Last week I attended Techfestival in Copenhagen. I participated in a day long Public Data Summit. This posting are thoughts and notes based on some of what was discussed during that Public Data Summit.
Martin von Haller Groenbaek (we go back in open data a long time) provided an interesting lightning talk at the start of the Public Data Summit. He posited that in order to realise the full potential of open (government) data, we probably need to be more relaxed in sharing personal data as well.
There is a case to be made, I agree. In energy transition for instance your (real time) personal electricity use is likely key information. The aggregated yearly usage of you and at least 10 neighbours e.g. the Dutch electricity networks make available is not useless by far, but lacks the granularity, the direct connection to real people’s daily lives to be truly valuable for anything of practical use.
I agree with the notion that more person related data needs to come into play. Martin talked about it in terms of balancing priority, if you want to fix climate change, or another key societal issue, personal data protection can’t be absolute.
Now this sounds a bit like “we need your personal data to fight terrorism” which then gets translated “give me your fingerprints or your safety and security is compromised”, yet that is both an edge case and an example of the types of discussions needed to find the balancing point, to avoid false dilemma’s or better yet prevent reductionism towards ineffective simplicity (such as is the case with terrorism, where all sense of proportionality is abandoned). The balancing point is where the sweet spot of addressing the right level of complexity is. In the case of terrorism the personal data sharing discussion is framed as “you’re either with us, or with the terrorists” to quote Bush jr., a framing in absolutes and inviting a cascade of scope creep.
To me this is a valuable discussion to be had, to determine when and where sharing your personal data is a useful contribution to the common good or even should be part of a public good. Currently that ‘for the common good’ part is not in play mostly. We’re leaking personal data all over the tech platforms we use, without much awareness of its extend or how it is being used. We do know these data are not being used for the common good as it’s in no-one’s business model. This public good / common good thinking was central to our group work in the Public Data Summit during the rest of the day too.
Martin mentioned the GDPR as a good thing, certainly for his business as a lawyer, but also as a problematic one. Specifically he criticised the notion of owning personal data, and being able to trade it as a commodity based on that ownership. I agree, for multiple reasons. One being that a huge amount of our personal data is not directly created or held by me, as it is data about behavioural patterns, like where my phone has been, where I used my debit card, the things I click, the time I spent on pages, the thumbprint of my specific browser and plugins setup etc. The footsteps we leave on a trail in the forest aren’t personal data, but our digital footsteps are, because the traces can, due to the persistence of those tracks, more easily than in the woods be followed back to their source as well as can get compared to other tracks you leave behind.
Currently those footsteps in the digital woods are contractualised away into the possession of private owners of the woods we walk in, i.e. the tech platforms. But there’s a strong communal aspect to your and my digital footsteps as personal data. We need to determine how we can use that collectively, and how to govern that use. Talking about the ownership of data, especially the data we create by being out in the (semi) public sphere (e.g. tech platforms) and the ability to trade for it (like Solid suggests), has 2 effects: it bakes in the acceptance that me allowing FB to work with my data is a contract between equal parties (GDPR rightly tries to address this assymmetry). Aza Raskin in his keynote mentioned this too, saying tech platforms should be more seen and regulated as fiduciaries, to acknowledge the power asymmetry. And it takes the communal part of what we might do with data completely out of the equation. I can easily imagine when and where I’d be ok with my neighbours, my local government, a local NGO, or specific topical/sectoral communities etc. having access to using data about me. Where that same use by FB et al would not be ok at all under any circumstance.
In the intro’s to the public data summit civil society however was very much absent, there was talk about government and their data, and how it needed the private sector to do something valuable with it. Where to me open (e-)government, and opening data is very much about allowing the emergence and co-creation of novel public services by government/governance working together with citizens. Things we maybe not now regard as part of public institutions, structures or the role of government, but that in our digitised world very well could, or even should, be.