I’ve not managed weeknotes for a while, though I have been trying to get started again on a journaling practice using Obsidian, and have the opportunity of a train ride down to London today as I head for a week out of Connected by Data work, instead facilitating a team retreat for Open Ownership.
Three kinds of data
Just before Christmas, we published a shared think piece I contributed to, alongside Christopher Wilson (MyData Global), Vinay Narayan (Aapti Institute), Viivi Lahteenoja (MyData Global), Carolina Rossini and Sophie Tomlinson (The Datasphere Initiative). It built on conversations sparked at our Policy Design Lab in Costa Rica last June.
One part of the paper I’m hoping will be of particular use in future is the distinction between data from, data about, and data that impacts the individual.
In the paper, we use the following definitions and examples:
Data from me
Defined as: Data actively provided or generated by an individual.
For example: Social media posts: address information provided when signing up for a service: and data from a smart watch.
Data about me
Defined as: Data that relates to an individual, but that was collected or inferred by a third party.
For example: The inferred profile an advertiser creates; health records made by the doctor; ratings of a gig worker.
Data that impacts me
Defined as: Data with implications, associations, and consequences for an individual.
For example: Wastewater monitoring used to decide on health lockdowns; aggregate transport data used to plan transit infrastructure.
We explain that:
“Distinguishing between ‘data from me,’ ‘data about me’ and ‘data that impacts me’ is important because it highlights how ‘non- personal” data is nevertheless personal. Even though these categories may overlap in practice or regulation, distinguishing between them highlights the different kinds of data protection strategies and tools that are available for each.”
For example, it may, in theory, by more plausible to assert pre-emptive control over data from me through individual technical measures, and technically possible albeit burdensome to use data protection laws to assert control over data about me, but shaping use of data that impacts me is likely to be particularly tricky without turning to forms of collective action.
I’m sure this threefold framework has been used by others, but I’ve not to date found a simplified expression like that we offer in the think-piece. I’d be interested to hear both about prior work we should have spotted/cited (and to correct the record if so!), and to hear any critical exploration on the utility and limitation of this set of conceptual distinctions.
Other January threads
January has been a busy month pulling together threads of work from last year, and planning for new activities in 2024. In particular I’ve been:
- Wrapping up a report that builds on the People’s Panel on AI to recommend wider use of Deliberative Review processes within data and AI governance, particularly as part of multi-stakeholder events, conferences and summits. The report is out soon, but in the meantime, here’s video recently published of us taking the Panel to the Tech UK Digital Ethics Summit in December;
- Diving into research into the learning needs of local government around AI as part of our work on a series of LGA explainer videos on AI. This has included some fascinating interviews, and an insightful session at UKGovCamp XL in London last Saturday, gathering a long list of the things officers and elected members (and the public) might need to know to think constructively and critically about the role of AI in public services;
- Picking up work to develop resources coming from our Design Lab on AI & Deliberation in November, planning out activities in February to develop a draft guide to support participation practitioners to deliver effective engagement activities focussed on data and AI;
- Reading and reflecting on Dan McQuillan’s Resisting AI - which provides a powerful counterpoint to AI-hype, a robust critique of AI adoption in the context of public sector austerity, and a sceptical take on the possibility of institutionalised participatory processes of governance;
- Joining the first session of a Data & Society convened talk series on Participatory Methods in Governance (of data and AI), hearing from the authors of this fantastic paper that critically assesses the participatory turn in AI design, finding that, much as McQuillan’s book suggests, that participatory practice within corporate institutions leaves little space to question the fundamental operation of AI systems, as opposed to tinkering with implementation details;
- Jumping back into looking at the AI policy of the Green Party of England & Wales through a small policy working group, engaging with the challenge from my co-convenor of the group to explore the positive potentials of AI as well as critiques.
As I reflect on these different strands of work and conversation: and some of the tensions evident in them, I’m led back to, what I think might be the other useful contribution of the recent think-piece. We titled it “Combining individual and collective strategies to confront data power”, and in an earlier draft, had a sketched graphic that tried to present the possibility of seeing different data movements (e.g. movements for data commons, and movement for personal data stores) as either pulling apart in different directions from the status quo of data power, or confronting data power from different flanks. When we consider the kinds of social transformations required to bring about a data economy and ecology that genuinely serves the public good, we need many forms of action. In considering how the research and practice work at Connected by Data can contribute to the kinds of transformations we need in our data economy and ecology over the year ahead, I need to keep in focus the question of how each intervention opens up data power, rather than reinforces, or risks co-option in service of, the status quo.