The Spanish Agency for Data Protection (Agencia Española de Protección de Dato, AEPD) has published two guides that should help Spanish institutions to publish public sector information (PSI) as open data.
The first, 'Guidance on data protection in the re-use of public sector information', informs managers on all aspects relevant to promoting and facilitating the re-use of government information, while at the same time implementing guarantees on the protection of privacy-related information. It starts with an analysis of the regulatory framework for re-use, and its interrelationships with legislation on data protection, transparency, and public information. The guide then assesses the impact of re-use on the protection of personal information, followed by technological and organisational measures, and legal guarantees for (pseudo)anonymisation.
The second guide, 'Guidelines and procedures to guarantee anonymisation of personal data', provides concrete techniques to implement the measures from the first guide.
The two, in conjunction, should serve as an enabler for open data, allowing the development of studies and research of social, scientific and economic interest, thereby stimulating economic growth and employment, without harming the privacy of citizens.
Risks and returns
According to the AEPD, the main risk of making available PSI is the re-identification of citizens. The high commercial value of personal profiles and mining technologies for big data make this both viable and feasible. These risks, however, should not lead to restrictions on the re-use of government information, but be eliminated by developing technologies that reconcile technical and economical advancements and citizens' fundamental rights to data protection.
According to estimates by the National Observatory for Telecommunications and the Information Society (ONTSI), the re-use of PSI generates an annual turn-over of EUR 450-500 million in Spain, and accounts for 45,000 jobs.