Strava’s location data controversy demonstrates the unique challenges of publicly releasing location datasets (open data), even when the data is aggregated.
This Report first describes inherent privacy risks in an open data landscape, with an emphasis on potential harms related to re-identification, data quality, and fairness. To address these risks, the Report includes a Model Open Data Benefit-Risk Analysis (“Model Analysis”). The Model Analysis evaluates the types of data contained in a proposed open dataset, the potential benefits – and concomitant risks – of releasing the dataset publicly, and strategies for effective de-identification and risk mitigation.
Today, the Future of Privacy Forum released its City of Seattle Open Data Risk Assessment. The Assessment provides tools and guidance to the City of Seattle and other municipalities navigating the complex policy, operational, technical, organizational, and ethical standards that support privacy-protective open data programs.
The transparency goals of the open data movement serve important social, economic, and democratic functions in cities like Seattle. At the same time, some municipal datasets about the city and its citizens’ activities carry inherent risks to individual privacy when shared publicly. In 2016, the City of Seattle declared in its Open Data Policy that the city’s data would be “open by preference,” except when doing so may affect individual privacy. To ensure its Open Data Program effectively protects individuals, Seattle committed to performing an annual risk assessment and tasked the Future of Privacy Forum (FPF) with creating and deploying an initial privacy risk assessment methodology for open data.
FPF requested feedback from the public on its proposed Draft Open Data Risk Assessment for the City of Seattle. In 2016, the City of Seattle declared in its Open Data Policy that the city’s data would be “open by preference,” except when doing so may affect individual privacy. To ensure its Open Data program effectively protects individuals, Seattle committed to performing an annual risk assessment and tasked FPF with creating and deploying an initial privacy risk assessment methodology for open data.
Computers Privacy and Data Protection conference (CPDP) kicks off this week in Brussels, and the theme this year is “The Internet of Bodies”. The conference will gather 400 speakers for 80 panels to set the stage for the privacy and data protection conversation in Europe for 2018. And this is such an important year for data protection – not only the General Data Protection Regulation becomes applicable in May, but also the text of the new ePrivacy Regulation will likely be finalized.
Policymakers, parents, and privacy advocates have long asked whether FERPA is up to the task of protecting student privacy in the 21st century. A just-released letter regarding the Agora Cyber Charter School might signal that a FERPA compliance crack-down – frequently mentioned as their next step after providing extensive guidance by the U.S. Department of Education (USED) employees at conferences throughout 2017 – has begun. The Agora letter provides crucial guidance to schools and ed tech companies about how USED interprets FERPA’s requirements regarding parental consent and ed tech products’ terms of service, and it may predict USED’s enforcement priorities going forward.
Join Hogan Lovells and FPF for an event focused on data issues related to connected cars and the future of mobility on January 23, 2018, from 9:45 AM – 2:00 PM. This half-day event will highlight industry privacy practices, regulatory developments, and emerging uses of mobility data.