InterParty Privacy and Security What are the implications of establishing the InterParty Network? A presentation to the final InterParty Seminar The Hague 13 June 2003 Mark Bide EDItEUR
InterParty The questions I plan to answer What confidentiality issues does the InterParty network face? What privacy and regulatory issues does the InterParty network face? How should the InterParty network respect the privacy of its data subjects?
InterParty What confidentiality issues does the InterParty network face?
InterParty What are the issues? InterParty members may hold data which they do not wish to share with other members The data may be confidential… –Some members may have financial data –Equally, members may have data that links otherwise unlinked “public identities” The data may be proprietary… –A members’ business model might depend on no one else readily having access to the same information… …and some data may be both!
InterParty The solution is not difficult No one can or will be forced to make public information that they wish to keep to themselves –The information that individual members “publish” to the InterParty Network is entirely within the individual member’s control –However, if no one publishes any information to the network, there will be no value in this exercise The “common metadata” has been designed to avoid any concerns about “sensitive” data –And, we hope, proprietary data The solution is largely in the hands of the individual InterParty member –It is essentially a matter of technical architecture and common sense
InterParty Another confidentiality issue Envisaged as a membership system –Presumably paid for by its members There must be some advantage to membership –The obvious advantage is controlled access –Otherwise it would be possible to reap the benefits of membership without contributing to the costs
InterParty What privacy issues does the InterParty network face?
InterParty Privacy – some definitions While the concept of privacy is universally recognised, its definition is more difficult The Electronic Privacy Centre distinguishes four types of privacy –Information privacy – relating to the collection, storage, use and distribution of “personal data”; –Privacy of communications – relating to communications made by post, telephone, and other forms; –Bodily privacy – relating to the protection of people’s physical selves; –Territorial privacy – relating to intrusion into physical spaces, such as homes and workplaces, via methods including searches, video surveillance and ID checks Our concern is almost entirely with information privacy –Which is what we mean when talk about privacy
InterParty The issues The InterParty Network involves sharing information about “parties” –Individuals and organisations –Privacy (and data protection) concerns relate largely (but not exclusively) to living individuals Most InterParty “common metadata” does not seem to be very “private” –But some people are sensitive even about their birth year – the most common “disambiguation” data element InterParty “Links” have the potential to reveal information that the data subject may prefer to keep to themselves –InterParty will be creating entirely new personal data The InterParty Network will involve cross border information flows –These are particularly sensitive in the EU –The InterParty network will involve members from many different countries With different attitudes and different legislative frameworks
InterParty The solutions may be more difficult… The InterParty Network cannot avoid engaging with privacy concerns… …or with operating within relevant regulatory (data protection) regimes
InterParty Different attitudes and approaches Information – human right or tradable asset? –Similar to different attitudes to copyright Regulation –Comprehensive laws –Sectoral laws –Self regulation EU countries – comprehensive laws based on Directives USA – combination of sectoral laws and self regulation EU law restricts transborder flows of personal information to countries where it may not be “adequately protected” –This includes the USA
InterParty Solutions to the export of data to the US Under UK law, at least, no explicit authorisation is required for export of personal data “Safe Harbor” arrangements –Effectively self-regulated acceptance of voluntary framework which meets EU standards Contractual arrangements –The solution which we adopted for the export of data to OCLC for the Demonstrator (on the advice of the UK Information Commission) Slowly but certainly, the EU regime is (through this kind of cross-border agreement) creating the global benchmark for data protection
InterParty What are the key EU principles? Data must be fairly and lawfully processed Data must be used for the purposes for which it was collected and not for other purposes Data must be adequate for its purpose Data must be accurate Data must not be retained unnecessarily Data subject have rights over data, such as the right to view data about oneself and the right to have inaccurate data rectified Data should be kept secure and confidential Data can only be legitimately transferred from the EU to countries outside the EU under strict conditions
InterParty Personal or sensitive data? “ Sensitive personal data” is much more strictly controlled in the EU than “personal data”… …but definitions vary in different jurisdictions Personal data is data by which people are –“identifiable” (EU Directive) –“identified” (UK law) “Sensitive” data is even less consistently defined –in UK law, this is personal data consisting of information as to – the racial or ethnic origin of the data subject, his political opinions, his religious beliefs or other beliefs of a similar nature, whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992), his physical or mental health or condition, his sexual life the commission or alleged commission by him of any offence, or any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings
InterParty How should the InterParty network respect the privacy of its data subjects?
InterParty Fundamental attitudes Public identities are based on information already in the public domain –It is hard to argue that aggregating and linking this data will risk creating any measurable damage to data subjects Nevertheless, the interests of data subjects need to be constantly considered –The InterParty Network should always be seen as working to the advantage of data subjects Data Protection should be a primary driver in the minds of the members of the InterParty Authority
InterParty Solution to data protection issues InterParty should develop its own “code of practice” –Contractually enforced between all members of the InterParty Network –Enshrining good data protection practice (based on EU principles) Will require appropriate legal advice InterParty Members will need to ensure that they adhere appropriately to their own local data protection framework –And warrant this to the other Members of the InterParty Network Because of the establishment and maintenance of InterParty Links, the InterParty Authority will also be a data controller –And will need to be careful to ensure that it is compliant with local legislation… …which will depend on where it is established
InterParty Solution to “sensitive personal data” Avoid any hint of anything that could be regarded as sensitive personal data in the “common metadata” As advised, we have dropped “nationality” from common metadata –Could be too close to ethnicity
InterParty A role for PETS? Privacy Enhancing Technologies are part of the solution to many data protection issues Unfortunately, the primary focus is on anonymisation of data… –…or hiding identity… –…while InterParty is explicitly about enabling unambiguous identification Nevertheless, PETs will have an important role in providing a sophisticated model of access control and user authentication –Excluding unauthorised users reduces the data protection challenges – and protects the commercial model of the InterParty Network at the same time
InterParty Conclusions What confidentiality issues does the InterParty network face? –The problems are minimal and the solutions are architectural What privacy and regulatory issues does the InterParty network face? –Significant and unavoidable problems with cross border information flows How should the InterParty network respect the privacy of its data subjects? –Through the development of a strong code of practice, based on sound data protection principles
InterParty Privacy and Security What are the implications of establishing the InterParty Network? Thank you