Tag: BCEF

Online Event: Down with Privacy, Long live Privacy

Author jyotishaw | Posted on

Join us on Wednesday 14th October – 18:00 – 19:30

REGISTER HERE

This online webinar is hosted by Data Research, Access & Governance Network (DRAG*N) with presentations from Felix Ritchie (UWE Bristol) who will present on the newly formed DRAG*N Research Group and Darian Meacham (Maastricht University, Netherlands) who will present ‘Down with Privacy, Long Live Privacy’.

Privacy remains a central concern in deployment of data-sharing technologies. These concerns have been addressed in various ways, from glib “nothing to fear if nothing to hide” attitudes, to serious undertakings toward the development of privacy preserving technologies in federated learning environments (for example). Privacy is often understood in terms of a trade-off that citizens make in exchange for convenience or other forms of utility. In this presentation, I will look at the meaning of privacy in relation to informational asymmetry and governance. I argue that by examining this key concern through the lens of these related concepts, we can get a better grasp of what’s at stake in caring for privacy. 

More about the speaker:

Darian Meacham is Assistant Professor of Philosophy at Maastricht University in the Netherlands and Principle Investigator for Ethics and Responsible Innovation at the Brightlands Institute for Smart Society (BISS). His research focuses on techno-political change: how technological developments transform our political world and the ideas that we use to describe it. He is editor of the Journal of the British Society for Phenomenology. 

All are welcome to this FREE Webinar, please click the link below to register your interest!

REGISTER HERE


‘Five Safes’ or ‘One Plus Four Safes’? Musing on project purpose

Author jyotishaw | Posted on

by Felix Ritchie and Francesco Tava

A recent working paper discusses the ‘Fives Safes’ framework for confidential data governance and management. This splits planning into a number of separate but related topics:

  • safe project: is this an appropriate use of the data? Is there a public benefit, or excessive risk?
  • safe people: who will be using the data? What skills do they have?
  • safe setting: how will the data be accessed? Are there limits on transferring it?
  • safe data: can the detail in the data be reduced without excessively limiting its usefulness?
  • safe outputs: is confidentiality protected in products such as tables of statistics?

This framework has been widely adopted, particularly in government, both as a practical guide (eg  this one ) and as a basis for legislation (eg the UK Digital Economy Act or the South Australia data sharing legislation

As a practical guide, there is one obvious limitation. There is no hierarchy among the ‘safes’, and they are all interrelated; so which should you put most emphasis on?

We use the Five Safes to structure courses in confidential data management. One of the exercises asks the attendees to rank them as ‘what should we be most/least concerned with?’ The point of the exercise is not to come up with a definitive ranking, but to get the attendees to think about how different elements might matter in different circumstances.

This exercise generates much discussion. Over the years, we have had participants putting forward good arguments for each of the Five Safes as being the most important. Traditionally, and in the academic literature, Safe Data is seen as the most important: reduce inherent risk in the data, and all your problems go away. In contrast, in the ‘user centred’ planning we now advocate (eg here], Safe People is key: know who your users are, and design ethical processes, IT systems, training and procedures for them.

When training, this is the line we usually take, because we are training people to use systems which have already been designed. The aim of the training is to help people understand the community they are part of. Our views are therefore coloured by the need to work within existing systems.

Our thinking on this has been challenged by the developments in Australia. The Australian federal government is proposing a cross-government data sharing strategy based on the ‘Australian Data Sharing Principles’ (ADSPs). The ADSPs are based on the Five Safes but designed as a detailed practical guide to Australian government departments looking to share data for analysis. As part of the legislative process, the Australian government has engaged in an extensive consultation since 2018, including public user groups, privacy advocates, IT specialists, the security services, lawyers, academic researchers, health services, the Information Commissioner, and the media.

Most of the concerns about data sharing arising in the consultation centre on the ‘safe project’ aspect. Typical questions that cropped up frequently included:

  • How do we know the data sharing will be legal/appropriate/ethical?
  • Who decides what is in the ‘public interest’?
  • How do you prevent shared data, approved for one purpose, being passed on or re-used for another purpose without approval?
  • What sort of people will we allow to use the data? Should we trust them?
  • What will happen to the data once the sharing is no longer necessary? How is legacy data managed?
  • Do we need to lay down detailed rules, or can we allow for flexible adherence to principles?
  • Where are the checks and balances for all these processes?

These are all questions which need to be addressed at the design stage: define the project scope, users and duration, and then assess whether the likely benefits outweigh costs and reasonable risks. If this can’t be done… why would you take the project any further?

Similarly, in recent correspondence with a consulting firm, it emerged that a key part of their advice to firms on data sharing is about use: the lawfulness of the data sharing is relatively easy to establish – once you have established the uses to which that shared data will be put. Some organisations have argued that there should be an additional ‘safe’ just to highlight the legal obligations.

This is particularly pertinent for data sharing in the public sector, where organisations face continual scrutiny over the appropriate use of public money. A clear statement of purpose and net benefits at the beginning of any project can make a substantial difference to the acceptability of the project. And whilst well-designed and well-run projects tend to be ignored by people not involved, failures in public data sharing (eg Robodebt or care.data) tend to have negative repercussions far beyond the original problems.

This is not the only concern facing data holders in a digital age of multi-source data. Handling confidential data always involves costs and benefits. Traditional approaches that focus on Safe Data identify the data holder as the relevant metric for these costs and benefit. A recent paper shows how this vision is at odds with the most recent developments in the information society that we live in. Consider the use of social media in research: is any of the actions by the author, the distributor or the researcher sufficient in itself to establish the moral authority of an end use? In this modified context, traditional ethical notions such as individual agency and moral responsibility are gradually substituted by a framework of distributed morality, whereby multiagent systems (multiple human interactions, filtered and possibly extended by technology) are responsible for big morally-loaded actions that take place in today’s society (see on this).

In this complex scenario, taking the data holder as the only arbiter of data governance might be counterproductive, insofar as practices that are morally neutral for the data holder (for example, refusing to consider data sharing) could damage the multiagent infrastructure which that data holder is part of (eg limiting incentives to participate). On the other hand, practices that can cause a minor damage to one of the agents (such as reputational risk for the data holder) could lead to major collective advantages, whose attainment would justify that minor damage, and make acceptable on a societal basis.

In order to minimise the risks, an innovative data management approach should look at the web of collective and societal bonds that links together data owners and users. In practice, this means that decision-making regarding confidential data management will not be grounded on the individual agency and responsibility of individual agents, but will rather correspond to a balance of subjective probabilities. On these premises, focusing on the Safe Project makes pre-eminent the notion that data should be made available for research purposes if the expected benefit to society outweighs the potential loss of privacy for the individual. The most challenging question is, of course, how to calculate this benefit, when so many of the costs and benefits are unmeasurable.

And this is the difference between Safe Projects and the others. ‘Safe projects’ addresses the big conceptual questions. Safe people, safe settings and safe outputs are about the systems and procedure to implement those concepts, whilst Safe Data is the residual (select an appropriate level of detail once the context is defined). So rather than Five Safes perhaps there should be One Plus Four Safes…

About the authors

Felix Ritchie is Professor of Applied Economics in the department of Accounting Economics and Finance

Francesco Tava is Senior Lecturer in Philosophy in the Department of Health and Applied Social Sciences

Update from Annie Tubadji, Senior Lecturer in Economics

Author Research, Business and Innovation | Posted on

Senior Lecturer in Economics, Annie Tubadji is currently a Specially Appointed Lecturer at Hokkaido University in Sapporo, Japan.

As part of her visiting scholar activities, Annie will deliver an undergraduate and postgraduate course on the “Economics of Happiness” at Center for Regional Economic and Business Networks (REBN) Summer School Institute.

As part of my Visiting Scholar activities, I will deliver here two courses (undergraduate and graduate ones) on economics of happiness at their Center for Regional Economic and Business Networks (REBN) Summer School Institute.

As part of her visit, Annie will also be delivering two specially invited lectures.

More on the Summer School Institute can be found here

Pro-environmental employee and consumer behaviour conference 2019

Author Research, Business and Innovation | Posted on

The Bristol Centre for Economics and Finance’s first conference on Pro-environmental employee and consumer behaviour was held on the 29th of April 2019.

The day was a major success with around 80 registered participants and 14 presenters with many attending organisations and academics.   The event was highly energised, with many thought provoking questions for speakers and an atmosphere full of interest. 

Bristol Green Capital introduced the day,  the afternoon session was opened by the Future Economy Group and the closing of the conference was led by Dr Peter Bradley. We would like to thank again everyone who participated.  The event will run again next year.  The slides from the day, for those who are further interested in the conference and would like to find out more, can be found here.

Back to top