Skip to content

Report of the Digital Government Review


An audit and a review

So far, there are no comments on this section. Jump to comments

If we are to consider data sharing as a national priority because of the potential benefits then we should treat it accordingly. Without a comprehensive review of data governance this is like modifying a train to go faster, but without improving its brakes. Eventually it will derail.

The review has considered whether we could recommend a clear approach and framework for handling data. We concluded that given the issues with trust; this would be inappropriate.

Instead we would recommend:

Recommendation 11

Priority: High

Set up a review into Data and Society to gather input from across society and to define a clear set of public interest principles to be adhered to by government and private sector data sharing and analytics projects

A cross-disciplinary team including lawyers, policy experts, research academics, individual citizens, ethicists and computer scientists should lead this review. The review should be well publicised and will actively engage input from across the country using both online and offline means. It should consider how to encapsulate the concept of ‘people owning their data’ in the principles, while recognizing that the term ‘people’ includes both individuals and wider society.

The review should engage with the big data, open data and privacy initiatives in the EU.

We recommend an initial report within 90 days of the start of the next government. The initial report should set out initial thoughts and committed timelines for the rest of the review.

Ultimately our review will produce:

  • Recommendations for a new legislative framework including appropriate legal action and remedies for the inevitable cases where failure occurs
  • Recommendations for further change in the EU data regime
  • A response to the American challenge of the Podesta review to set international agendas between trading blocs
  • Recommendations for a new oversight function to revamp or replace the Information Commissioner’s Office
  • A “polluter pays” principle to ensure the biggest data manipulators pay the costs of effective regulation to protect citizens
  • A clear set of public interest principles that can be used to guide future open data, data sharing and analytics initiatives. If an initiative is aligned with these principles, then the presumption should be for it to proceed
  • Recommendations for mediation and governance to ensure that data sharing initiatives aligned with the principles proceed and are regularly audited to ensure that they remain aligned with public interest principles
  • A clear set of guidelines for publicizing, building and operating new data sharing gateways. For example using open data to publish information about data sharing gateways allowing independent validation that data sharing via these gateways is operating in line with the principles
  • Recommended mechanisms, suitable for a 10-year timeframe, by which people can see and regain an appropriate measure of control over how their data is being used. These may include audit trails and usage reports [71], support for personal data stores [72] and data cooperatives [73], the ability to extra public sector-held personal data [74], guidelines for opt-in or opt-out consent, and the ability to both view and report issues with data [75].

Where possible we would expect most of the principles and outputs to be common across the public and private sectors.

This review will help unlock the benefits that data sharing and data analysis can bring. There are major benefits in areas such as healthcare, social care, police or education that are simply not being realized by the current uncoordinated approaches; and major battles over trust, accountability and participation to be won.

Recommendation 12

Priority: Medium

That a programme is immediately established to discover and publish as open data a list of all existing data sharing agreements in an accessible and understandable format

This programme should operate across all layers of government with the aim of ensuring that all cases of data sharing are discovered, whether in legislation or not, and that their owners and benefits are documented. The resulting data sharing register should be published as open data, maintained and accessible for people to read.

The register could be considered as an “amnesty” for all existing data sharing projects with the disclosure assisting understanding of the problem and improving public trust.

Case Study: The US Big Data and Privacy Review

Edward Snowden’s revelations on how Intelligence Agencies were acquiring and accessing increasing volumes of data on people’s communications and activities without their consent and without adequate oversight raised many concerns. On Jan 17 2014, President Obama announced that a broad 90-day review of big data and privacy, covering “how these technologies affect the way we live and the way we work — and how big data is being used by universities, the private sector, and the government”. Concurrent with this study, the President’s Council of Advisors for Science and Technology conducted a review of the technologies underpinning big data.

Podesta and his team of senior Administration officials consulted with a wide variety of stakeholders at numerous events and sought out public input on these issues. The review asked people to comment on their level of concern with various data practices and how much they trusted various institutions to keep their data safe and handle it responsible. It also asked more general questions on the challenges and opportunities presented by big data and new technologies. During the four weeks of public input, responses were collected from 24,092 individuals.

The published report: “Big Data: Seizing Opportunities, Preserving Values” identified five main areas where the Administration needed to focus attention, with a number of specific recommendations and actions under each:

  1. Preserving Privacy Values: Update legislation protecting citizen rights relating to personal information. Create a single national standard for data breaches. Work with international bodies to move towards global standards.
  2. Educating robustly and responsibly: Ensure data protection in education while encouraging innovation in learning. Update digital skills.
  3. Big data and discrimination: Ensure that big data is not used to unfairly discriminate, for example through automated differential pricing, and that particularly vulnerable groups are protected.
  4. Law Enforcement and security: Ensure that there is proper independent oversight of big data uses for law enforcement. Enhance protections against cyber security.
  5. Data as a public resource: All departments to investigate how they can share their data with the public for public benefit. Increase research into privacy enhancing technologies

“There is a huge opportunity to unlock the value of government data through better data analytics … Public trust is critical for success. An independent data ethics committee should be established with representation from stakeholders inside and outside of government, responsible for writing a Code for Responsible Analytics” – Large Company

[71] https://medconfidential.org/2014/what-is-a-data-usage-report/
[72] For example www.mydex.org, www.nymote.org or https://www.allfiled.com.
[73] A data cooperative might also be termed a data collective or data commons. http://opendatamanchester.org.uk/2014/09/20/open-data-cooperatives-synopsis/
[74] This would be a government equivalent of the Midata initiative with the private sector: https://www.gov.uk/government/policies/providing-better-information-and-protection-for-consumers/supporting-pages/personal-data. Some might call it “migovdata”. Such an initiative would require movement on standard data schemas but would allow people, for example, to extract all of their VAT information or medical records held by government for them to use as they choose. It would also support the personal data store market which may require open standards for personal data schema to truly flourish.
[75] This would also need to extend to cases where legal responsibility is more complex, for example families with children.

This page reformats automatically when printed. Print this section

Please note that comments left here are public - you can also make a private submission.

Your email address will not be published. Name, email address and comment are required fields. Please note we may moderate comments.