Towards a Magna Carta for Data

2 Oct 2015

A recent think tank discussing the potential adoption of a Magna Carta for data saw stakeholders from all across the industry converge to start the debate.

Hosted by the Insight Centre for Data Analytics, the meet-up was held as part of Predict, with topics such as ethics, security and practicalities all entertained.

Insight’s Prof Barry O’Sullivan chaired the event, which saw speakers from all over the country add their tuppence-worth to a discussion that is set to rumble on for many months to come.

Insight is based in Dublin, Galway and Cork and was set up on the back of what many perceive as a ‘data explosion’, as Ireland takes centre stage with a plethora of IT and science multinationals based here.

Data, as O’Sullivan explained, is everywhere. It may even be today’s oil.

The challenges surrounding the ownership of personal data, or the “behaviours and standards users expect of those who consume their data” must therefore be investigated.

Professor Barry O’Sullivan (Insight@UCC)

Prof Barry O’Sullivan (Photo via Insight@UCC)

“As individuals we can no longer be anonymous,” he said. “This is a serious issue, now that we’re in the ‘big data age’. There are a lot of questions that need to be answered at this point.”

There’s a huge debate going on about data, right up to the General Data Protection Regulation that’s being negotiated in Europe.

“As citizens we’re becoming very aware of the consequences of sharing our data, but there isn’t the right infrastructure to protect the user. There isn’t an agreed sent of principles,” he said.

To take on that baton, and suggest principles, Pauline Walley, SC, an Irish barrister interested in privacy and data protection laws, took to the stage.

“I act for clients who are defamed online, harassed online,” she said, noting that it’s “extraordinary” that this debate has not happened before.

Walley also noted how this isn’t the first time, nor will it be the last, that the law has trailed behind technology.

Pauline-Walley-SC

Pauline Walley, SC, a barrister interested in privacy and data protection laws

She explained how the automobile, for example, had a similar history. Originally the toys of the elite, it was only when injuries and deaths began to occur that society felt the need to step in and regulate.

Walley went on to describe a checklist of things we need to enact in order to make the online community safer for everybody, including tech-savvy judges, all-night courts and modern, structured ways to take down content.

NUI Galway’s Dr Heike Felzmann then spoke of the trust and responsibility behind big data practices.

Any rulebook should be transparent and interactive, she feels, tying both the actors and innovators behind big data projects into a mutual understanding of how services work, and whether they are desirable in society.

“I think a Magna Carta for data shouldn’t just be focused on individual rights in relation to data but also what do those who deal with the data and develop those innovations, how do they include the concerns that society might have about that,” said Felzmann.

Is there any way in which we could add to a Magna Carta to provide structures that allow engagement across the creation and reception of services?

Felzmann hopes so, although for that to happen she accepts much more discussions are needed.

Of course, for any regulation to come into force, it must have some focus on security, which Dr Simon Foley, security expert at UCC, went on to detail.

Pinning his idea around the technical challenges faced in securing users’ online data, Foley discussed Shannon’s maxim, and how we can’t rely on security by obscurity.

“Shannon’s maxim is one of the pillars when it comes to designing secure systems,” began Foley, highlighting education as a way to tackle problems coming down the line with big data.

“We don’t want a situation where the designer knows how the system works, the attacker knows how the system works, but the person using the system doesn’t,” he said.

People still don’t agree on the true definition of security online, which is an obstacle for Foley and his peers when it comes to designing a protocol for online security.

Teaching the user how different security applications are created, though, can help change this.

Rob Kitchin, a lecturer at Maynooth University and author of The Data Revolution , pointed out, though, that security shouldn’t demand all the focus.

From philosophical, grandiose issues to small, localised customisation concerns, there are plenty of talking points ahead of any Magna Carta for data, he said.

Kitchin detailed a plethora of aspects of online life that we need to take into consideration before anyone can put pen to paper on a set of rules and regulations.

“This boils down to more than just privacy and security,” he explained.

Issues around ownership and control, the buying and selling of data, provenance, surveillance and general acceptance of app requirements muddy the waters somewhat.

“This discussion is worthwhile, but it isn’t the panacea for the topic.”

This all revolves around consent. What is it we, as consumers, are allowing companies to do with our information?

Dr Vivien Rooney, an applied psychologist at UCC, took us through the intricate and complicated environment created by informed consent, which puts pressure on researchers, subjects and, therefore, everybody.

“Informed consent should move away from a static step that we take at the beginning of a research project, towards a participatory relationship throughout the process,” began Rooney as she described the trials and tribulations of consent.

From the ease at which we can sign a release to requests to take back what we have just said, Rooney described a mounting stress on both researchers and subjects, where often we just want to cruise along nicely.

In the context of big data and a Magna Carta to define these paramaters, the inference could not have been clearer. We need an open, ongoing dialogue. A simple signing-off at the initial introduction to an agreement or research project isn’t enough.

“Informed consent isn’t a procedure you can encapsulate in a single act,” she said. “From recruitment through data gathering and analysis, it is a process.”

That was something we can probably all agree on.

Siliconrepublic.com’s Data Science Week brings you special coverage of this rapidly growing field from 28 September to 2 October 2015. Don’t miss an entry worth your analysis by subscribing to our news alerts or following @siliconrepublic and the hashtag #DataScienceWeek on Twitter.

Main image via Shutterstock

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com