Post updated on Monday 26 January
“I’m from the government and I’m here to help”
In 1986 President Ronald Reagan quipped that these nine words are the most terrifying in the English language.
Well, as the state begins to harvest huge quantities of personal data and to build all-encompassing databases, another nine word phrase is about to strike far more terror when you hear it.
The state has come late to the big data game but it is now making up for lost time and is embracing it with enthusiasm. The scale of each new project is matched only by the controversy generated when the public learns how their personal data will be obtained and processed – usually after decisions have been made and the project is about to be rolled out.
We have Irish Water and PPSNs, the Irish genealogy database which published the birth records of the entire population on the web and proposals for data sharing and governance legislation to facilitate the sharing of personal data between state bodies.
Unfortunately the enthusiasm for collecting personal data has so far not been matched with a similar effort to comply with data protection law. Many projects are developed without privacy impact assessment and are presented as faits accomplis leading to inevitable clashes with the public and the independent Data Protection Commissioner.
Most recently comments by the Minister for Education that the Data Protection Commissioner was satisfied with the Department of Education’s plan to build the Primary Online Database lead to the Commissioner being forced to publicly contradict the Minister indicating that discussions were ongoing.
So what nine words could possibly strike terror into the hearts of a population that survived the crash of the Celtic Tiger? Well they are:
I’m from the government and your data is anonymised
From recent reports it mow appears that the Department of Education is discussing anonymisation of the Primary Online Database with the Data Protection Commissioner.
Well someone should ask Mayo TD Michelle Mulherin how anonymisation is working for her.
Impressive detective work in ST today. pic.twitter.com/YEpeTTZtQi
— Richie Oakley (@roakleyIRL) January 25, 2015
The Sunday Times reports that Ms Mulherin was the only TD in the Irish parliament on the dates when expensive phone calls were made to a mobile number in Kenya. The details of the calls were released under the Freedom of Information Act in an “anonymised” database. While it must be said the fact that Ms Mulherin was the only TD present on those occasions does not prove she made the calls – the reporting in the press is now raising the possibility that it was her.
From a data protection point of view this is a perfect example of the difficulty with anonymisation. Data protection rules apply to personal data which is defined as data relating to a living individual who is or can be identified from the data or from the data in conjunction with other information. Anonymisation is often cited as a means for processing data outside the scope of data protection law but as Ms Mulherin has discovered individuals can be identified using supposedly anonymised data when analysed in conjunction with other data.
In the case of the mysterious calls to Kenya even though the released information was “anonymised” to protect the privacy of public representatives, the phone log used in combination with the attendance record of public representatives and information on social media was sufficient to identify individuals and at least raise evidence of association between individuals and certain phone calls. While this may be well and good in terms of accounting for abuses of the phone service it also has worrying implications for the ability of public representatives to conduct their business in private.
The bottom line is that anonymisation is very difficult if not impossible as Ms Mulherin has learned to her cost. It certainly is a lot more complex than simply removing names and other identifying features from a single dataset. The more data that there is and the more diverse the sources the greater the risk that individuals can be identified from supposedly anonymised datasets.
In fact true anonymisation is a hard problem mathematically and to make a claim of anonymisation a data controller should be required to provide formal proof that anonymisation has been achieved. I suspect this is impossible in all non-trivial cases.
The Open Data Institute in the UK has published a truly excellent presentation from Ross Anderson who takes the view that it is impossible.
ODI Friday Lunchtime Lecture: Why anonymity fails – Professor Ross Anderson from Open Data Institute on Vimeo.
Update: The Irish Independent is reporting this morning the Ms Mulherin has admitted making the calls to Kenya but that they were not personal calls.