Personal information is used to make decisions about us that affect our everyday lives, from credit decisions through to the kind of public services we receive. To have more control over those decisions, we need more influence over how personal information is used to help make them. But so far policy has been driven too narrowly by the needs of organisations, government departments and business. And we have focused primarily on data security and the accuracy of the information.
That has left two important gaps. First, a failure to focus on and debate the acceptable legitimate uses of information. It is these processes and policies that will ultimately determine how information affects our lives. The only route to legitimate, trustworthy information policy is to switch the focus to the needs and attitudes of the people these decisions affect.
This research will use a deliberative dialogue to bring this public voice to the heart of the debate about personal information. The project is co-sponsored by the Information Commissioner’s Office and Consumer Focus.
How the project will work
The project will run from July 2009 to February 2010. The core of the project will be a 'People's Inquiry', drawing on Demos’ previous deliberative work such as Nanodialogues.
Following this, we will run expert stakeholder seminars to develop the insights from the People’s Inquiry into practical ideas for policy and practice.
We will be publishing the outputs at two stages. First, we will publish the transcripts and the summary of the People’s inquiry in October. Second, we will publish a Demos pamphlet outlining the findings of the project in February 2010.
What we will look at
We will be covering four topics through the Inquiry.
Good data protection policy is based on the notion of people giving consent to the use of data. But this is becoming increasingly problematic. This session will look at why organisations use information, why it is valuable, ultimately focusing on the problem of being able to say ‘yes’ or ‘no’ to the use of data.
Online behavioural profiling
Internet service providers can track people’s behaviour. Google’s business model rests on learning more and more about people’s habits and tastes. But how do the resulting banks of information help organisations build profiles of who we are, and how does that affect how they respond to us? What benefits do people get from this? Why are people so willing to share information about themselves online? What are the affects of this? This session will look at people’s attitudes to the monitoring of their online behaviour.
Health and personal medical records
Increasing people’s access to their medical records can be a tool to help them manage their own care more effectively and to encourage a better relationship between professional and patient. However, at the same time, that information can be used for research, to help inform insurance decisions – in short, inform the perceptions of people’s wellbeing and health decisions. How do people feel about the use of their medical records as they become used in new ways?
Regulation of personal information
Who should be responsible for the regulation of personal information policy and in what ways? How much responsibility should the individual have for the way their personal information is used? What kinds of support, safeguards, education and recourse is needed to support that individual responsibility? What responsibilities do businesses have?
In 2007 Demos published FYI – The new politics of personal information in which we argued that, as personal information becomes more and more important to governments and businesses, the public have less and less control over what organisations know about them. Just as technology seems to give us control over how other people see us, whether it is through our online profiles or our mobile phones, it can take it away. Organisations can draw on and share an unprecedented amount of information about the people they deal with. This is gifting others the currency to make decisions about who we are and how to respond to us, too.
The question of what makes for ‘better’ decisions through information use is under explored. Until now, the personal information debate has tended to take place in the language of technical possibilities and legal frameworks. Public attitudes to personal information technologies are often invoked but rarely explored, sidelined by a focus on data security and accuracy. This project will address that imbalance and look at ways to put people’s voice at the heart of personal information policy.
FYI: the new politics of personal information argues that individuals do not have enough influence over how personal information is used, and that we need to reconnect the everyday experience of giving away our details with the longer-term consequences.
Paul Ohm, University of Colorado Law School, writes on how policy makers can determine between legitimate and illegitimate collection of data by Internet Service Providers.
In this short essay, written for a symposium in the San Diego Law Review, Professor Daniel Solove examines the nothing to hide argument.
'This web site is meant to serve as a resource on deep packet inspection. It grew out of a desire at the Office of the Privacy Commissioner of Canada to understand more about a technology that has application in network traffic management, behavioural advertising, and law enforcement.'
Richard Clayton, of University of Cambridge, on Phorm - a firm that specialises in targeted advertising by monitoring web use.
Lots of excellent writing on surveillance studies at Professor Lyon's University home page.
A report prepared by Nicolas Rigaud for OECD International Futures Project on “The Bioeconomy to 2030: Designing a Policy Agenda"
Tim Kelsey argues that smarter use of public service statistics can save lives as well as money.
Google's Privacy Counsel, Peter Fleischer, on whether an IP address is personal information.
Bibliography of American academic Joseph Turow - who writes on the development and effects of niche and targeted advertising.
by Edgar A. Whitley and Ian Hosein
A privacy and technology policy expert
Electronic Frontier Foundation on the coalition of consumer and privacy groups calling for greater protection against targeted advertising.
The store of documents and outputs from the EU's Artcle 29 Data Protection Working Party, which is an EU body looking at the new issues of data protection.