How the canary fell off its perch down the privacy policy mine - and nobody cared

Gary Flood Profile picture for user gflood May 3, 2017
A public resignation letter from a saddened advisor suggests a push for policy has over-ridden caution. Will the government live to rue its Digital Economy Act speed to market as a result?


Rushed through, little thought given to the long-term consequences.

Based on unrealistic/rosy assumptions.

A triumph of government diktat over good advice and caution.

Brexit? Snap General Election? Calls for a second Scottish Independence vote?

No, what we're talking about is the freshly passed Digital Economy Act, given Royal Assent last week – and which has the potential to open up cans of worms that should give even the world's most unflappable man, David Davis,  pause for thought.

By the way, that's not us saying all this. Rather, we’re reflecting on a very tough blog post by Jerry Fishenden, immediate past co-chair of the Cabinet Office’s Privacy and Consumer Advocacy Group [PCAG], who resigned on Tuesday after nearly six years in his role as a leading government advisor.

Fishenden’s post laments the death at the heart of Whitehall of what he calls a very special ‘canary’ warning system to alert ministers and officials of dangers down the policy mine. This, he says, is what  his group was set up to function as, but over time those canary warnings have been taken less and less seriously...and everyone has a breaking point.

Specifically, this technologist of 30 years standing says that what is now on the statute book in the Act in terms of data sharing:

seems to me a classic example of what happens when the group’s advice and offers of help are repeatedly ignored by officials who should know better.

When policy objectives trump expert worries

To back up a bit here, he's alluding to Section (5) of the Act, which is all about sweeping away – as the government sees it – of decades of fuddy-duddy restrictions on the way the public sector can talk to itself about private, citizen-centric data.

This needs to be done,  we’ve been told, because it’s the only way to enable truly joined-up thinking, end siloed ways of working, stop Joe and Jean Service User having to enter his/her details over and over again. On the face of it that seems sensible, overdue and aimed at providing better ways to help the public – doubtless the motivation of the designers of the Digital Economy Bill (as was).

The problem is that commentators and stakeholders have, over and over again, said while that may the intention, changing established practice and smashing down data safeguards as much as this can also be interpreted as reckless and scary.

They're talking about the potential to share personal information across the public and private sectors for any purpose that’s in line with the government’s policy objectives.

Think Snooper’s Charter with go-faster stripes (although we have that as the law of the land too, of course).

For Fishenden, the fact that repeated warnings and requests for caution and dialogue around data sharing from experts (apologies for the forbidden term) in the public sector, business and cultural industries simply don’t have any impact or get taken at all seriously.

This brings him to one sad conclusion - there’s just no point in his Group any more:

I can only assume from this lack of engagement [by Cabinet Office Ministers] that PCAG’s canary function is either no longer understood, or no longer valued. If the group is no longer wanted – well, surely it would be much better all round if someone just said so openly?

What he means is that once upon a time he had a boss in the shape of the then Minister for the Cabinet Office Francis Maude who cared. But Maude is gone and his  legacy has been tarnished by his successors, says Fishenden, who simply aren’t interested enough in getting things right:

Part 5 of the Digital Economy Bill seems to me a classic example of what happens when [his Group’s] advice and offers of help are repeatedly ignored by officials who should know better. Worse, in the case of Part 5 the group was repeatedly misled and misinformed by the team that drafted the core of the proposals and the related ‘codes of practice’…

In Francis Maude’s day, the problems with Part 5 of the Digital Economy Bill and its associated codes of practice would have been highlighted and fixed with the help of the group, rather than causing Ministerial embarrassment and confusion when they were published in a disappointingly amateurish and technically-illiterate state.

Meanwhile, Matt Hancock, Minister of State for Digital and Culture, greets the Digital Economy Act as pretty much perfection itself:

The Act will enable major improvements in broadband rollout, better support for consumers, better protection for children on the Internet, and further transformation of government services.


A key has been thrown away

Whether he's right or wrong - and we have serious reservations, not for the first time -  this doesn't negate the fact that in the view of this serious political observer, something has gone very wrong at the centre of decision-making in terms of checks and balances.

Does this matter? Could there be a whiff of sour grapes here, a sense that not enough people take one’s annoyances and advice on board enough?

Well, such fingers may well be pointed, but as with other recent radical subventions of the status quo, there really is an open door now in front of a lot of sensitive personal information where there used to be a locked one.

Committed privacy activists say that Fishenden’s right to be concerned.Javier Ruiz, Policy Director, the Open Rights Group, told diginomica:

We completely share Jerry’s concerns: government engagement in digital policy is going downhill. We have also spent a lot of time discussing safeguards with the Cabinet Office, but most recommendations have been largely ignored. The data sharing provisions in the Digital Economy Bill promote a particular view of technology where more data will solve all kinds of problems, giving Ministers huge powers with not enough accountability.

Meanwhile David Evans, Director, Policy and Community, BCS, The Chartered Institute for IT, told me:

It is always a difficult path for Government to tread in balancing the competing needs of maintaining open dialogue, whilst at the same time, driving forward its own digital agenda. As a Fellow of the BCS, the Chartered Institute for IT, Jerry Fishenden has played a significant and important role in helping guide and shape the work of PCAG, and his contribution will be sorely missed. BCS underscores its willingness and commitment to work with Government to help navigate through these tricky and sometimes conflicting issues, making use of the expertise and wisdom of our Fellows, such as Jerry.

I suspect they are not alone in voicing such fears. For its part, the Cabinet Office says of Fishenden’s open resignation letter that:

Views from many groups, including the Privacy and Consumer Advisory Group, were taken into account when establishing the Digital Economy Act 2017.

The Cabinet Office also says that it is a matter of pubic record that the Government Digital Service (GDS) and PCAG met seven times in the past 12 months alone (minutes here).

Of course, that doesn’t actually address Fishenden’s specific charges. He doesn’t say in the blog that GDS ignored PCAG, but that GDS made “repeated attempts” to source a response on its behalf from the Minister for the Cabinet Office...and failed to get one.

The Cabinet Office says views from many groups were taken into account when the Bill was being drafted.

But the question is - were any of them listened to?

My take

This feels ominous. This feels like something’s broken here, and that ugly consequences will follow.

Even if you believe we’re in an era where we've all had enough of experts, if enough of them tell you your new ship doesn’t have enough lifeboats, well there's a Titanic lesson to be learned, surely?

Yes, make it easier to share data to power better digital services. We need them and that's a pragmatic objective for an age of digital government service delivery.

But putting in place policies with hugely long-term implications, while ignoring people who have spent their careers wrestling with tough problems like privacy and data protection? That's rash, careless – and possibly fatal to the objectives the policies set out to achieve.

Not for the first time, diginomica laments the loss of Lord Maude.


A grey colored placeholder image