Open by Default and Permissible Restrictions for Open Data

(This is part 2 of the analysis “Open Data for Beginners”, you can find out more here)

There are a large number of documents that describe the standards of open data. Some are examples of the soft-law[1] that guides how public authorities should develop open data policies (for example, in the G8 Charter or Open Government Partnership Declaration), while some can effectively impose responsibilities on public authorities (such as the EU Directive on the Reuse of Public Sector Information). The general principles in this study follow those articulated in the G8 Data Charter with references to other more specific principles.

Open by default and permissible restrictions

“Open by default” means that governments should aim for maximum disclosure. The EU Directive on the Reuse of Public Sector Information recommends that

making public all generally available documents held by the public sector — concerning not only the political process but also the legal and administrative process — is a fundamental instrument for extending the right to knowledge, which is a basic principle of democracy.

This is the core standard of any freedom of information legislation.

Such legislation should define information (sometimes referred also as a document) broadly, which in practice means that every piece of information developed or received by a public authority in connection with performing public tasks should be considered “open.”[2] Although there are many examples of legislation that order the release of information as open data,[3] it has to be emphasized that making data open is rarely the decision of lawmakers but is up to the public officials whose ambition is to become reformers. For inspiration, look at the activities of G8 governments as described in the Review of Progress on the Open Data Charter.[4]

According to The Publics Right to Know: Principles on Freedom of Information Legislation,[5] the principle of maximum disclosure

“establishes the presumption that all information held by public bodies should be subject to disclosure and that this presumption may be overcome only in very limited circumstances.

The European Convention of Human Rights expressed in article 10.2 that exercising the freedom of information

“may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society.”

Similarly, the International Covenant on Civil and Political Rights includes the rule that freedom of information

may therefore be subject to certain restrictions, but these shall only be such as are provided by law and are necessary.

The signatories of the Council of Europe’s (CoE) Convention on Access to Official Documents, in article 3, have agreed that

limitations shall be set down precisely in law, be necessary in a democratic society, and be proportionate (…).”

This means that when analyzing which document can be released, a public official should consider whether some restrictions need to be imposed because of the potential harm to third parties or the public interest, and if there is no other means to protect those rights and interest besides restricting access to the document.

Permissible restrictions are generally covered by provisions that regulate the access to information. The most popular one is the need to protect intellectual property (copyright), trade secrets (economic secrets), and privacy and national security (state secrets). If your local access to information legislation does not permit the release of a document, the same rules would also mean that document could not be published or disseminated using open data standards.

Intellectual property

The concept of “intellectual property” entails the need to protect authors or inventors from the exploitation of their works and discoveries. However, for the purpose of access to information, intellectual property rights are commonly understood as copyrights, which means they exclude

documents covered by industrial property rights, such as patents, registered designs, and trademarks[6]

as those are protected by specific regulations. Very often, copyright protects not only the specific information held in the document, but also the whole dataset or database.[7]

In practice, a restriction might apply to the access to detailed research data that was provided by external experts on an evaluation of the public education system. When a government holds rights to any of its documents, it should permit access and reuse. Only when the intellectual property rights belong to a third party should a restriction be considered. Governments should follow the general approach that everything that was funded publicly (such as reports, analyses, and opinions contributed by the external authors) should be available for the public. The importance of this approach is expressed in the Hague Declaration on Knowledge Discovery in the Digital Age,[8] which was signed by representatives of public and nongovernmental cultural and educational institutions; it describes how to make data open without harm to the legitimate interests of the data’s authors.

It is worth noting that the United Kingdom has introduced the Open Government Licence, which limits the restrictive Crown Copyright and enables citizens to freely use and reuse governmental data.[9] Public officials should be also inspired by the UK Government Licensing Framework,[10] which has built a policy around preparing and releasing open data. It is worth to carefully check what possibilities are allowed by local regulations.

Trade secrets

Trade secrets — also referred to as commercial confidentiality or economic secrets — can also be a reason for restricting access to information. Restricting access is explicitly allowed by the EU Directive, CoE Convention, countries’ legislation, and soft-law, including the CSOs’ recommendations. While in some countries, legislation provides a legal definition of a trade secret,[11] in others it refers to different legal acts and is developed in practice.[12]

A company that manages a local public transport system could claim as a trade secret the number of passengers using specific connections. As with any other restriction, it is the responsibility of the specific entrepreneur to clearly state which parts of its information are confidential. It is also important that public administration should consider each time whether such qualification of the information is appropriate given the principle of the maximum disclosure. Such consideration is also called a proportionality test.

National security

National security — or the broader term, a state secret — is another example of a restriction explicitly expressed in numerous documents, including the international and European human rights conventions and soft-law such as the Tshwane Principles on National Security and the Right to Information elaborated upon by 22 NGOs and academic centers.[13] The latter states that

“no restriction on the right to information on national security grounds may be imposed unless the government can demonstrate that: (1) the restriction (a) is prescribed by law and (b) is necessary in a democratic society (c) to protect a legitimate national security interest (…).

For example, reuse of the information concerning locations of police closed-circuit television cameras can be fairly restricted. In most countries, the definition of state secrets is quite similar and involves weighing the conflict between releasing specific information and its impact on the country’s internal and external security.[14]

Privacy

Very often, “privacy” is narrowly defined as protection of personal data[15], but in some cases, it can be defined more widely. The European Convention of Human Rights expressed the need to protect everyone’s private and family life.[16] However, this is also not an absolute exception to maximum disclosure standard. In the famous case of Google vs. Gonzales,[17] the Court of Justice of the European Union allowed for the interference with this fundamental right, stating that public activity of a person (such as a public official or anyone who is dealing with the management of public funds) justifies limiting the protection of their privacy. It is also accepted by the European Court of Human Rights that public officials or candidates to public posts are subject to reduced protection of the right to a private life.[18] This has also broader significance for releasing and reusing personal data that is part of national registries. In Poland, for example, the State Court Registry, which consists of data on company owners, is open and can therefore be reused.[19]


[1] In this publication the soft low is understood as: referring to rules that are neither strictly binding in nature nor completely lacking legal significance. In the context of international law, soft law refers to guidelines, policy declarations or codes of conduct which set standards of conduct. However, they are not directly enforceable. (http://definitions.uslegal.com/s/soft-law (Accessed October 1, 2015.)

[2] Art. 3 of the Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council, and Commission documents define “document” as “any content whatever its medium (written on paper or stored in electronic form or as a sound, visual or audiovisual recording) concerning a matter relating to the policies, activities and decisions falling within the institution’s sphere of responsibility.” Available at http://www.europarl.europa.eu/RegData/PDF/r1049_en.pdf. (Accessed October 1, 2015.)

[3] For example, the Polish Act on Access to Public Information commands central administration bodies to transfer selected data to the Central Repository of Public Information — www.danepubliczne.gov.pl. In the Slovak Republic, thanks to the Act No. 546/2010 Coll., all public contracts (with some exemptions) must be published online. Those that are not published are unenforceable.

[4] http://www2.datainnovation.org/2015-open-data-g8.pdf

[5] Available at https://www.article19.org/data/files/pdfs/standards/righttoknow.pdf. (Accessed October 1, 2015.)

[6] Directive 2003/98/EC of the European Parliament and of the Council of 17 November 2003 on the re-use of public sector information.

[7] According to the Glossary of Public Sector Information and Open Data Terminology, a dataset is a collection of data, usually presented in tabular form, presented either electronically or in other formats. Available at https://data.gov.uk/glossary#letter_d. (Accessed October 1, 2015.)

[8] Available at http://thehaguedeclaration.com/the-hague-declaration-on-knowledge-discovery-in-the-digital-age/. (Accessed October 1, 2015.)

[9] http://www.nationalarchives.gov.uk/information-management/re-using-public-sector-information/licensing-for-re-use/what-ogl-covers/

[10] http://www.nationalarchives.gov.uk/information-management/re-using-public-sector-information/licensing-for-re-use/ukglf/

[11] As in article 1 of the Law on Commercial Secrets in the Republic of Moldova. Available at http://lex.justice.md/index.php?action=view&view=doc&id=312792. (Accessed November 25, 2015.)

[12] For the example of Ukraine, see the expertise of A. Polikarpov. Available at http://www.ligue.org/uploads/documents/cycle%202015/Cycle%202015/Rapports%20B/2015rapportBukrainien.pdf. (Accessed November 25, 2015.)

[13] Available at https://www.fas.org/sgp/library/tshwane.pdf. (Accessed October 1, 2015.)

[14] For example, the Law of Georgia on State Secrets defines a state secret as “information available in the areas of defense, economy, foreign relations, intelligence, national security and law enforcement, the disclosure or loss of which can prejudice the sovereignty, constitutional order, political and economic interests of Georgia or of any party to the treaties and international agreements of Georgia and which, according to this Law and/or treaties and international agreements of Georgia, is predetermined as classified or deemed to be a state secret, and is subject to state protection.” Available at https://matsne.gov.ge/en/document/view/2750311. (Accessed November 25, 2015.)

[15] Which following the article 2 of the   Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data can be defined “as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”

[16] It has also been defined by the CoE in the Declaration on Mass Communication Media and Human Rights, contained within Resolution 428 (1970), as the right to live one’s own life with a minimum of interference. Available at http://assembly.coe.int/nw/xml/XRef/Xref-XML2HTML-en.asp?fileid=15842&lang=en. (Accessed October 1, 2015.)

[17] “… it is justified by the preponderant interest of the general public in having (…) access to the information in question.” Available at http://curia.europa.eu/juris/document/document.jsf?text=&docid=152065&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=70060. (Accessed October 1, 2015.)

[18] Lingens v. Austria (1986), Oberschlick v. Austria (1991), Thorgierson v. Iceland (1992).

[19] This example is among others cited by the ePaństwo Foundation at http://www.mojepanstwo.pl.