UK.gov is about to fling your data at anyone who wants it. How? Why? Shut up, pleb
Encryption? Baddies use that for terrorism, we hear
Analysis The government is poised to legislate on how it intends to use your data for public services – but its woefully worded “data sharing” consultation suggests it hasn't learnt much from the ongoing controversies of Care.data.
Whitehall is due to publish a response to the consultation, set out in Better Use of Data - Consultation Paper, which recently closed following a two-year series of “open policy” meetings.
That will feed into the long-rumoured Digital Economy Bill and is expected to get a mention in the Queen's Speech next week.
It will create the governance framework for how mandarins share our information between government departments and with third parties, as well as setting out the security principles for using personal information.
Given the poor handling of Care.data and the continuing breakdown of public trust over the scheme – most recently the outcry over Google gaining access to health records via its Deep Mind project – one would have hoped the data sharing proposals would provide a much-needed governance framework.
Yet despite the lengthy discussions leading up to its publication, the document remains very vague when it comes to detail.
Sharing citizens' data is essential to build "a more prosperous society," according to Cabinet Office minister Matt Hancock in his foreword to the consultation (PDF). A fact seemingly so obvious to him that he didn't bother to explain why. Cost benefits were repeatedly mentioned as saving taxpayers’ money by streamlining processes, but lacked any further detail.
Certainly there has been no shortage of input. The consultation prompted an overwhelming number of responses from civil society groups since it opened at the end of last month. Originally 30 responses were expected; instead the consultation is understood to have received more than 280.
Yet the government has only allowed a very short window to analyse those concerns and respond to the findings. There has also been some serious criticism as to the wording of the questions.
One question reads:
Should the Government share information with non-public sector organisations as proposed for the sole purpose of providing assistance to citizens living in fuel poverty or for any other reason?
Should a government department be able to access birth details electronically for the purpose of providing a public service, e.g. an application for child benefit?
As Jerry Fishenden, the technologist and author of Digitizing Government notes, it is unclear how anyone can answer such questions with any meaning "given the absence of any description of how the system would work.
Nowhere is there a definition of data sharing. "The document is discursive and verbose when it needs to be analytical, evidence-based and precise," said Fishenden.
He continued: "Without these details being clearly defined, in either the paper or the draft illustrative clauses, the proposals to “data share” will expand the pool of people and organisations able to access citizens’ personal data. In an increasingly digital economy, expanding access to useful personal data is more likely to increase the risk of fraud, not reduce it."
In its submission to the consultation, the non-profit private Open Data Institute in its response said: "The data sharing proposals don’t clearly outline how data sharing with organisations and people outside government (who don’t qualify as ‘approved researchers’) might take place."
Ellen Broad, head of policy at the ODI, said the proposals are being presented as an overhaul of data sharing within government, but are in fact piecemeal:
The way the consultation is framed, the way the questions are framed, and the specific nature of the powers suggest there’s no coherent sense of the future government wants to get to. The proposals could end up adding more legal complexity, with inevitable mistakes and loopholes, rather than simplifying and improving what we have.
She added: "We have a window of opportunity to get data sharing right, in ways that enable policy makers to make better decisions and provide better experiences for citizens; help researchers and statisticians draw more informed conclusions; and give citizens trust in how government is handling their data. Without trust, data sharing reforms will continue to be limited and restrictive. Ethics, transparency and openness are going to be essential to unlock value from better data sharing in government."
Notably, the proposals do not comply with the government policy of citizens’ data being under their own control rather than civil servants, as Fishenden points out. He notes the absence of detail regarding security, with only one mention of encryption: "The absence of such details, they could effectively lead to these proposals becoming a fraudsters’ charter. Without such detail, the potential for more widespread and automated fraud and the compromising of potentially at risk people, such as vulnerable children, will be compounded."
Civil servants have a long history of treating our information as theirs. The danger is it goes beyond lackadaisical policy making: mandarins appear to be treating data sharing as something to be done to us rather than something we choose to engage in.
Citizens should be worried. ®
Sponsored: Becoming a Pragmatic Security Leader