Fascinated to read about the Privacy Impact Assessment Tool and full credit for working on its development. I'd be very interested to see the prototype if you are in a position to share this yet.
Earlier this year, Datenschutz Konkret, an Austrian Law Journal, conducted an interview with Global Pulse’s Legal Specialist & Privacy Officer Mila Romanoff, which was published in a special issue of the Journal dedicated to Big Data. This is an edited excerpt from the interview with Datenschutz’ Editor-in-Chief, Dr. Rainer Knyrim, reproduced with permission.
Q: Let’s discuss some of the privacy challenges of using “Big Data for Development.” There are people who fear that they could be re-identified if their data gets studied.
A: At Global Pulse, we’ve developed methodologies and guidelines to explore best practices that could be used and implemented across our labs when we conduct Big Data projects. It is the intent to produce a set of data privacy recommendations or guidelines for public private sector stakeholders, and academia to adopt, to use in future studies or to use as a starting point to build upon. Also, in our work within the labs, we employ a privacy impact assessment before every new or modified project, we follow data privacy and data protection guidelines and principles. At final, I’d like to say it is important that activities are transparent and involve feedback from various experts with diverse backgrounds. For these purposes we have also established an independent Data Privacy Advisory Group.
Q: Can you name some of the principles?
A: Yes. The summary of our main principles is listed on our website. We also have internal guidelines that are more detailed. An important principle of our work is that we do not access personal data. To access personal data, informed consent is necessary. For example, there is plenty of personally identifiable information on social media. However, the published content is public, and through our partnerships, we get access to the data via a series of due diligence and contractual procedures. Under contractual obligations with our data providers we also make sure that the data is being used and collected legally and fairly in the first place. We then also commit to use that data only for the purposes of our projects. We also commit – and I think this is very important – to never attempt to re-identify anonymised data.
Q: Who does the data anonymisation? The entity that provides you with the data? Or is there an intermediary who does this work?
A: Anonynisation is still a key area for exploration in the field. Right now, there is no straightforward answer or definitively correct approach to anonymisation, or for data access when it comes to development and humanitarian projects.
However, there are a few ways that a research project using anonymised data could work. For example, a telecommunications company may have their own methods of anonymisation. In such cases, the data is anonymised by the telecommunications company themselves. Data would never come into our possession in raw non de-identified condition in the first place.
In other cases, we might only receive access to aggregated data – or, sometimes just the results of the analysis or research performed by the company, to ensure that re-identification risks are minimal. The data could stay behind the company’s firewalls, and not leave the company’s premises at all. The company’s employees would do the analysis in this case. And in other cases, analysis could be done by third parties (such as researchers from a university) retained by a company under individual Non-Disclosure Agreements (NDAs).
Q: Are there any legal experts in the Global Pulse Data Privacy Advisory Group?
A: The Data Privacy Advisory Group is comprised of a group of 25 experts from across the globe. The reason we convened this group is that we wanted to include experts not only with legal and privacy backgrounds, but also policymakers, development sector experts, and researchers. Lawyers, privacy officers from private companies, Privacy commissioners and regulators, academics, experts in data de-identification, and data engineers serve as members on the Data Privacy Advisory Group. We try to make our group not only geographically balanced, but also balanced in professional background and expertise.
Q: Do you already have results from that group, such as, for example, in ethics and Big Data, a new subject that is separate from the legal aspect.
A: The group’s function is twofold: first, to advise on our internal procedures, pro-jects, and practices; and second, to serve as advocates for responsible Big Data use for development and humanitarian causes. The group was established recently. One of the projects that we’ve been working on with the group is the creation of a tool for assessing the risks, harms, and benefits of Big Data use in global development or humanitarian contexts. The aspect the group has helped us with is the creation of a Big Data “Privacy Impact Assessment.” It brings attention to whether the data is being used in, for example, a justified, balanced way and is fair.
Q: You produced a framework for such a privacy impact assessment?
A: Yes. Our “Privacy Impact Assessment” (or PIA) not only considers personally iden-tifiable information, but also takes into account the information that has been pseudonymised or information that has been aggregated. The PIA explores the possibility of re-identification. I think one of the interesting parts of this tool is actually understanding the magnitude of the harms and risks if anonymised data is re identified. Another interesting part of it, which I thought would be very useful for any Big Data project, is to determine whether the desired outcome that the project will culminate in could mitigate those risks that have been identified? What are the mitigation mechanisms?
Another question that we’ve explored is whether there is an alternative to the pro-posed data use. In most circumstances, you should determine if there are any alternative tools to understand human mobility to effectively direct emergency re-sponse. Finally, an important question to also consider: is there a risk if real-time information is not used in a certain circumstance? What would happen if data are not used where there is a need to prevent, react and protect – such as during a humanitarian emergency or public health crisis? We attempt to consider such questions up as part of our assessment.
Q: I’m thinking that all this data and the way it is used could also be badly abused. For example, if a country is experiencing civil war, one side could apply these techniques to figure out where the enemy is. Or if there’s an at-tack, they could find out where people fled to and attack again, or they could analyze social media to get information, or just intercept communications.
A: That’s exactly why we’ve developed a Privacy Impact Assessment - it doesn’t only explore risks and harms, but also takes into consideration possible human rights violations of using big data analysis in a project. We trust that the context must be considered. One project could be done in a country to analyze public social media content to explore conversations and sentiment around a topic like HIV, for exam-ple, but in a different country with a different political climate the same type of project - even with public social media content - should not be done. In terms of the assessments, for example, we need to consider cultural background, religious beliefs, and the political stability or the political situation in the country in general, in order to determine whether the project can progress, even with public information.
Q: Is the Privacy Impact Assessment public, or will it be published sometime soon?
A: Yes. First we developed it internally at Global Pulse, and now we are seeking feedback from the experts in our Data Privacy Advisory Group. Once this feedback is incorporated, the model will be tested within our labs, and will be made open for public commentary before it’s actually deployed or released publicly as a final product. The final product will be made public, that’s the intention.