Data Privacy, Ownership In Precision Agriculture
A friend recently brought to my attention the formation of a grower organization with the sole purpose of helping producers claim ownership of their agricultural information.
By coincidence, this organization presented its vision in the spring of this year at about the same time that a private contractor working with the National Security Agency fled the country and began leaking information about the inner workings of the agency. The actions of this single individual have brought the concerns of data privacy and ownership into the forefront of the nation’s consciousness. To a lesser, but no less significant degree for the agricultural industry, the new grower organization has brought the same concerns to the forefront of precision agriculture.
Data privacy and ownership have been topics of discussion in precision agriculture since the first global positioning system (GPS) began recording data geospatially more than 25 years ago. From that start and still today, the position of most public and private entities is that any data collected on a farm or any information about a farming operation is private and owned by a grower.
Furthermore, to the extent that a grower shares his or her data or information with permission, they are only to be used in a community analysis. The analogy of blood pressure is commonly used to explain this community sharing of data. In this analogy, an individual shares his or her blood pressure reading in order to calculate the average blood pressure of the community. By having an average reading, one individual can be judged as having blood pressure that is too high or too low relative to a representative, healthy community.
Average readings can be computed for different ages, gender, and weight classes to further narrow the community for judging the relative health of an individual. Since a single reading is lost in an average, the privacy of the individual is assured through the use of statistics.
There is no question that growers benefit by participating in community analyses. Through simple, statistical comparisons, a grower can become aware of the best hybrids to plant and when to plant them along with a selection of other favorable practices for their farming enterprise.
But with the recent sensor and machine-driven surge of “big data,” data privacy and ownership is once again in conversations. To further complicate matters, these collected data are being transferred over the Internet (in the cloud) and being aggregated by different companies for a variety of purposes.
Where To Start
So where does one begin to address the modern challenge of data privacy and ownership. A good start may be to look at the privacy policies of governments or companies.
One federal, privacy legislation which is cited by a number of sources is called the “Personal Information Protection and Electronic Documents Act or PIPEDA.” It was developed by the Canadian government for the private sector. PIPEDA outlines a code for protecting personal information in commercial activities. The code consists of 10 privacy principles, which may have application to the data privacy concerns in precision agriculture. Adding the word “data” in parentheses to the original wording for information, the principles could be applied to precision agriculture.
The 10 principles are: accountability; identifying purposes; consent; limiting collection; limiting use, disclosure and retention; accuracy; safeguards; openness; individual’s access; and challenging compliance. In a nutshell, the PIPEDA code requires an organization to designate a responsible individual to oversee an organization’s compliance to the principles.
The information (data), itself, must be used for the purposes intended and with the consent of the owner. The use, disclosure and retention of collected information (data) must be limited to the stated purposes. The information (data) must be accurate and protected with safeguards so as not be distributed or used beyond the stated purposes. The owner of the information (data) must have access to his or her information (data) and must be informed of its existence, use, and disclosure. Lastly, the owner has the right to challenge a company’s compliance by complaining to the designated individual responsible for compliance.
The 10 principles in the PIPEDA code address privacy, as there is still the concern about the ownership of data and information. Historically, ownership was synonymous with possession. If a person materially possessed something, then he or she owned that something. Possession is pretty straight forward. A person can hold on to something or lock it up. Problems arise when a person wants to share that something with someone else.
The act of sharing raises the question of control. This is especially true in commerce where an individual markets an invention or creative work. In making a sale, the owner does not relinquish control as evidenced by a patent or copyright. However, by exposing an invention or creative work to the public, the owner runs the risk of illegal use or, worse, duplication and redistribution.
In the case of precision agriculture, the something of ownership is grower data and information about operations. Unlike material things, data and information are bits and bytes travelling physically over wires or electromagnetically through airwaves. They are very hard to control since their use is dependent on third-party infrastructure and software. Add in unscrupulous individuals and ubiquitous hackers, data and information are nearly impossible to control. Clearly, if ownership is lost in the “cyber” world, then there is the risk that privacy could also be compromised.
Automation Clouds The Picture
The dilemma facing growers today is that more and more data and information are being generated by machines, sensors, and other devices on their farms. Control of these generated data and information is virtually impossible unless a grower does not want to communicate with the outside world. But the outside world offers numerous services to help analyze and interpret his or her locally, collected data.
Since a grower, especially one of a younger generation, wants to be connected to the cyber world, the easiest solution is to find a trusted partner, be it a grower organization as mentioned earlier or a company. That trusted partner must demonstrate adherence to the privacy principles and respect ownership rights. Any effort made by a grower to protect data and ensure the privacy of information outside of some sort of partnership will end up being a full time job leaving little time for farming.
The line between what data and information a grower is willing to share and a company is allowed to use will keep vacillating in the future. There are no easy solutions. Growers need to be vigilant in the management and protection of their data and information and be knowledgeable about the purposes and practices of other individuals and companies with whom they are sharing that data and information.