Opening Address, Data Sharing and Interoperability GovInnovate Workshop

16 November 2016
Tags: GovInnovate privacy information access de-identification Timothy Pilgrim

Opening address by Australian Information Commissioner and Privacy Commissioner, Timothy Pilgrim, at the GovInnovate Digital Government Conference in Canberra

Good morning.

I acknowledge the Ngunnawal people as the traditional custodians of this land, and pay my respect to elders past and present.

Today, we’re here to discuss privacy, data, de-identification; and the opportunities these present together.

Those are, I believe, significant – for Australian Government, businesses and communities.

Big data has changed the way we identify trends and challenges, as well as identify opportunities. As a result, it has the potential to bring about great social and economic benefits.

Trends drawn from big data can be used to personalise individuals’ experiences, to target products and services, to improve health management, crime prevention, and emergency responses.

And as the amount of data is growing exponentially, that potential can only increase. 

As the Productivity Commission’s recent Issues Paper explains, 5 billion gigabytes of data was generated worldwide in the year 2002. 

We now generate it every two days.

And as our digital touch points increase, and the Internet of Things becomes more and more embedded in our everyday lives, the data we create becomes increasingly valuable.

Valuable to both private and public sector alike.

Prime Minister Turnbull made this clear when he released the Australian Government Public Data Policy Statement at the end of last year.

It recognises data held by the Australian Government as a strategic national resource that holds considerable value for growing the economy, improving service delivery and transforming policy outcomes for the Nation.

This priority is reflected in the fact that the Prime Minister’s own Public Data Branch is leading data innovation across the public service.

And the Productivity Commission report into Data Availability and Use has raised significant ideas about how personal data should be managed and accessed in Australia.

My Office, the Office of the Australian Information Commissioner, has long supported the view that public information is a national asset.

We understand that the potential of that resource may be best realised when data can be shared, used and built upon.

But we also understand that this can only occur sustainably, if privacy, or to put it more accurately, personal information protection, is integral to the equation.

Simply put, a successful data-driven economy needs a strong foundation in privacy.

Our experience and community research shows that by and large people do want their personal information to work for them, provided that they know it is working for them.

When there is transparency in how personal information is used, it gives individuals clarity, choice and confidence that their privacy rights are being respected. 

Accordingly, good privacy management and great innovation go hand in hand.

Because when people have confidence about how their information is managed, they are more likely to support the use of that information to provide better services.

Building this trust is key to our big data challenges — whether sought in the form of customer confidence or community mandate.

That trust is further challenged by the nature of secondary uses of data, and how these challenge current understandings of consumer privacy.

Significantly, our Community Attitudes Surveys show that 97 percent of Australians don’t like their personal information to be used for a secondary purpose.

This is a critical challenge to big data. Because big data projects will often involve secondary use of data, and beyond.

If that data finds its source in personal information, then we have a clear dissonance between our known and understandable desire that our personal information works for us and for the purposes we explicitly provided it for vs the demonstrable innovative power of that data to improve our services and lives.

Addressing this dissonance will require a multi-pronged approach. 

And part of the solution, potentially a significant part I suggest, lies in getting de-identification right.

This includes ensuring that government agencies, regulators, businesses and technology professionals have a common understanding as to what “getting it right” means.

At the moment, that common clarity is not evident, but perhaps we can help address that today.

After all there are people in this room with considerable expertise in this issue, and as per the Productivity Commissioner’s comments earlier this year, we need to move this sort of expertise knowledge “out of the backroom and in to the showroom” in order to build public confidence in this potential privacy solution.

Because it is a potential solution.

De-identification can be a smart and contemporary response to the privacy challenges of big data – which aims to separate the “personal” from the “information” within data sets.

The Privacy Act deals with personal information, that is information about a person or from which a person might reasonably be identified.

Hence, if done correctly, de-identified information is no longer personal information and is therefore outside the scope of the Privacy Act entirely.

Sounds promising doesn’t it?

But caution! The answer is both as simple, and as complex as that.

Because what does “done correctly” entail?

De-identified means de-identified in whose hands?

And in what use?

If I am the collector of the personal information, am I obliged to have regard to the re-identification potential of data in its current context, the next foreseeable context, or any context?

Are these contexts truly foreseeable and assessable? Or should we consider whether there is a case that some types of information are too sensitive for any unit data release, and should be subject to other access controls?

If so, what sort of criteria would we apply to such an assessment?

And what about the ability of data analytics to create entirely new and personal information — raising the prospect of an entity effectively collecting new personal information by creating it?

These are all pertinent questions and issues that will be informed by today’s discussions.

And to be clear, I doubt that any of these answers will be particularly black and white. And that’s Ok.

The Privacy Act is principles, not prescription, based, and ultimate answers as to compliance with it will often be bespoke to the circumstances. 

It is also clear from the speed at which this big data is evolving that any privacy solution which is purely regulator-driven, without the voice of industry, consumers and government agencies to inform it, will not serve our purposes here.

Rather, ensuring that the application of these our Privacy Principles is as practical as possible in real world examples, is of benefit to both regulator and regulated alike.

The OAIC understands that this is an area of regulation where agreed industry terms and standards will be critical — not only to the actual efficacy of de-identification, but also to provide public confidence in it as a solution.

The other thing that continues to be demonstrated in 2016 is that why de-identification is a simple enough idea to embark on, the devil is truly in the detail.

I have occasionally, perhaps wistfully, compared de-identification’s potential within our current race to harness data, with the potential of rocket science to realise the race to the moon.

Both are simple enough concepts to understand.

Both are fiendishly complex in execution.

Both require significant technical expertise, and testing, to get them right.

And, in both cases, failures to get them right can be quite explosive, and very public.

I’m sure some of our panellists today can provide real world insights into examples of both successful and failed de-identification missions.

Indeed, the risk of re-identification has recently attracted legislative attention, with Parliament considering amendments to prohibit deliberate re-identification of Government data sets.

This is a reflection of both community concern about protecting personal identity within big data projects, and Government’s concern to protect the immense value of our national data potential.

But I stress these factors are not arguments against de-identification as a privacy solution, but arguments for getting it right, with agreed industry standards, checks and balances, audit and review, and quality control built into your processes.

The best way to avoid the prospect of re-identification remains to de-identify properly, and appropriate to the context of release. 

So I thank, very sincerely, the panel of experts, from quite diverse perspectives, that have generously donated their time and knowledge to our discussion today.

I know that many of you hold differing views on many aspects of this issue, and I absolutely welcome that.

It makes our discussion today, and the policy and guidance it will ultimately inform, all the richer. While the OAIC has guidance in this area it is a rapidly moving one, both here and overseas, and we are looking to keep at the forefront of this. So I encourage everyone here to engage with the debate, including through questions to our panel.

Finally, I stress as Privacy Commissioner that de-identification is not the only approach available to manage the privacy dimensions of big data, but we are keen to explore its potential when done fully and correctly.

That potential could include the ability to facilitate data sharing between agencies, and unlock policy and service gains of big data innovation, whilst protecting the fundamental human right to privacy.

That is a great prospect, and one worth pursuing.

If we – that is, government agencies, political and community leaders, researchers and academics, businesses and innovators – are able to define this potential accurately, and with some consensus, that that would be a powerful boost to Australian innovation.

If we are able to build genuine consumer and community confidence that the innovations that businesses and agencies undertake with data create community benefit and protect personal privacy – then I believe a significant new innovation mandate will take hold.

So…. let’s see if we can get a step closer to that promise today.

Thank you.