Towards a Modern Approach to Privacy-Aware Government Data Releases

107 Pages Posted: 16 May 2016 Last revised: 20 May 2016

See all articles by Micah Altman

Micah Altman

Center for Research in Equitable and Open Scholarship, MIT

Alexandra Wood

Harvard University - Berkman Klein Center for Internet & Society

David O'Brien

Harvard University - Berkman Klein Center for Internet & Society

Salil Vadhan

Harvard University - Center for Research on Computation and Society

Urs Gasser

Harvard University - Berkman Klein Center for Internet & Society

Date Written: May 1, 2016

Abstract

Governments are under increasing pressure to publicly release collected data in order to promote transparency, accountability, and innovation. Because much of the data they release pertains to individuals, agencies rely on various standards and interventions to protect privacy interests while supporting a range of beneficial uses of the data. However, there are growing concerns among privacy scholars, policymakers, and the public that these approaches are incomplete, inconsistent, and difficult to navigate.

To identify gaps in current practice, this Article reviews data released in response to freedom of information and Privacy Act requests, traditional public and vital records, official statistics, and e-government and open government initiatives. It finds that agencies lack formal guidance for implementing privacy interventions in specific cases. Most agencies address privacy by withholding or redacting records that contain directly or indirectly identifying information based on an ad hoc balancing of interests, and different government actors sometimes treat similar privacy risks vastly differently. These observations demonstrate the need for a more systematic approach to privacy analysis and also suggest a new way forward.

In response to these concerns, this Article proposes a framework for a modern privacy analysis informed by recent advances in data privacy from disciplines such as computer science, statistics, and law. Modeled on an information security approach, this framework characterizes and distinguishes between privacy controls, threats, vulnerabilities, and utility. When developing a data release mechanism, policymakers should specify the desired data uses and expected benefits, examine each stage of the data lifecycle to identify privacy threats and vulnerabilities, and select controls for each lifecycle stage that are consistent with the uses, threats, and vulnerabilities at that stage. This Article sketches the contours of this analytical framework, populates selected portions of its contents, and illustrates how it can inform the selection of privacy controls by discussing its application to two real-world examples of government data releases.

Keywords: privacy, information privacy, open data, open government, FOIA, Privacy Act, public records

Suggested Citation

Altman, Micah and Wood, Alexandra and O'Brien, David and Vadhan, Salil and Gasser, Urs, Towards a Modern Approach to Privacy-Aware Government Data Releases (May 1, 2016). 30 Berkeley Tech. L.J. 1967 (2015), Berkman Center Research Publication No. 2016-9, Available at SSRN: https://ssrn.com/abstract=2779266 or http://dx.doi.org/10.2139/ssrn.2779266

Micah Altman (Contact Author)

Center for Research in Equitable and Open Scholarship, MIT ( email )

77 Massachusetts Avenue
50 Memorial Drive
Cambridge, MA 02139-4307
United States

HOME PAGE: http://micahaltman.com

Alexandra Wood

Harvard University - Berkman Klein Center for Internet & Society ( email )

Harvard Law School
23 Everett, 2nd Floor
Cambridge, MA 02138
United States

David O'Brien

Harvard University - Berkman Klein Center for Internet & Society ( email )

Harvard Law School
23 Everett, 2nd Floor
Cambridge, MA 02138
United States

Salil Vadhan

Harvard University - Center for Research on Computation and Society ( email )

33 Oxford Street
Cambridge, MA 02138
United States

Urs Gasser

Harvard University - Berkman Klein Center for Internet & Society ( email )

Harvard Law School
23 Everett, 2nd Floor
Cambridge, MA 02138
United States

HOME PAGE: https://cyber.harvard.edu/people/ugasser

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
622
Abstract Views
3,910
Rank
74,837
PlumX Metrics