Privacy and personal data protection Piet Daas Statistics Netherlands THE CONTRACTOR IS ACTING UNDER A FRAMEWORK CONTRACT CONCLUDED WITH THE COMMISSION

Content Privacy and Big data Privacy: technology and legal aspects Relevant European laws Privacy issues and sources UNECE privacy task force recommendations An example

The Challenge of Big Data To maximize the benefits of technology and minimize the risks to the individual To ensure fairness and accountability Is not a new problem Modern privacy law is, in part, a response to “big data” Courtesy of Marc Rotenberg http://media.swissre.com/documents/Marc+Rotenberg.pdf

Big Data ‘interacts’ with privacy in two ways Privacy and Big Data Big Data ‘interacts’ with privacy in two ways Privacy law may affect the use of Big Data and the ability to combine Big Data sources This may prevent the linking of sources with very interesting uses for official statistics Big Data based (generalized) predictions may affect certain/groups of individuals in a negative way E.g. excluding someone from health insurance or forcing someone to pay a huge insurance fee

Privacy and technology From the Report to the President BIG DATA and Privacy: A technological perspective. “Big data drives big benefits, from innovative businesses to new ways to treat diseases. The challenges to privacy arise because technologies collect so much data (e.g., from sensors in everything from phones to parking lots) and analyze them so efficiently (e.g., through data mining and other kinds of analytics) that it is possible to learn far more than most people had anticipated or can anticipate given continuing progress. These challenges are compounded by limitations on traditional technologies used to protect privacy (such as de-identification). It is concluded that technology alone cannot protect privacy, and policy intended to protect privacy needs to reflect what is (and is not) technologically feasible”. https://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy_-_may_2014.pdf 5

Privacy and law Privacy from a legal perspective "Privacy will be to the information economy of the next century what consumer protection and environmental concerns have been to the industrial society of the 20th century." in "The Next Hundred Years," The New York Times (1996) "Privacy is the most comprehensive of all rights and the one most cherished by a free people." - Justice Louis Brandeis 6

Most important European laws Modernization of EU Data Protection Law: EU Data Directive (1995) Reform: EU General Data Protection Regulation Increasing impact of European Court of Human Rights (Article 8) "Everyone has the right to respect for his private and family life, his home and his correspondence." For each country the national statistical law is also important off course

However: Privacy issues vary (1) Google Trends: Accessible for everyone for free No privacy issues but: no access to (underlying) micro data Road sensor data: In principle an administrative source Access to micro data by associated partners and NSI

However: Privacy issues vary (2) Data on websites: Data collection takes effort Limited privacy issues In principle: publicly available data Social media: Partly available (only public messages) Public posts are a (conscious) choice by users But may the data be used for other purposes?

However: Privacy issues vary (3) Mobile phone Access according to an agreement Privacy-and reputation-issues Choice: micro- or aggregated data? Combined Big Data sources Even when everything has been properly arranged for every individual source Combing them may result in a dataset in which (some) individuals could be (re-)identified Stay alert, be aware of privacy concerns

Issues to consider (may effect privacy) Does NSI have access the data (legal base)? Can/may NSI have a look ‘behind the scenes’? Does NSI need micro data or aggregates? For what purpose is the data collected? What is the interest of the Big Data ‘maintainer? Who ‘owns’ the data? Are intermediates involved? Costs? Can ‘informed consent’ be applied? And when several sources are involved? Etc.…Eurostat

http://www1.unece.org/stat/platform/display/bigdata/2014+Project

UNECE: Reduce effect on NSI image Make sure all partners in the chain maintain the highest standards Actively guard the norms Monitor reputation risk Be transparent, especially to stakeholders Organize a social dialogue

Policy Current access and privacy policies also apply to Big Data: "National and European statistical legislation", Data/privacy protection laws Are there National and European statistical legislation’s with specific Big Data policies? Some have performed exploratory studies (with external legal advisors) Always consider effects of data use on reputation Don’t pay for data, try to get access for free only pay for services needed to get the data

Concept principles of UNECE Social responsibility Level playing field Equal treatment Confidentiality and security Transparency Respect for business interest Proportionality

Example: bank transaction data (1) Why do we need this data? Provides vital and detailed information on economy Seriously reduce burden on companies and households Potential (new) applications What companies actually push the economy forward? How is the economy affected by certain companies? What factors influence changes in transactions?

Example: bank transaction data (2) Privacy and related issues Banks are not eager to provide data Both the National bank and individual banks Data delivery is not (yet) part of the ‘Law on statistics’ (in the country) Bad experiences by partners (and others involved) Need to invest in this relation (takes time to gain trust) NSI has something to offer: reduces burden, new information/statistics, Big data expertise Legal side is not entirely clear (‘grey’ area)

Questions?