Components Supporting the Open Data Exploitation
twitter linkedin

Legal Considerations of Open Data publishing

In a number of countries, access to information is a right guaranteed by the Constitution. openConstitutions often guarantee conflicting rights as well, such as the right to
privacy
, so these are sometimes in tension and have to be properly balanced. When it comes to government information, countries typically have Freedom of Information Acts (FOIAs) that regulate in more detail who can request information, who has the legal obligation to provide it, under which circumstances, etc.

For instance in Slovakia, FOIA guarantees access to information to “everyone”: the citizenship or legal age are not a limitation, and neither is personhood. A foreigner, a child, or even a company can request information. However, FOIAs may not always regulate the electronic (digital) availability of data: while in Slovakia it’s possible to request the answer in a digital format, the law doesn’t specify what formats must be available. So if the public office prints out a document from Microsoft Office Excel on paper, scans it back to PDF and returns the result in this way, it’s is considered as acceptable and it´s hard to challenge such behaviour based on FOIA alone.

Legislation in force

Specialized legislation dealing with re-use of public sector information comes into play. Most famous of which are Directive 2013/37/EU on the re-use of public sector information (also known as the PSI Directive) and Directive 2007/2/EC known as the INSPIRE Directive. It is beyond the scope of this document to discuss the INSPIRE directive that is specific to geographic / geospatial data, but we will mention several key principles of the PSI Directive.

All EU Member sStates are expected to transpose PSI directive into their national legislation by June 2015. It is helpful to be aware that the PSI directive is a so-called “minimum directive”, introducing a minimal set of basic obligations common across Member States. In practice, this means that every Member State has to fulfil all obligations of the Directive but is free to introduce legislation that goes beyond PSI directive requirements.

This means that the position of those who require data can be actually even stronger than what the PSI Directive says. If that is the case in a particular Member State, the Decision Maker / politician may have more obligations with regards to making data available. Such situation would favour the users of the data. If you are a politician, be aware that you can introduce stronger requirements and push for more openness. If you do so, try to find the right balance – keep the potential benefits as well as costs (financial, organizational) in mind.  A very good overview of the PSI Directive was provided by the Open Knowledge Foundation blog post and is definitely worth reading.

So far we mentioned the several legal frameworks related to publishing the data: general national constitutions, more specific national legislation, as well as the overall EU framework. It is helpful to be acquainted with all of these legal acts to properly understand the legal context. Legal counsels of organizations (who understand the organizational context) as specialized information legislation consultants are definitely worth consulting when you are willing to publish Data.

On the consumption side,  legal issues relating to the actual use of the data should be considered as well:

To what extent is it possible to rely on the data? If an organization downloads information from a government data portal, can it be sure that the data is guaranteed to be correct? Here is a specific example: if a business uses a government-related web site to check a VAT number of their business partner abroad, can it be sure that it is OK to charge zero VAT for the cross-border business transaction? What if the data is no longer updated? What if a “man-in-the-middle attack” occurs and somebody modifies the data in transit?

Paying more attention to the above issue reveals several layers of problems when Re-using the Data:

  • Guarantee that the data comes from the correct entity – Was data downloaded directly from the organization’s official web site or from a copy somewhere on the web?
  • Guarantee that the data hasn’t been modified in transit – Was data transmitted through an encrypted connection or has its integrity been secured through other verifiable means?
  • Guarantee that the data is fit for legal purposes – this requires more than simple technological measures and must be dealt legislatively as well.

All of these issues are complex and Open Data professionals are only at the beginning to tackle them properly. They become more tangled when data from multiple sources is combined. Steps are being taken to address these problems but for now, the first helpful step is to be aware of the questions: To what extent can I rely on data used? Is this FYI or can this be used in the court of law, if needed? How can I verify this data and prove it is correct?


jan_gondolJan Gondol, PhD., graduated from the Comenius University (Slovakia) in Library and Information Science. He currently works on the COMSODE project at the Ministry of Interior of the Slovak Republic. More information: https://www.linkedin.com/in/jangondol

Social tagging: > > > >

Leave a Reply