In this paper we argue that data-sharing is an activity that sits at the crossroads of privacy concerns and the broader challenges of data governance surrounding access and use. Using the Sidewalk Toronto “smart city” proposal as a starting point for discussion, we outline these concerns to include resistance to data monopolies, public control over data collected through the use of public infrastructure, public benefit from the generation of intellectual property, the desire to broadly share data for innovation in the public interest, social — rather than individual — surveillance and harms, and that data use be held to standards of fairness, justice and accountability. Data-sharing is sometimes the practice that generates these concerns and sometimes the practice that is involved in the solution to these concerns.
Our safe sharing site approach to data-sharing focuses on resolving key risks associated with data-sharing, including protecting the privacy and security of data subjects, but to do so in a manner that is independent of the various legal contexts of regulation and governance. Instead, we propose that safe sharing sites connect with these different contexts through a legal interface consisting of a registry that provides transparency in relation to key information that supports different forms of regulation. Safe sharing sites also offer assurances and auditability regarding the data-sharing, further supporting a range of regulatory interventions. It is therefore not an alternative to these interventions but an important tool that can enable effective regulation.
A central feature of a safe sharing site is that it offers an alternative to the strategy of de-identifying data and then releasing it, whether within an “open data” context or in a more controlled environment. In a safe sharing site computations may be performed on the data in a secure and privacy-protective manner without releasing the raw data, and where all data-sharing is transparent and auditable. Transparency does not mean that all data-sharing becomes a matter of “public” view, but rather that there is the ability to make these activities visible to organizations and regulators in appropriate circumstances while recognizing the potential confidentiality interests in data uses.
In this way safe sharing sites facilitate data-sharing in a manner that manages the complexities of sharing while reducing the risks and enabling a variety of forms of governance and regulation. As such it offers a flexible and modular piece of legal-technical infrastructure for the new economy.
[1]
César A. Hidalgo,et al.
Unique in the Crowd: The privacy bounds of human mobility
,
2013,
Scientific Reports.
[2]
Analysis of k-Anonymity for Homogeneity Attack
,
2014
.
[3]
Lisa M. Austin.
Reviewing PIPEDA: Control, Privacy and the Limits of Fair Information Practices
,
2006
.
[4]
Massimo Barbaro,et al.
A Face Is Exposed for AOL Searcher No
,
2006
.
[5]
Ira S. Rubinstein,et al.
Anonymization and Risk
,
2015
.
[6]
Paul M. Schwartz,et al.
The PII Problem: Privacy and a New Concept of Personally Identifiable Information
,
2011
.