprincipleappearstoberelativelysimple,especiallyincaseswherethedatabeingre-

usedcanbeunambiguouslyclassifiedaspersonaldata(e.g.identityinformation,healthor

taxrecords,informationonsocialstatus,etc.).However,complexitiescaneasilyarise.In

somecases,thiscansimplybetheresultofthenationalimplementationoftheDirectives.

InBelgiumforinstance,thefederallawgoverningthere-useofpublicsectorinformation

stipulates11thatpublicsectorinformationwhichcontainspersonaldatamayonlybemade

availablefor re-useif thepublic sectorbodyhas firsttakenthenecessaryprecautionsto

concealtheidentityofanypersonswhomaybeimplicatedintheinformation,specificallybyanonymisingthedatainaccordancewiththerulesofaspecificRoyalDecree.Thisvery

strict approach essentiallyeliminates anyoverlapbetween thePSI sphere and thedata

10 Thispositionwasalso affirmedby theArticle29WorkingParty,whichacts asan independent

Europeanadvisorybodyondataprotectionissues,inits2003Opiniononthere-useofpublicsector

informationandtheprotectionofpersonaldata;Opinion7/2003,WP83ofArticle29WorkingParty,

adoptedon12December200311 Article4 oftheLawof 7March 2007transposing the PSI Directive (Wettotomzetting van de

richtlijn 2003/98/EGvanhet EuropeesParlement en de Raad van17 november2003 inzake het

hergebruik van overheidsinformatie | Loi transposant la directive 2003/98/CE du Parlementeuropen et du Conseil du 17 novembre 2003 concernant la rutilisation des informations du

secteurpublic)


7/18



protectionsphere:aslongasdataprotectionlawsapply,re-useisnotpermitted.

But even in the absence of laws that exceed the requirements of the European legal

framework,thesimpleprincipleofobservingdataprotectionruleswhenre-usingdatacan

presentseriouschallenges.Thisismainlytheresultofthebroadinterpretationgiventothe

conceptofpersonaldata,whichmeansthatdataprotectionruleswillapplyinmanymore

casesthanthesimpleexamplesmentionedabove, includingin caseswherepublicsector

bodiesorre-usersmightnotintuitivelyrecognizeaprivacyrisk.Inthesectionsbelow,we

willexamineafewreallifecaseswherere-useinitiativesweremetwithprivacychallenges,

andlookathowtheywereresolved.


8/18



2 A practical perspective: data protectionchallengesinreallifePSIcases

2.1 Fair-PlayAlliance:combiningpubliclyavailablepersonaldataandpublishingtheresultcanbeunlawful

ArecentexampleofprivacyrightscollidingwithaPSI initiativeoccurredin Slovakia,and

involvedanawardwinningapplicationcreatedbytheFair-PlayAlliance,aSlovakianNGO

withastatedmissionofpushingforethical,transparent,professionalandeffectivepublic

administrationandpoliticalrepresentation12.Oneofits initiativeswastheZnasichdani.sk

site, whichoffereda simple yet compelling service to the public: byenteringa specific

individualsname,thesitewouldcreateaquickoverviewofanypublicprocurementswon

byanentityinwhichthatindividualhasaleadingrole,alongwiththeamountsawardedto

theseentities.ThenameZnasichdani.skisderivedfromtheSlovakznaichdan,meaning

fromourtaxes.

Fair-Play argued that this would bea useful tool todetectpotential corruption, since it

would allow site users to determine how often an individual citizen was successful in

procurements, irrespective of thecompanythey were using toparticipate in abid. This

could allow investigators to determine cases where an individual could be said to be

unusually(orpossiblyevensuspiciously)successfulinpublicprocurementcontracts.

The application was relatively simple from a technical perspective, as it relied on two

alreadypublicdatabases:ontheonehandadatabaseofpublicprocurementcontracts(the

BulletinofPublicTenders)thatindicatedwhichentitieshadwonspecificbids,andonthe

otherhandacompanyregister(theBusinessRegisteroftheSlovakRepublic)thatindicated

whichindividualshadcontrollingrolesinspecificentities.Thus,anindividualsnamecould

belinkedtoanynumberofrelevantcompanies,whichinturncouldbelinkedtoawarded

procurements.Theresultwasanicevisualoverviewofthepublicfunds(includingspecific

amounts)whichflowedtoanycompaniesthattheindividualwasinvolvedin:

12Seehttp://www.fair-play.sk/index_en.php


9/18



Resultsofasamplesearch,usinganexamplepublishedonEPSIplatform.eu13

Theapplicationwasgenerallywellreceived,andwonfirstprizeattheJune2011OpenData

ChallengeduringtheDigitalAgendaAssemblyinBrussels.

Fromaprivacyperspective,theapplicationmightatfirstseeminnocentenough.Afterall,it

does not publish information that cannot also be found by searching the two source

databases,which are already (and presumably legitimately)publiclyaccessible. Thus, no

new information is created by the application; it merely facilitates the collection and

analysisprocess.

None theless,the application raisescertaindata protectionconcerns.It isclearbeyond

discussionthattheinformationprovidedbytheapplicationispersonaldataasdefinedin

theDataProtectionDirective,asitallowstheidentificationofaspecificindividual.Indeed,

13http://epsiplatform.eu/news/news/open_data_challenge_winner_ordered_to_remove_certain_d

ata.


10/18


ePSIplatform Topic Report No: 2011 / 3 October 2011 Page

10

theprimary function of theapplication isprecisely toallowusers toobtain information

relatingtospecificindividuals.Asaresult,therulesoftheDataProtectionDirectiveapply

totheapplication.Thisraisesseveralquestions.

One of the key principles of the Data Protection Directive is the purpose restriction:

personaldatamayonlybecollectedforspecified,explicitandlegitimatepurposes,andit

maynotbefurtherprocessedinawayincompatiblewiththosepurposes(Article6.1(b)of

theDataProtectionDirective).TheZnasichdani.skapplicationprocessespersonaldataby

retrievinginformationfromtwosourcedatabases,andcombiningitintoanoverviewthat

createsaclearaddedvalue.However,onemightquestionwhetherobtainingpersonaldata

from these sources and re-using it for the purposes of publishing the results of public

procurementsiscompatiblewiththepurposerestriction.

Thisdependslargelyonthepurposeforwhichpersonaldataintheoriginalsourcesismade

available. If, for instance, data in theCompaniesRegister ismade available only forthe

purposesofallowingthirdpartiestodetermineifcompanydecisionswerelawfullymade

(e.g.whetheracontractwasindeedsignedbyanauthorisedrepresentativeofacompany),

then using this informationforentirely differentpurposes(e.g.to provideindications of

possible wrongdoings such as violations of Slovak procurement laws or anti-corruption

laws)couldbeaviolationofthepurposerestrictionrule.

Of course, in this case the possible violation depends on the stated purpose of the

CompaniesRegisterintheSlovakRepublic,andonthestatedpurposeofZnasichdani.sk.On

thelatterpurpose,thewebsiteindicatesthatZnasichdani.skisbasedontheassumption

thatifpeoplegetaccesstothiskindofdetailedinformation,managementofpublicmoney

inSlovakiawillbecomemoretransparent.Procurementofoverpricedgoodsandservices

will get a new dimension if citizens are able to connect the benefits from these

procurements with specific names and faces.14 Thus, Znasichdani.sk is declared to

primarily be a tool for improving procurement transparency. Provided that this is

compatible with the purpose forwhich information in the Companies Register ismade

available,thepurposerestrictionruleshouldnotpresentanyproblems.

ThelegitimacyoftheZnasichdani.sksitewascalledintoquestioninarecentcase,wherea

specificindividualobtainedaninjunctionfromacourtinBratislava,orderinghernameand

thelinktoanyprocurementvaluesrelatingtohertobecensoredfromthesearchresults15.

Whilethe argumentspresented inthe caseand the reasoning of the judge are not yet

available,theorderprovidedbythecourtnamelytheblurringoftheindividualsnamein

ordertomaketheresultsunlinkabletoherstronglysuggestthattheissuewasdrivenby

dataprotectionconcerns.

Theoutcomeisratherbizarre:notonlydoestheorderonlyapplytothisspecificapplicant

thusleavingtheinformationofanyotherSlovakcitizenavailableforsearchingbuteven

searchingfortheapplicantsnameandobtainingtherelevantresultsisstillpossible.Only

14

Seehttp://znasichdani.sk/info 15http://spectator.sme.sk/articles/view/43180/2/court_orders_removal_of_public_procurement_da

ta.html


11/18



11

thepresentationof theresultshaschanged,withsome informationbeingblurredin the

overview of procurements. Perhaps more importantly, the proceedings have done the

applicantverylittlefavourswithrespecttoherprivacy,as thecaseincludinghername

andemploymentdetailshavenowbeenwidelypublished.

The decision of the court in Bratislava has been appealed, and should additionally be

followedbyafullhearingonthemeritsofthecase.Hopefully,thiswillclarifythereasoning

behindthedispute,andclearupthelegitimacyoftheZnasichdani.skplatform.Meanwhile,

PSIapplicationdeveloperswillneedtocarefullyconsiderwhethertheirintendedre-useof

personaldataiscompatiblewiththeintendedpurposeofitspublication.

2.2 CrimemapsintheUK:adetailedmapmaybreachdataprotectionlaws

In theSlovakexample above, theapplicabilityofdata protection lawswasa fairly clear

matter,sincetheinformationrelateddirectlytoanidentifiednaturalperson.However,the

scopeofdataprotectionlawscanalsoextendtoothertypesofdata,inwhichthelinktoa

naturalpersonmaynotbeasimmediatelyclear.

Maps are an interestingcase inpoint. Intrinsically, amaponly needs toprovidecertain

geographic informationallowing it tobe linked toa specific location. Simplemaps that

containonlyinformationonalandscapewillhavenoclearlinktonaturalpersons,andwill

thereforenotfallwithinthescopeofdataprotectionlaw.However,thissituationchanges

when information is added to themap. Adding theoutlines ofhouses already provides

informationonthepersonswho live there.Satelliteimagerywillenhancethepictureby

showingthetypeofdwelling,aswellasflaggingwhoinyourneighbourhoodownsoutdoor

swimming pools,saunasand extensive terraces.Addingreal estatevalueswill providea

decent indicator of the income category or of the assets of the inhabitants. The more

detailed and fine grained the information becomes, the more likely it is that amap is

qualified aspersonal data. Afterall, amap containing all of the information above will

certainly provide information on natural persons, namely the socio-economic status of

individuals who can be identified simply by visiting the location. Thus, any sufficiently

detailedmapisboundtoeventuallycrossthelineintopersonaldata.

ThisissuecanalsobehighlyrelevantinthePSIsector,wheregeographicinformationcan

belinkedwithotherdatasourcestoprovideusefulinformationonthecharacteristicsofa

region,city,neighbourhoodorstreet.Aninterestingexampleisthecrimemapsthathave

been published recently in the UK, driven in part by the UKs open data policies16. A

multitude of such applications exist17, including the national crime mapping website,

Police.uk18,andUKCrimeStats

19.Thelatterapplicationprovidesaccesstocrimestatisticsat

thenationallevel,butalsoforspecificneighbourhoodsandstreets,basedonofficialpolice

16Seehttp://data.gov.uk/

17 See the list at http://data.gov.uk/apps, specifically in the crime subcategory

(http://data.gov.uk/search/apachesolr_search/?filters=tid%3A245type%3Aapps&retain-filters=1)18

Seehttp://www.police.uk/19Seehttp://www.ukcrimestats.com


12/18



12

reports. It breaks the crimes up into several categories (including anti-social behaviour,

burglary,robbery,vehiclecrime,violentcrime,andothers20),andlinkstheseincidentsto

thespecificlocationswheretheyoccurredviaeasilysearchablemaps.

CrimeinManchesterprimarilyanti-socialbehaviouroutsidethecitycentre;mainlyviolentcrimeandother

crimeswithin

Undoubtedly,suchmapsareusefultoolsforanyonelookingforanewresidence,allowing

themtogeta firstimpressionofcrimeprevalence.Equallyimportantly,itallowsexisting

residents to assess howmuch crime objectively occurs (or more accurately, howmuch

crimeisreported)intheirneighbourhood,ratherthanhavingtorelyonimpressions 21.

None the less, there is alsoa clear privacy risk. Conceptually, it isperfectly possible to

pinpoint each crime to a precise address. However, this approach meets with serious

problems. Firstly, the location of a crime is of course not always an indicator of who

committedit:aviolentcrimebeingcommittedataspecificaddressdoesnotsuggestthat

theinhabitantofthataddresswastheperpetrator.Indeed,heorshemayinsteadbethe

victim,ortheincidentmaysimplyhaveoccurredontheirdoorstep.Nonetheless,thereis

arealriskthatobserversofthisdatamightdrawthewrongconclusions,possiblyledby

their own presumptions or biases about the inhabitants. Clearly, this would not be a

desirableoutcome.

Fromadataprotectionperspective,themainquestioniswhethertheprovidedinformation

can be qualified as personal data. According to the definition of the Data Protection

Directive, this is the case when the information relates to an identified or identifiable

naturalperson.Evenindirectidentificationcanmeetthisdefinition:whilerealestatevalue

only relates directly to an object (the property itself), it can also relate indirectly to a

20

The latter including sex offences, which are not identified separately as a privacy enhancingmeasure.Seehttp://www.guardian.co.uk/uk/2011/feb/01/online-crime-maps-power-hands-people21Foranoverviewofapplications,seehttp://www.bbc.co.uk/truthaboutcrime/crimemap/


13/18



13

naturalperson(namelywhenanaturalpersonlivesthere)22.Thesamealsoappliestocrime

information linked to a specific location: even if the information does not necessarily

identifyapersonasaperpetrator,victim,observer,orsimplyapersonwholivesnearthe

incident, it can certainly relate to them onone of those points. For this reason, crime

information attached to sufficiently detailed maps can be considered personal data,

meaningthatalloftherequirementsoftheDataProtectionDirectivemustbemet.Thiscan

be particularly burdensome for PSI application providers in this sphere, since the

requirements for processing sensitive personal data (namely crime data) can be very

stringent.

Ofcourse,theseobservationsonlyapplyifthecrimeinformationcanbelinkedtoanatural

person, either because the details of the report include such a link, or because of the

geographicalinferencementionedabove.Ifthereportonlymentionsthetypeofincident

(withoutdetailsofpersonalinvolvement)andhasnoclearlinktoaspecificlocation,then

theinformationdoesntrelatetoanaturalpersonandwillnotbeconsideredaspersonal

data.Indeed,whenclickingonacrimepinontheUKCrimeStatsmapshownabove, the

followingpop-upappears:

Nodetailsonthecrimeoritsexactlocation

TheinformationprovidedviatheUKCrimeStatsapplicationdoesnotprovidedetailsonwho

wasinvolvedintheburglary(asaperpetrator,victimorobserver),nordoesitindicatethe

preciselocation.ItonlystatesthatitoccurredonornearCharlesStreet,andstressesthat

crimes aremapped to points onor near the road where they occurred, as a privacy

22TheexampleisalsoreferredtointheArticle29WorkingPartys2007Opinionontheconceptof

personaldata;Opinion4/2007,WP136ofArticle29WorkingParty,adoptedon20June2007.


14/18



14

protectingmeasure.Theresultisthattheinformationdoesnot relatetoan identifiedor

identifiablenaturalperson,andthusnolongerqualifiesaspersonaldata.Ineffect,ithas

beenanonymisedtoeliminatetheprivacyrisk(andtheapplicabilityofdataprotectionlaw)

withoutundulyharmingtheusefulnessoftheapplication.

Thissolutionseemsideal,butcanbedifficulttoapplyinpractice.Theinformationmapsare

automatically generated by linking maps to crime reports, an approach which doesnt

necessarilytakeintoaccountpopulationdensity.IntheCityofManchester,statingthata

crimeoccurredonornearaspecificstreetprovidesnoreallinktoanidentifiableperson.

However,inaverysparselypopulatedregionwhereperhapsonlyafewresidentsliveina

radius of several kilometres, even such generalized information can provide clear

indications of a persons relation to a crime. If this problem is not addressed, the

informationwill still need tobequalified aspersonal data andprocessed in accordance

withdataprotectionlaws.

Forthis reason, theUK InformationCommissioner (ICO),whomonitorscompliancewith

data protectionlaws in theUK, hasissued specific guidelines23 oncrimemapsanddata

protectioncompliance.TheICOnotedthatrelevantfactorsforassessingcompliancewould

include:

thegranularityofthecrime-map, theregularityofdatauploads, thesensitivityofthecrime, theinformationrecordedonthemap,and theavailabilityofothersourcesofinformation.

The guidelines require those who publish crime maps to implement appropriate

procedurestoaddresstheconcernsofvictimsofcrimewhofearthatthemapsrevealtheir

identity,ortheobjectionsofhouseownerswhosepropertyvaluediminishesasaresultof

incorrectlyattributeddata.TheICOalsoexplicitlywarnsagainstanypracticesthatwould

allowaspecifichouseholdtobelinkedtoaparticularcrime,notingthatthiswouldlikely

constitutean unfairprocessing ofpersonaldata.Thus, therecommendation isto clearly

avoidmakingtheinformationneedlesslyspecific.

Of course, this approach is not too surprising, and is indeed in line with general data

protection principles, and mainly the principle of data minimisation: the processed

personaldatashouldbeadequate,relevantandnotexcessiveinrelationtothepurposes

forwhichtheyarecollectedand/orfurtherprocessed(Article6.1(c)oftheDataProtection

Directive). In terms of PSI, this implies refraining from the use of personal data (i.e.

avoidinglinkstoidentifiablenaturalpersons)wheneverpossibleforthepurposesofthere-

use, and limiting the use ofpersonal data to the maximumextent possible inall other

cases. This approach will undoubtedlybecomemore andmore important as open data

23 Crime-mapping, privacy and transparency: advice from the Information Commissioners Office,

published on 24 November 2010; seehttp://www.ico.gov.uk/~/media/documents/library/Data_Protection/Detailed_specialist_guides/cri

me_mapping_advice.ashx


15/18



15

applicationsspreadtoothersectorswithcomparabledataprotectionconcerns,including

health,education,justiceandtransportation24.

24

See http://www.cabinetoffice.gov.uk/news/government-publish-new-data-health-schools-courts-and-transport for a summary of comparable open data initiatives, as well as

http://www.guardian.co.uk/news/datablog/2011/jul/07/government-transparency-data-releases


16/18



16

3 Conclusion:strikingabalancebetweenPSIre-useanddataprotection?

Thetwoexamplesaboveillustratesomeofthedataprotectionchallengesthatmayoccur

whendesigningandofferingPSIapplications,fromtwoentirelydifferentperspectives.IntheSlovakcase, the application inevitably resulted in theprocessing andpublicationof

personaldata,asthiswasapartofitscorefunctionality.Here,themainquestionis(and

currentlyremains)whetherthere-useofthepersonaldataiscompatiblewiththepurposes

forwhichitwasmadeavailablebythedatasources.IntheUKcase,theapplicationdidnot

inherently require personal data, andthefocuswasmore onmitigatingprivacy risksby

eliminatingtheprocessingofpersonaldatainasfaraspossible,includingthroughtheuse

ofanonymisingtechniques,andprovidingmeansofredressifanyincidentsoccurred.

Both caseshowevershow an importantprinciple,namely that thePSI contextdoes not

provide any unique rules or exemptions for data protection compliance. The samequestions that were raised in these cases could have occurred and would need to be

resolvedinthesamewayiftheinformationsourceshadbeenmadeavailablebyaprivate

sectorbody.Fromthatperspective,theterminologyofstrikingabalancebetweenPSIre-

useanddata protection seems somewhat deceptive, despite itscommonuse25: both in

theoryandinpractice,thecurrentlegalframeworkdoesnotcallforabalancingofinterests

inPSIandprivacy,butforcompliancewithbothsetsofrules.

Nonetheless,thereisstillalargegrayareaandmuchuncertaintyintheapplicationofdata

protection law. Good practices are certainly emerging, aswitnessed by thecrimemaps

caseandtheICOopinion,whichhighlighttheimportanceofdataminimization,privacybydesign andanonymisation

26. In somecases however, the processing of personal data is

unavoidable.TheSlovakexampleofZnasichdani.skshowedthedifficultyofmeasuringthe

legitimateinterestofthere-usersandtheSlovakpublicinhavingoptimallyeffectiveaccess

toPSI,against theprivacy interest ofan individualwhowaspersonally impacted by this

newlyestablishedtransparency.Arulingonthemeritsisstillmissinginthiscase,andwill

undoubtedlyimpacthowsuchissuesareexaminedinthefuture.

In the meantime, PSI re-users will need to face the challenge of complying with data

protectionrulesinanevolvingregulatorylandscape.Thisisnosmalltask,butitssuccessful

completionwillbecrucialtoensurethelegitimacyandpositivepublicperceptionofPSIre-

useinthefuture.

25MostnotablyintheaforementionedArticle29WorkingPartyOpinion7/2003onthere-useof

publicsectorinformationandtheprotectionofpersonaldata,subtitledStrikingthebalance26

See e.g. the recent paper by the Information and Privacy Commissioner of Ontario, AnnCavoukian,Dont StopAnonymizingtheDataIt remainsa safe,securewaytoprotectPrivacy;

http://www.ipc.on.ca/english/Resources/News-Releases/News-Releases-Summary/?id=1085


17/18



17

Onlineresources

http://opengovernmentdata.org/ - website of the Open Government Data WorkingGroupoftheOpenKnowledgeFoundation.

http://data.gov.uk/-OGDwebsiteoperatedbytheUKgovernment

http://gov.opendata.at/-OverviewofAustrianOGDinitiatives http://www.lapsi-project.eu/ -EuropeanThematicNetworkonLegalAspectsofPublic

Sector Information, including an overview of relevant European cases:

http://www.lapsi-project.eu/decisions

http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2003/wp83_en.pdf -Opinion 7/2003 on the re-use of public sector information and the protection of

personal data - Striking the balance; publication of the Article 29 Working Party,

adoptedon12December2003

http://znasichdani.sk/l?l=en websiteoftheZnasichdani.skapplication http://epsiplatform.eu/news/news/open_data_challenge_winner_ordered_to_remove

_certain_data-articleontheZnasichdani.skdispute

http://spectator.sme.sk/articles/view/43180/2/court_orders_removal_of_public_procurement_data.html-articleontheZnasichdani.skdispute

http://www.edri.org/edrigram/number9.15/slovak-open-data-court-order - article ontheZnasichdani.skdispute

http://blog.okfn.org/2011/07/18/why-censoring-slovak-spending-app-means-bad-news-for-open-data/-articleontheZnasichdani.skdispute

http://www.police.uk/nationalcrimestatisticsintheUK http://www.ukcrimestats.com, an application which links official crime statistics

(includingcategoriesofcrime)tospecificlocations

http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2007/wp136_en.pdf -Opinion4/2007ontheconceptofpersonaldata;publicationoftheArticle29Working

Party,adoptedon20June2007

http://www.guardian.co.uk/news/datablog/2011/feb/01/crime-maps-data-top-100-streets-Articleonthescopeandcontentofcrimemapdata

http://www.cabinetoffice.gov.uk/news/government-publish-new-data-health-schools-courts-and-transport-announcementofopendataplansinkeysectorsintheUK

http://www.bbc.co.uk/truthaboutcrime/crimemap/ - overview and demonstration ofcrimemappossibilities

http://www.ico.gov.uk/~/media/documents/library/Data_Protection/Detailed_specialist_guides/crime_mapping_advice.ashx - Guidance on crime-mapping, privacy and

transparencyfromtheInformationCommissionersOffice,publishedon24November

2010

http://law-in-society.blogspot.com/2011/02/privacy-risks-from-crime-mapping-jamie.html-analysisofdataprotectionchallengesrelatedtocrimemappingbyJamie

Grace,LecturerinLawintheSchoolofLaw&CriminologyattheUniversityofDerby.


18/18


About the Author

HansGrauxisabarlawyerandfoundingpartnerattheBrusselsbasedlawfirmtime.lex

(www.timelex.eu),whichspecializesinICTlawandICTpolicychallenges.Inaddition,heis

anaffiliatedresearcherattheInterdisciplinaryCentreforLawandICT(www.icri.be)atthe

K.U.Leuven. He also acts as the independent legal advisor to the Vlaamse

Toezichtscommissie (Flemish Supervisory Committee -

http://www.vlaamsetoezichtscommissie.be/ ), which supervises personal data exchanges

withinFlemishpublicsectorbodies.

Copyright information

2011EuropeanPSIPlatform-Thisdocumentandallmaterialthereinhasbeencompiled

withgreatcare;however,theauthor,editorand/orpublisherand/oranypartywithinthe

EuropeanPSIPlatformoritspredecessorprojectstheePSIplusNetworkprojectorePSINet

consortiumcannotbeheldliableinanywayfortheconsequencesofusingthecontentof

this document and/or anymaterial referenced therein. The opinions expressed are the

viewoftheauthorsandtheirsoleresponsibilityandnotnecessarilythoseoftheEuropean

Commissionoranyofitsservices.NeithertheEuropeanCommissionnoranypersonactingonbehalfoftheEuropeanCommissionisresponsiblefortheusethatmightbemadeofthe

followinginformation.

ThereportmaybereproducedprovidingacknowledgementismadetotheEuropeanPublic

SectorInformation(PSI)Platform.TheEuropeanPublicSectorInformation(PSI)Platformis

fundedundertheEuropeanCommissioneContentplusprogramme.

Documents

Topic Report 3: Privacy