The transparency goals of the open data movement serve important social, economic, and democratic functions in cities like Seattle. At the same time, some municipal datasets about the city and its citizens’ activities carry inherent risks to individual privacy when shared publicly. In 2016, the City of Seattle declared in its Open Data Policy that the city’s data would be “open by preference,” except when doing so may affect individual privacy. To ensure its Open Data Program effectively protects individuals, Seattle committed to performing an annual risk assessment and tasked the Future of Privacy Forum with creating and deploying an initial privacy risk assessment methodology for open data.
Today, FPF released its City of Seattle Open Data Risk Assessment. This Report provides tools and guidance to the City of Seattle and other municipalities navigating the complex policy, operational, technical, organizational, and ethical standards that support privacy-protective open data programs. Although there is a growing body of research regarding open data privacy, open data managers and departmental data owners need to be able to employ a standardized methodology for assessing the privacy risks and benefits of particular datasets internally, without access to a bevy of expert statisticians, privacy lawyers, or philosophers. By optimizing its internal processes and procedures, developing and investing in advanced statistical disclosure control strategies, and following a flexible, risk-based assessment process, the City of Seattle – and other municipalities – can build mature open data programs that maximize the utility and openness of civic data while minimizing privacy risks to individuals and addressing community concerns about ethical challenges, fairness, and equity.
This Report first describes inherent privacy risks in an open data landscape, with an emphasis on potential harms related to re-identification, data quality, and fairness. To address these risks, the Report includes a Model Open Data Benefit-Risk Analysis (“Model Analysis”). The Model Analysis evaluates the types of data contained in a proposed open dataset, the potential benefits – and concomitant risks – of releasing the dataset publicly, and strategies for effective de-identification and risk mitigation. This holistic assessment guides city officials to determine whether to release the dataset openly, in a limited access environment, or to withhold it from publication (absent countervailing public policy considerations). The Report methodology builds on extensive work done in this field by experts at the National Institute of Standards and Technology, the University of Washington, the Berkman Klein Center for Internet & Society at Harvard University, and others, and adapts existing frameworks to the unique challenges faced by cities as local governments, technological system integrators, and consumer facing service providers.
FPF published a draft report and proposed methodology for public comment in August, 2017. Following this period of public comment and input, FPF assessed the City of Seattle as a model municipality, considering the maturity of its Open Data Program across six domains:
- Privacy leadership and management
- Benefit-risk assessments
- De-identification tools and strategies
- Data quality
- Data equity and fairness
- Transparency and public engagement
In our analysis, we found that the Seattle Open Data Program has largely demonstrated that its procedures and processes to address privacy risks are fully documented and implemented, and cover nearly all relevant aspects of these six domains. Specifically:
- The City of Seattle is a national leader in privacy program management.
- The Seattle Open Data Program has developed and managed robust and innovative policies around data quality, public engagement, and transparency.
- The Seattle Open Data Program is working to enhance its policies and procedures for consistently assessing the benefits and risks of releasing particular datasets and for assessing and mitigating re-identification risks in open data.
Although most aspects of Seattle’s programs are documented and implemented, some aspects are not as developed. This is unsurprising, given the novel challenges posed by the intersection of open government equities and privacy interests with emerging technologies and data analysis techniques.
The Report concludes by detailing concrete technical, operational, and organizational recommendations to enable the Seattle Open Data Program’s approach to identify and address key privacy, ethical, and equity risks, in light of the city’s current policies and practices. For example, we recommend that the City of Seattle and the Open Data Program:
- Document potential benefits and risks for each published dataset, both prospectively and retroactively for those that have not yet had a benefit-risk assessment conducted.
- Develop policies and procedures for conducting additional screening of datasets and elevating the review of risky or sensitive datasets to disclosure control experts or a disclosure review board when appropriate.
- Engage governmental decision-makers at the data collection stage with decision-makers at the data release stage (such as open data and public records staff), so that the full lifecycle of data collected by and for the city can be better understood, managed, and communicated to the public.
The City of Seattle is one of the most innovative cities in the country, with an engaged and civic-minded citizenry, active urban leadership, and a technologically sophisticated business community. By continuing to complement its growing Open Data Program with robust privacy protections and policies, the City of Seattle will be able to fulfill that program’s goals, supporting civic innovation while protecting individual privacy.
Exec. Order No. 2016-01 (Feb. 4, 2016), available at http://murray.seattle.gov/wp-content/uploads/2016/02/2.26-EO.pdf.
 See infra Appendix A for a full list of resources.
 See Kelsey Finch & Omer Tene, The City as a Platform: Enhancing Privacy and Transparency in Smart Communities, Cambridge Handbook of Consumer Privacy (forthcoming).