States, Open Data and Personal Data Protection

How to solve such a dilemma?

Open Data Charter
opendatacharter
6 min readAug 7, 2024

--

By Renato Berrino Malaccorto, Research Manager, Open Data Charter, Cecilia Galván, Director of Public Advocacy Research, Civic Compass, and Joaquin Herrero, Researcher, Civic Compass.

Photo by Jan Antonin Kolar on Unsplash

The new joint report between Open Data Charter and Civic Compass is titled “Access to Public Information, Open Data, and Personal Data Protection: How do they dialogue with each other?” is now available for download. The article gathers information from 4 European and 4 Latin American countries to understand how these two institutes interact within different regulatory frameworks.

Starting point

Between May 2023 and January 2024, Open Data Charter Research Director Renato Berrino Malaccorto wrote a research paper in conjunction with part of the team at Civic Compass, the knowledge and research unit of Civic House. In particular, those involved were Cecilia Galván and Joaquin Herrero, Research Director and Junior Associate respectively, with the collaboration of research assistants Lucía Toledo and Micaela Lattanzi, and Valentina Gonzalez Sisto.

The intention to investigate the dialogue between personal data protection and access to public information arises from the recognition of a change of era: we live in the age of datification. In a context where every day more and more data is collected about each individual, while at the same time states generate more and more information, the magnitude of the information available and the information to be protected makes outdated laws creak. It is hard to imagine how a law written on paper can regulate a phenomenon that is growing exponentially every day. Similarly, it is difficult to imagine a law that can resolve the tension that arises in a context where the state is required to publish more and more information while protecting the privacy of every citizen.

“The importance of the right of access to information and the right to the protection of personal data, both fundamental human rights, raises the need to seek a balance in order to be able to exercise both in a complementary manner, and that one does not jeopardise the guarantees enshrined in the other”.
Extract from the article

Methodology

Taking as case studies Germany, Spain, Estonia, Hungary, Brazil, Chile, Colombia and Mexico, the analysis began by investigating how the regulatory frameworks of each country were configured around data protection and access to public information, analysing different indicators. Once this information was structured, judicial and administrative cases in the country were analysed in order to understand how the judiciary and/or other bodies resolved public tensions between these two principles. In addition, cases and examples of civil society advocacy or documentation (e.g. the EU’s Common Agricultural Policy Regulation) where the tension between the two rights is at stake were also studied. The question guiding this controversy is: how does the state make its information public, but also protect the privacy of its citizens?

Finally, we proposed conclusions, reflections and tools for thinking and working on coherence between the two policies. Some salient findings can be seen below.

Key findings

  • It is important to understand the legal system in order to know how the Right of Access to Information (and Open Data) and Personal Data Protection are enshrined. For this it is important to understand the dialogue between international law and local norms. Although in some regional cases we find a normative hierarchy that does not completely equal them, they are contemplated in International Treaties and in the Constitutions of the countries studied and should be understood in a complementary and not exclusive manner. In the case of Latin America, there are no Community rules, but in the case of Europe, Data Protection has taken on a very strong impulse with the GDPR, which is binding for the Member States and has a great influence in Latin American countries. Five years after the beginning of its implementation, it is important to take into account lessons for its future application.
  • In administrative design and in order to achieve policy coherence, it is important to bring up the different organisational structures that enforcement authorities may have. We find authorities governing the implementation of both rights, while in some countries there are authorities for each of them. Whether or not they are under the same orbit, they need to work in synergy in safeguarding both interconnected rights in order to guarantee them.
  • The rankings analysed also allow us to understand and explore the difference between regulatory structure and performance in practice. The fact that a country is well ranked may speak of its robust normative structure, but performance does not necessarily go hand in hand. At this point, the relevance of Civil Society Organisations (CSOs) that accompany policies, monitor, and give life to claims is fundamental.
  • It seems fundamental to us to highlight the importance of the temporality of the right (both the need for public information and data to be updated periodically, and the importance that requests for access are answered within reasonable timeframes, and that administrative and judicial decisions do not take too long). Delays, in practice, limit the right to know.
  • Another barrier to the Right of Access worth mentioning is the fact that information is not free of charge. Free access to information is a guarantee of access to this key right. Open licences help in this regard.
  • It is also interesting to take into account the trends in the resolution of disputes and what patterns there are at the time of settling the tensions. We can see that in most of the cases that go to court, the decision is usually in favour of granting Access to Public Information, while in other types of examples that do not reach the judiciary, the balance is not so clear and varies according to situations and issues.
  • At this point it is also key to identify the specific subject matter of the controversy between the two institutions. As mentioned, none of the rights are absolute, and hierarchical courts in both regions have made this clear when issues that they consider key and inherent to democratic societies, the public interest and the common good (such as environmental issues or issues of public integrity) are at stake.
  • Each region also demonstrated particularities in the balancing of these rights with third rights. Latin America has ruled in favour of access in cases of crimes against humanity, while in Europe we saw cases that ruled in favour of access when freedom of expression and information are at stake.
  • We have seen current examples, in both regions, where Data Protection limits Access to key information, for example in the cases of registers of beneficial ownership or public funds in the European Union, or in terms of environmental datasets in Latin America.

The way forward

The importance of the right of access to information and the right to the protection of personal data, both fundamental human rights, raises the need to seek a balance so that both can be exercised in a complementary manner, and so that one does not jeopardise the guarantees enshrined in the other. There are different proposals and techniques that allow us to continue working on open data for a more democratic and just society, respecting the right to privacy (from model laws that contemplate open data and also the right to privacy, guidelines or standards that allow us to apply a treatment to data that takes care of Privacy but without denying Access, to principles and ethical bases on Data). Establishing objectives and clear planning in both Access and Protection policies allows administrations to understand the regulations in force, the demands, the resources, the identification of risks, and the taking of the necessary measures to mitigate or prevent them.

Open data and the right to privacy are not only compatible, but must be understood in harmony for the correct application of both and for the safeguarding of human rights.

Open Data Charter and Civic Compass will continue to work together to present the findings in different forums, generate evidence and awareness of the need to balance both rights, replicate the research for more countries and aim to learn about more case studies.

If you are interested in the subject and have opinions, cases or ideas to share, please write to us at info@opendatacharter.org

In addition, you can access the research in Spanish at this link and in English at this link.

--

--

opendatacharter
opendatacharter

Published in opendatacharter

Learn how we are working towards a culture of open and responsible data use by governments and its citizens.

Open Data Charter
Open Data Charter

Written by Open Data Charter

Collaborating with governments and organisations to open up data for pay parity, climate action and combatting corruption.