I'm an advocate for open data - both in my professional role and in a personal capacity. One of the hard things is succinctly explaining that "open data" means "non-personally identifiable data at a sufficient granularity to be useful without proving a risk to any individual's (or group's) reasonable expectations of privacy while still being useful to researchers and civic society." What a mouthful!
So, the NHS releasing the number of times a doctors' surgery has prescribed Paracetamoxyfrusebendroneomycin is probably OK - unless it is only ever recommended for one-legged Welshmen over the age of 60, and you're the only person in the catchment area who meets that description.
I've found a semi-open data set which make me slightly nervous.
In the UK, you can change your gas and electricity supplier. There are hundreds of different gas suppliers. Which one supplies your home?
Type in your postcode and house number, tick a couple of boxes, and promise that you are who you say you are:
And then you can see your gas supplier and Meter Point Administration Number.
This isn't, technically, open data. The licencing terms are restrictive, there's no complete dataset available, and no public API. But it is open for anyone to view. There's nothing stopping you typing in a neighbour's address, or a stranger's address.
I'm not sure if my commercial relationship with a supplier is personal data and should be protected. It feels personal.
There's a risk someone could use it in a phishing attempt. Telephoning me and claiming to be my supplier could be a good way to get me to hand over money or other information.
If I work for Energy Supplier X but get my gas from their rival, that could be embarrassing.
Could someone call my energy supplier and claim to be me? Would they be able to socially engineer any more data out of them?
There are lots of niche suppliers. I'm not aware of any which are, for example, marketed exclusively at LGBT+ customers. But I'm sure someone more nefarious than me could find something that a customer might be uncomfortable being revealed.
Is this too remote a risk? All I can say is that I find it kinda creepy that anyone could look up my details, and I kinda worry about how they could use that information against me.
There's a good reason why this dataset is available in the sort-of open. When you move house, you may not know who the energy supplier is. Finding out the supplier means you can quickly get set up and be billed correctly.
Similarly, the UK has an open database for Car Tax and MOTs (car safety certificates). Type in any car's registration plate, and you can see if its tax is up-to-date and what it failed its last MOT for. Again, useful if you're buying a vehicle. But also handy if you're a nosy neighbour.
In Norway, you can look up anyone's salary and see how much tax they paid. Sounds like fun! But is it a win for open data? Perhaps, but because it encouraged snooping and other unhealthy behaviour, people now have to log in using their national ID number. You can't be anonymous while you search.
As the Norwegian website says:
You can also check if someone has searched for you. If you search for anyone, they can see that you did.
In the UK, we don't have a National ID scheme. So we can't have something like that. Perhaps it would put off illegitimate users of your gas data? Or perhaps it would be intimidating to see just who'd looked up your details?
Open Data is hard. It's hard to strike a balance between useful and creepy. I don't know where the balance is with this data set.