Is Open Data compatible with the GDPR?

Open data is part of a trend considering that some information is public and of general interest. And that can lead to a lot of questions. Starting with its compatibility with the requirements of the General Data Protection Regulation (GDPR). A prima facie, the large volume of public data collected and the sanctions provided for by the RGPD are a priory total opposite. How is Open Data compatible with the GDPR? What are the rules for keeping this data open to the public? What are the impacts and benefits in the fight against fraud? Meelo gives you the ins and outs on this often misunderstood subject.

‍

Open data: exploitation of data, the legal framework

‍

An overview of this controversial concept (no controversies) is in order. Let's start with the basics: defining Open Data.

‍

This term refers to data made public by public or private organizations, which anyone can access, use, and share. Open data is defined through three essential criteria: availability, reuse, distribution and universal participation.

‍

In France, the sharing of information considered public was reinforced by the Lemaire law in France, for a “digital republic”. This law establishes the obligation for administrations to make public the data they hold. Big paradigm shift.

‍

Access to this open data is free of rights, as is their exploitation.

Open data is essentially based on interoperability. Data sharing, which is essential to derive social or economic benefits from the opening up of numerous sources of information to the public.

‍

This data must therefore allow different organizations and systems to work together by mixing their knowledge, using a common language.

‍

Open data concerns more and more sectors and there are more and more requests to “open” data. Today, documents such as court decisions or real estate transactions registered in France are published in Open Data.

‍

From now on, all the information generated and collected by the administrations must be made available to citizens. This data may for example refer to the execution of a public service, transport, or public procurement contracts.

Open data and personal data protection: state of play

‍

The GDPR defines in an extensive way what personal data is. This text is intended to protect personal data. It defines them as any information referring to an identified or identifiable natural person. That is to say, a natural person who can be identified, directly or indirectly, via one or more data such as a name, an identifier, a telephone number.

Applying the GDPR with open data

‍

The GDPR applies if:

Personal data is processed in the European Union

If the data is established outside the EU, but processes personal data in the context of the provision of goods or services to persons established in the EU or it analyzes the behavior of these persons.

Reconciling open data and GDPR: reality or wishful thinking?

What about open data and the RGPD in France?

‍

It may seem that open data is not really compatible with the legislative framework imposed by the GDPR for the processing of personal data.

Data anonymization

‍

Open data is not primarily about the protection of personal data. The new digital context means better taking into account the protection of privacy, both in terms of the provision of data and their reuse. This anonymization is a source of significant challenges and is in place to protect data from the privacy of users. But how is it used concretely in case studies?

RGPD, Open Data and the management of non-payment risks

Open data management at Meelo

‍

Meelo collects open data to enrich its analysis tools.

Only the public information necessary for the effectiveness of our risk and fraud analyses is collected.

‍

With respect to the personal data sent by the users of our solutions, Meelo makes a point of maintaining all the security measures necessary to protect this data.

‍

None of our users' data is stored unencrypted in our databases and they are regularly deleted after a certain period of time defined with our customers to guarantee the quality of our services.