Personally Identifiable Information is perfectly adequate, no need to develop a new category of sensitive data

Posted on April 16, 2017  /  0 Comments

Preparing for a session of the Privacy Advisory Group of UN Global Pulse and the UN Privacy Policy Group on 17-18 April, I had cause to reflect on some moves to develop new definitions (sensitive data, meta data and micro data). I may change my mind after listening to the deliberation, but here’s my starting position:

Definitions are developed with some purpose in mind. A definition that is appropriate for one purpose may not be useful for another. Definitions embody assumptions and agendas.

I believe that personally identifiable information (PII), a venerable category of data deeply embedded in privacy theory and practice is the only category of data requiring hard protection. It appears that the introduction of a new category of sensitive data is driven by concerns about so called “collective privacy.” This is an unjustified extension of what is fundamentally an individual quality or right into the collective sphere. As in the case of the electricity billing records, one would face the dilemma of how inform-and-consent could be applied to groups. A household is an organic entity well understood by social science. Some of the “groups” the newly proposed extension are sought to be applied are not so, where there in nothing common among the members than co-presence or something even more flimsy. In addition, as I have repeatedly pointed out to the proponents of group rights, they would destroy pretty much the entire basis of modern public policy, by making it impossible to target any welfare measures or incentives.

In short, there is no need to define sensitive data. PII is adequate. Meta data can be defined and even sub-categories identified. The rationale for introducing a new term “micro data” is unclear. Depending on the purpose, data elements may be aggregated or disaggregated. For example, there are multiple data elements within a CLR such as A number, B number, identifier of originating base station, time call started, etc. For different analyses different data elements may be used. What particular value is gained by calling the entire CLR data and component element micro data is unclear.

Comments are closed.