Not fit for Purpose: A critical analysis of the Five Safes


Abstract in English

Adopted by government agencies in Australia, New Zealand and the UK as policy instrument or as embodied into legislation, the Five Safes framework aims to manage risks of releasing data derived from personal information. Despite its popularity, the Five Safes has undergone little legal or technical critical analysis. We argue that the Fives Safes is fundamentally flawed: from being disconnected from existing legal protections and appropriation of notions of safety without providing any means to prefer strong technical measures, to viewing disclosure risk as static through time and not requiring repeat assessment. The Five Safes provides little confidence that resulting data sharing is performed using safety best practice or for purposes in service of public interest.

Download