top | item 29107889

(no title)

urvader | 4 years ago

(I am Christian Landgren, cofounder of the project)

You are right, the city believes they have ownership of the data, mainly because they fail to understand that they aren’t showing data in an app, but rather publishing data in an API. In Swedish law, once you have released data from a government, the receiver have the right to do whatever they want with the that data (as long as it isn’t violating any other laws).

The city in this case is responsible to check that the data is safe to share publicly and once they have- the data is not theirs. This is regulated in the constitutional law regulating free speech which goes back to year 1766.

This means that they can’t really apply the same logic as a private company can when publishing data in their api. A private company can still keep license over what can be done with the data they publish. A city can not do that because of these constitutional laws.

discuss

908B64B197|4 years ago

> You are right, the city believes they have ownership of the data, mainly because they fail to understand that they aren’t showing data in an app, but rather publishing data in an API.

Christian, it's not about the data and has never been. The data is a legal tool they are using.

The municipal administration is trying to save face. It's layers and layers of non-technical bureaucrats who have to justify their salaries.

A few talented software engineers running in circles around some multi-million dollar contract they gave to a large offshored operations with probably close to a hundred individual programmers doesn't look good for them at all.

taylodl|4 years ago

That's an interesting angle - the government published the data via an API and therefore the data is now public and so as a result these other laws you mention come into play. Fascinating! Please keep us posted as to how this progresses.

tofflos|4 years ago

The act of publishing has little to do with it. Sweden is open by default and the government has to provide public access to official documents to anyone and everyone - including foreign nationals.

> The principle of public access to official documents serves as a guarantee for transparency in the work of the Riksdag, the Government and the public authorities. The principle is set out in the Freedom of the Press Act, which is one of Sweden's fundamental laws, and means that everyone is entitled to access official documents.

> Everyone is entitled to contact a public authority and request a copy of an official document. Anyone requesting access to an official document does not need to provide their name or any details of how the document will be used.

The government can opt-in to secrecy.

> The Public Access to Information and Secrecy Act contains provisions on secrecy to protect public interests, for example, national security. It also contains provisions on secrecy to protect individuals’ personal or financial circumstances.

Source: https://www.riksdagen.se/en/how-the-riksdag-works/the-riksda...

theptip|4 years ago

Is there any way to write an app that doesn’t “publish the data” by this definition? It seems like publishing was not their intent, and furthermore they were not legally allowed to “publish” personal data.

For example if their system includes an app that lets you see your students grades and disciplinary issues, presumably you would not want that published. Is it simply impossible to build an app with such data in Sweden now as it would be “published”?

Edited to add: and just to be clear, I am fully supportive of this use case. Just trying to understand the restrictions better.

tofflos|4 years ago

No, because applications, publishing and intent doesn't factor in.

Student grades and disciplinary issues become official documents as soon as the teacher documents them regardless of form (i.e. paper, audio recording, IT-system, etc). The school is then obligated to provide those official documents to anyone upon request.

The school could argue that this information should be kept secret but student grades are not explicitly protected by law and it has already been established that this type of information is in fact public. I don't know about disciplinary issues but interactions with social services and psychologists are explicitly protected by law.

The Swedish government has always been obligated to make information accessible to humans and with new regulation regarding Open data and Digital government that obligation has increased to also make information accessible to machines. Attempting to create an application that makes this difficult would be misconduct - the Swedish government is obligated to provide APIs.

bjourne|4 years ago

There may be some terminology confusion at play. The data may be an "offentlig handling" ("public document"). Christian's argument is that since the data is a "public document" it can be published through his app. That argument is correct at least as long as he has an "utgivningsbevis" ("letter of publishing rights"?). However, it doesn't follow that the way his app is accessing the data is lawful. You may go to a bank and withdraw your savings but you may not break into a bank and physically take your savings.

Grades are "public documents" in all schools in Sweden. With other things like disciplinary issues it varies depending on whether the school is run by the government or a private company.

scoot|4 years ago

Hi, congrats on the app. I was curious about one thing in the article - why would the city pay to license the app when it is open source? Do you anticipate that this would be cheaper for them than them paying one of their overpriced contractors to build and publish an "official" version, given how much they spent on a CRUD app?

urvader|4 years ago

Thanks!

Well we have already made the source code open and free and also encouraged the city to release an app with our source code as base. They weren’t interested in that. They would rather license the app, support and maintenance to us. We have quoted a fixed sum per month for that service and we plan to use that money to reimburse everyone sending PR:s we merge.

edenstrom|4 years ago

Swede here. This is just a guess, but I think it's the illusion of control. Too much negative press about the conflict, and this is their attempt at controlling the narrative and "taking responsibility". We'll see what the future holds.

Zaephyr|4 years ago

Well done! Both for the app and seeing the fight through. All of us would be lucky to have people as dedicated as you and your team in our cities.

bjourne|4 years ago

But there is no API here. The article makes it clear that you were intercepting client-server communication not meant to be used by third parties in order to write your own client. That it could be used as an API doesn't matter since the intent wasn't to create an API.

I could do the same thing and write an app for, say, the tax agency by scraping its website but it would be a legal gray area.

toolz|4 years ago

I'm not sure I follow why that would matter. Their constitution says once data has been released, it is no longer their property (because it's a public institution). They created a way to access the data, so the data has been released to the parents and so the data now belongs to the parents. The parents own the data and as such it would seem to follow they can access it anyway they want.

titusjohnson|4 years ago

There is clearly an API in play here. The article mentions it numerous times. The client app has to use an API to get its data, that's a downside of deploying a SPA. You need to make an API for it to get data from.

If you don't want to make an API that exposes raw data just write a SSR app. If you want to deploy a SPA, well, you have to deploy an API as well and you need to plan around the fact that when you throw an API out into the wild and authorize people to use it (by handing out auth tokens), well, people are gonna use it.

Fiahil|4 years ago

A website is an API (poorly designed).

The only way to not make an API out of publicly available data, is to encrypt it. Then nobody can read it unless they have the right keys.

unknown|4 years ago

[deleted]