Latest Products

Open Data Must Have a Strong Privacy Foundation

Monday 29 May 2017

Data is a useful resource, but it must be built on strong foundations of privacy.

“Our experience and community research shows that, by and large, people do want their personal information to work for them, provided they know that it is working for them,” Timothy Pilgrim, Australian Information Commissioner and Australian Privacy Commissioner said, at the recent Privacy Awareness Week (PAW) breakfast in Canberra.   

Lately, there has been much discussion about the potential impact of open application programming interfaces (API)s to level the playing field for fintech start-ups.

Unsurprisingly, this has launched robust debate on the topic of data and, more specifically, who owns that data, and what rights people have when it comes to their own data.

At the core of Pilgrim’s discourse, however, is the shift that big data has bought to the way that business can be used.

“Big data has changed the way we identify trends and challenges, as well as the way we identify opportunities,” Pilgrim said.

He referenced the Productivity Commission Issues paper, which states that we now generate 5 billion gigabytes of data every two days. That is equivalent to the amount of data generated for the whole of 2002. With such a staggering figure only set to grow in future, perhaps the answer lies instead in the de-identification of data.

“De-identification can be a smart and contemporary response to the privacy challenges of big data—which aims to separate the ‘personal’ from the ‘information’ in data sets,” Pilgrim said.

For such a notion to be put into practice, however, it would need to be done properly, with common understanding across both public and private sectors. It would also require trust from the community.

But how does one win the community’s trust when it comes to the use of open data?
According to Pilgrim, “It would include ensuring that government agencies, regulators, businesses and technology professionals have a common understanding as to what ‘getting it right’ means.”

What does getting it right entail?

“Risk re-identification has recently attracted legislative attention, with Parliament considering amendments to prohibit deliberate re-identification of Government data sets.”

What kind of potential would open data have?
“The potential could include the ability to facilitate data sharing between agencies, and unlock policy and service gains of big data innovation, whilst protecting the fundamental human right to privacy.”

Pilgrim touched on this issue in his first speech, where he said that data from the recent ACAPS 2017 survey indicated Australians were uncomfortable with the secondary use of their data by businesses, but were less uncomfortable with the Government doing the same.

He surmised this meant that Australians needed to know that use of their data would be of benefit to them.

Impact on Banks, API and Fintechs
It is clear that this not a conceptual debate but one that organisations need to be able tackle on a practical level.

In an article on
Mondaq entitled, Get Ready for Open Data Denton’s co-authors, Ruth Neal and Elise Ivory, write, “Make no mistake, this change will have a wide range of implications for the banking industry.”

In the banking context, the open data regime means that transaction data held in financial institutions will be open to other financial institutions. This is intended to level the playing field when it comes to competition, and ensure better outcomes for the consumer.

According to Neal and Ivory, these changes will be felt in three key areas:

  • Privacy
  • Security
  • Systems

“Treasury has stated that the Government will commission an independent review, to report by the end of 2017, to recommend the best approach to implement the open banking regime. The Treasurer's Budget speech indicated that the regime would be introduced in 2018, in line with the recommendation of the House of Representatives Standing Committee on Economics.”