Towards a Modern Approach to Privacy-Aware Government Data Releases
Altman, Micah; Wood, Alexandra; O'Brien, David R.; Vadhan, Salil; Gasser, Urs
2016

Files

Abstract

Governments are under increasing pressure to publicly release collected data in order to promote transparency, accountability, and innovation. Because much of the data they release pertains to individuals, agencies rely on various standards and interventions to protect privacy interests while supporting a range of beneficial uses of the data. However, there are growing concerns among privacy scholars, policymakers, and the public that these approaches are incomplete, inconsistent, and difficult to navigate.

To identify gaps in current practice, this Article reviews data released in response to freedom of information and Privacy Act requests, traditional public and vital records, official statistics, and e-government and open government initiatives. It finds that agencies lack formal guidance for implementing privacy interventions in specific cases. Most agencies address privacy by withholding or redacting records that contain directly or indirectly identifying information based on an ad hoc balancing of interests, and different government actors sometimes treat similar privacy risks vastly differently. These observations demonstrate the need for a more systematic approach to privacy analysis and also suggest a new way forward.

In response to these concerns, this Article proposes a framework for a modern privacy analysis informed by recent advances in data privacy from disciplines such as computer science, statistics, and law. Modeled on an information security approach, this framework characterizes and distinguishes between privacy controls, threats, vulnerabilities, and utility. When developing a data release mechanism, policymakers should specify the desired data uses and expected benefits, examine each stage of the data lifecycle to identify privacy threats and vulnerabilities, and select controls for each lifecycle stage that are consistent with the uses, threats, and vulnerabilities at that stage. This Article sketches the contours of this analytical framework, populates selected portions of its contents, and illustrates how it can inform the selection of privacy controls by discussing its application to two real-world examples of government data releases.

Details

Title Towards a Modern Approach to Privacy-Aware Government Data Releases
Author Altman, Micah (MIT)
Wood, Alexandra (Harvard University)
O'Brien, David R. (Harvard University)
Vadhan, Salil (Harvard University)
Gasser, Urs (Harvard University)
Date 2016-05
Content Type Article
Record Created 2019-11-26
Record ID 1127405
Other Identifiers DOI: https://doi.org/10.15779/Z38FG17
Published in Berkeley Technology Law Journal
Volume 30
Issue 3
Pages 1967
Note Microsoft Corporation, in collaboration with the Berkeley Center for Law & Technology, supported the research and the writing of this report. In addition, this material is based upon work supported by the National Science Foundation under Grant No. 1237235, the Ford Foundation, and the John D. and Catherine T. MacArthur Foundation. We thank the members of the Privacy Tools for Sharing Research Data project for helpful comments.
Record Appears in Scholarship Repository > Law Journals and Related Materials > Berkeley Technology Law Journal > Berkeley Technology Law Journal Articles
Temp Repository

PDF