Modernization Hub

Modernization and Improvement
The UN’s Big Data–Open Data consultation process

The UN’s Big Data–Open Data consultation process


I’m Michael Park I’m a TMT and data
partner here at Allens. In July 2015 the United Nations Human Rights Council
appointed professor Joe Cannataci as the first-ever Special Rapporteur on the
right to privacy and we’re absolutely delighted today to have the professor
with us here at Allens thank you very much for joining us
we’re looking forward to hearing from you on privacy data protection in
particular how things are moving with this rapid change in information and
communication technologies thanks for your time first question we’ve seen an
enormous amount of change around the world in Europe in many parts of Asia
and here in Australia in privacy regulation and there’s been a real
tension I think between protecting an individual’s right to privacy as opposed
to leveraging the power of data sharing and utilizing data tools to have
enhanced benefits from that where do you think the most appropriate balance is
what’s the most appropriate framework for developing and implementing data
protection laws well I think that the that the question perhaps should be more
looking at rather than balance trying to understand where the tensions lie and
thank you Michael for that question because it’s not one tension right and
I’m normally not very happy with the term balance because balance implies
more of one and less of the other whereas in reality I think what we
should be looking at is getting these things in synergy right because privacy
is good news for citizens but it’s also good news for businesses they the key
thing that we need to remember that whichever business we’re talking about
whether it’s a professional service or service industry or manufacture of
products the key thing that businesses want to have is retain the trust of the
clients so what businesses manage to do by
having good privacy laws and good privacy regulation those laws actually
put the businesses in a position where trust with the clients is easier to
maintain and when we look at the new laws which have come in they have come
in if for example we were to look at the latest set coming out of Europe lie the
GDP are we’re looking at laws which were built out of the experience of 40 years
of data protection laws in Europe and people said yes now we’re living in a
new environment and that new environment means that in the information age with
the internet we have to do something new about the laws however you’ve talked
about emerging regulation there’s another set which has will not only talk
about GDP are but we have the Convention on data protection which has been also
modernized and which the modernization which was agreed just four weeks ago so
that’s even after the GDP are on 25th of May and that is a very important piece
of international law it’s the only piece of international law we have where
countries come together from outside you live from inside Europe and more than 54
countries that’s more than 25% of the countries on the planet have already
signed up to this and it’s one area what I’m also looking forward to seeing
Australia eventually signing up to the Australian federal government has
endorsed the introduction of a new consumer data right and its first
installment and open banking regime is due to be rolled out in July next year
what do you think is the most critical principle or lesson that government
regulators and industry representatives should be cognizant of when designing
and practically implementing this regime well the the whole thing is that
consumer data rights are only a part an important part but only a part of
an ecosystem an ecosystem of Rights and the most important thing to remember is
that privacy is a fundamental human right people you Michael and I are
citizens first with our own personalities and our own dignity first
and consumers second so yes it’s important to have a consumer data right
it is important to have a consumer data right which enables portability from one
institution to another that’s great it but it’s it’s not you know it’s not the
be-all and end-all of law it’s just one small part of the larger mosaic that’s
the citizen’s rights you talked in your recent interim report on big data and
open data about the complexity of big data and a key theme of privacy research
around the risks of re-identification so that patterns in data without names
phone numbers or other obvious identifies could be used to identify a
person and to extract more information about them from that data is
particularly powerful of course when most patterns can be used to link many
different data sets together to build up a complex portrait of a person so it was
TMT legal advisors to a range of large companies telcos fintechs and startups
what advice should we be giving our clients about the risks of relying upon
de-identified commercial data sets and I suppose as de-identification
really possible well the problem is this the problem is that before when we
started off coming up with regulation 40 years ago we thought that one of the key
safeguards for people was to have anonymization or pseudonym ization or
various other forms of D identifying the data basically taking away the link
which makes people know that this the data is about Michael right I’m now in a position where after so
many years I have to say that that’s no longer a real safeguard so basically the
distinction should very carefully be made about between big data and
analytics which is just the way we use computers to then link up to various
data sets and as much as possible that’s where the discussion about open data
should be clarified because open data is basically those we’ve had a morphing in
the open data debate open data was originally about having data published
by governments so that governments could be transparent about their actions but
that has kind of been gobbled up and read I jested and represented to the
public as being also a way in which data which was personal data collected by
governments at great expense about medical care about social services about
other things that that data is now something which can be used and put into
the public domain but what happens then is you put people at risk because what
we have now are multiple sets of data which we didn’t have before and the more
sets of data you have the greater the risk of re-identification so frankly the
advice is I wouldn’t put such that out into the public domain unless I
absolutely have to secondly I would certainly never put a record unit level
data out into the public domain however they identified it maybe thirdly
when it comes to data processing especially with personal data which has
been collected by governments first I would have a very neat contract which is
designed specifically to say this is the processing this is the purpose of the
processing for the data these are the safeguards which shall be implemented
that’s far enough hmm thank you thank you very much for
your time thank you so much for coming in and thank you for listening my
pleasure thank you

Leave a Reply

Your email address will not be published. Required fields are marked *