What should be considered with regard to personal data?

Perform a legal check before making data available

Before data can become available as open data, a legal check must first be done. If it is clear which data may be published, it must be checked whether the opening thereof is not contrary to any legal rule. A legal check is done for this. This step is very important, because releasing datasets that violate legal rules can lead to liability issues and a lot of negative publicity. In other words: don't forget this check and do it thoroughly! It is of course also advisable to involve the legal affairs department of your organization in this exercise. This check consists of four steps which we explain in more detail below.

Check public availability

The main rule in the Netherlands is that government information is public, unless a legal rule provides otherwise. Exceptions to the main rule are included in the Government Information (Public Access) Act (Wob) or other special regulations. It is therefore important to check in advance whether there are no exceptions for the selected datasets. If data is not public, it may not be reused. The steps below can be used to determine whether data is public.

Which public disclosure rule applies?

In order to determine the applicability of the disclosure regime, we must first determine:

  1. Does it concern administrative bodies?
  2. Does it concern administrative information?
  3. Does the dataset reside with the administrative body?
  4. Is the requested information available in documents / data?
  5. Is the applicability of the Wob excluded?

Is the information public?

If we have determined that it concerns information to which the Wob applies, then the main rule - in line with the open data philosophy and the Dutch policy ambitions - is that the information is public and must be released for reuse. However, the Wob has a number of exceptions: types of administrative information that are not public. Naturally, a government organization must test these exceptions. If an exception applies, the information may not be released for reuse.

When assessing whether administrative information may be disclosed, the administrative body must check whether the disclosure does not conflict with the interests explicitly stated in the Wob. These are laid down in article10 of the Wob (in Dutch) and can be divided into two types: the absolute grounds for refusal and relative grounds for refusal.

Absolute grounds for refusal

In case of absolute grounds for refusal, information will not be provided at all times. This is the case if the provision of the information:

  1. could threaten the unity of the Crown;
  2. could harm the security of the State;
  3. if it concerns company and manufacturing data that have been confidentially communicated to the government;
  4. if it concerns special personal data.

Relative grounds for exception

In case of relative grounds for refusal, the administrative body has a discretionary power. It must strike a balance between the general abstract interest of public access and the interests mentioned in Art. 10 second paragraph Wob. This concerns:

  1. international relations;
  2. economic or financial interests of the government;
  3. the investigation and prosecution of criminal offenses;
  4. inspection, control and supervision by administrative bodies;
  5. respect for privacy;
  6. the interest of an addressee in being the first to be able to take cognizance of information;
  7. the prevention of disproportionate favoring or disadvantaging the data subjects.

Presence of personal data

The presence of personal data is very important when publishing open data. After all, governments often collect massive amounts of data about people in the performance of their duties. The main rule of the Wob in conjunction with the AVG is that these data are not eligible for reuse.
Always ask yourself the following questions when asking whether the data contains personal data:

  1. What is the great importance of careful testing?
  2. What are the regulations in the Wob and the AVG?
  3. What is the term 'personal data'?
  4. What if privacy legislation applies?
  5. How to act?
  6. What if something went wrong?

Check the rights of third parties

Data has an owner. This can be a government organization or a non-government organization, such as a company. Rights to data often take the form of copyright and database rights, regulated in the Copyright Act and the Database Act respectively. Of course you must have the (rights to the) data. You cannot reuse data that you do not own. This violates the rights of third parties.
When it comes to rights of fellow government organizations, there are some special rules that deviate from the above. In short, this regulation means that if a government organization has not indicated when publishing the information that it wishes to reserve its rights, that information is free of rights and can therefore simply be released as open data.

If you want to make data available for reuse according to the open data philosophy, you must therefore ensure that no rights of third parties rest on the creation or acquisition of the data. If third parties are involved, this can be done by applying (standard) purchasing conditions that stipulate that all possible rights that arise in the context of the purchase become the property of the purchasing government. The current standard purchasing conditions for the central government contain such a clause. As a final lock on the door, it is of course advisable to check this aspect at the time of release for reuse.

Check market disruption

If there are market parties that produce and sell comparable datasets themselves, you have to check whether unfair competition arises because you make data available for free based on the open data philosophy.
According to the open data philosophy, government information must be made available for reuse to everyone, although it is 'as is', at least for a maximum of the provision costs and without any restrictions. However, if there is a market on which this or similar information is traded by market parties, this means that a very cheap or even free alternative becomes available to buyers on that market, so that customers can stay away from the market parties. It is therefore conceivable that a government body is held liable by a market party who argues that the implementation of the open data policy is unlawful towards him / her, because the conditions under which the government makes the data available to him / her are unlawful competition.

There has recently been a lot of movement around this area: new legislation has been introduced and the judge has made two very clear rulings. The reassuring conclusion is that a government that publishes open data is unlikely to be likely to distort competition.

Address expectations

The datasets that are made available have been collected in the exercise of the public task. These datasets may nevertheless contain errors, so that the contents of the datasets do not correspond to reality. This in itself is not reason enough not to publish the datasets, but it is important to address the expectations of the users. After all, there is a duty of care on the government to inform users about the datasets and to warn them if there may be deficiencies in the information.

It is therefore good to educate users about what they can and cannot expect from the datasets in the following two ways: by adding a base layer of meta information and by including a proclaimer.

A basic layer of meta information

A government body that provides data for reuse must first add a basic layer of metadata. By adding metadata, the re-user is able to better understand the context of the data and can identify any defects themselves. This base layer is also known as the DCAT standard.

Disclaimers and proclaimers

Various government organizations are attempting to rule out possible liability through the use of disclaimers. The question is whether this so-called exoneration always lasts. Certainly if the government is the only source from which the information can be obtained and especially if having the information is necessary for participation in legal transactions, sustainability is less likely. This includes, for example, information from the key registers that are deemed to contain the correct data and for which there is also a 'use obligation' within the government.

Bearing in mind the open data philosophy, there is more to be said for the valid use of a communication explaining what a re-user can expect from the data. These so-called proclaimers are increasingly popular, also in governmental land, and of course also come in many shapes and sizes, see for example those of the province of Brabant, municipality of Zwolle and the RIVM The distinction between the disclaimer and the proclaimer is mainly in the nature: where the disclaimer immediately firmly rejects all liability, the proclaimer has a much friendlier tone and aims to inform the user about the content of the information and at the same time also to his expectations. manage.

The shelf life of a proclaimer when opening data for reuse will increase if it is specifically aimed at the dataset in question, and is therefore not a general statement. Obviously, the statement can be tiered: there is a general proclaimer that applies to all data that is available for reuse and per dataset there is one proclaimer that refers to the basic layer of metadata in the individual datasets. In that metadata it can then be indicated in which context the data was collected, so that the re-user can base his thoughtfulness on defects on this.

The data is preferably made available under a CC-0 or public domain statement. This provides sufficient guarantee for reuse without restrictions. Optionally, a CC-BY license can be issued, in which the re-user is obliged to state the source holder of the data. In the case of CC-BY, it must be indicated how the name of the source holder to be used should be written.

What if something goes wrong?

If a re-user nevertheless believes that he has been wronged because the government has provided him with (allegedly incorrect) data, he can institute a so-called tort action in court. This is regulated in Article 162 of Book 6 of the Dutch Civil Code. He can argue that the government is liable for faulty open data.