UK data - the need to build trust and maintain alliances

How can we improve the use of data across the UK economy? In a country gripped by crisis after self-inflicted crisis, the question might raise a few eyebrows: do some organizations pay attention to data at all? some might ask.

But for most of us the question has hard edges: we live in a data economy, yet data scientists and analysts are in short supply. The UK wants to be a science, quantum, and AI "superpower", but despite deep expertise and entrepreneurship, relevant workforce skills are thin on the ground. 

Britain understands the potential of automation, robotics, smart systems, edge computing, and the IoT - all technologies that rely on a seamless flow of data - yet it has one of the least automated major economies.

The government has new strategies and investment programmes in place in many of these areas, and yet has undone previous good work by junking the Industrial Strategy - largely for party-political reasons (the Prime Minister's dislike of his predecessors).

Meanwhile, there are barriers to data sharing itself: much is proprietary and/or in silos, and regulations are stringent to protect citizens from Big Tech commercialization. Any move to abandon GDPR/the Data Protection Act 2018 to unleash hoped-for growth may cause at least as many problems as it solves, leaving the UK further isolated - more on that below. Major research programmes also demand international alliances, something the UK finds itself short of since Brexit.

Andrew Cameron, Leader Data & Analytics in Assurance, Commercial and the Public Sector at PricewaterhouseCoopers (PwC), concurs with some of this assessment. Speaking at a Westminster eForum on improving the UK's response to data opportunity, he said:

There's huge potential in that economy and a massive amount that we can unlock from the data that we store today and will continue to collect. Trouble is, questions of why, how, and if are tremendously data hungry and they require us to have the skills, the capabilities, the regulations to bring together broad datasets in new and novel ways.

We still hold a lot of data in silos. There's still lots of poor quality or a lack of standards out there. And in a lot of cases, we either don't have the skills, or fully understand the potential that sits in front of us. And for us, unlocking these issues is the key to getting real value from the data economy.

He added:

A significant majority of executives believe that their competitive standing and the future of their businesses depend on the ability to be able to trust and make good use of data.

A fair exchange

The word ‘trust' was used a lot at this Westminster conference, at a time when public faith in the UK public sector is spiraling downwards. If trust and openness are the foundations of the data economy, then the government must do much, much better to restore them.

Fedelma Good is Director of PwC and took part in a two-person panel with her colleague, in which they interviewed each other and agreed on everything. Who says Westminster is just an open door to expensive consultants! She said:

We need to consider how the work of governments and regulators can be better knitted together to keep people's trust - with a capital T - in data-driven innovation. But for me it's the issue about over regulation which could potentially halt the fast march forward.

If we can say that the pandemic has delivered anything positive, it has evidenced the powerful role that data can play. The use of data for the common good is making sense now to most people. A government survey run earlier this year revealed that 79% of adults said that they would share some of their medical data to help develop new medicines or treatments.

Data used in the right way has value for everybody. Eighty-seven percent of consumers [in a PwC survey] said they would take their business elsewhere if they didn't think that a company was handling their data responsibly. I'm a privacy specialist, so personal data is at the heart of what I do. But when we talk about the data economy, the data we're talking about is far wider than just personal data, so I think the word trust also needs to be considered from a wider perspective.

For instance, we have to have trust in the information published in a company's annual reports. We need to have trust in government unemployment figures and Covid statistics. All this is encapsulated in how the Open Data Institute [ODI] expresses its objective: a world where data works for everyone. I'm not sure that you can encompass it more succinctly than that. So, if it's going to work for everyone, how can we make the issue of data exchange fair?

A good question at a time when social platform users have been turned into the main product of some US corporations, yet much of what those platforms give in return is echo chambers full of advertising noise, which encourage us to go further and deeper into them.

Under the current Prime Minister (Boris Johnson at the time of writing), the UK government has signaled that it wants regulators to toe the party line, while playing a more commercial and enabling role - and perhaps a less punitive one on corporate failures. It is also encouraging greater discussion and joint policymaking between regulators, like a big Christmas knees-up to which the public has not been invited.

Does PwC have any concerns about, for example, the Information Commissioner's Office (ICO) being asked to support corporate innovation - a shift of focus away from protecting consumers from incursions into their private data? Good said:

The ICO's response to [DCMS' consultation] Data: A New Direction encompasses a fair response to that.

But I would be concerned about the response that would arise from Europe if we took a route that was, shall we say, not parallel to some of the provisions and considerations and reflective of the direction of travel in Europe. But I also don't think that we should necessarily be emulating every practice and principle that they set out.

Good was referring to the government's oft-stated intention - enshrined in Brexit - to strike out away from Europe. Grumbles about GDPR have been constant in Whitehall, despite the global direction of travel being towards Europe-style data privacy laws. No10 wants to tear up all that red tape - which, ironically, has vastly increased for exporting/importing British businesses this year.

The devil's in the detail

While no one thinks that GDPR is perfect, the risks from the UK deciding, hypothetically, that it wants to tear up its principles or provisions cannot be overstated. While such a move would please Eurosceptics and nationalists, it could fatally undermine the UK's data adequacy agreement with the EU.

That would be disastrous, as roughly 80% of UK organizations (including corporations, government departments, banks, charities, universities, and the NHS) host, process, or store data in the EU, or transfer data to/from it. Why? Because ‘the cloud' doesn't exist.

The reality of Silicon Valley's favorite marketing confection is data centers built on land under local laws, and most of them are in the EU for UK users. No data adequacy means no access to organizations' own data if it's held within EU borders. Does the government understand that? Sadly, we can't say that with any certainty.

Good added:

But for me, the ICO, to be successful, needs to be - and remain - as independent as possible.

That will be music to the ears of outgoing Information Commissioner Elizabeth Denham. In October she wrote of the consultation process launched by the Department for Digital, Culture, Media and (for some reason also) Sport (DCMS):

As the proposals are developed, the devil will be in the detail. It will be important that government ensures the final package of reforms clearly maintain rights for individuals, minimizes burdens for business, and safeguard the independence of the regulator.

The energy powering these new technologies is our data: about our behavior, our interests, our spending patterns, our loves and likes, our beliefs, our health, sometimes even our DNA - the very building blocks that make us who we are.

The economic and societal benefits of this digital growth are only possible through earning and maintaining people's trust and their willing participation in how their data is used. Data-driven innovations rely on people being willing to share their data. ICO research shows that people who have heard about a data breach have lower levels of trust and confidence in all organisations using their data.

We need a legislative framework with people at its heart and I am pleased to see the consultation recognise the importance of maintaining and building public trust. It is crucial we continue to see the opportunities of digital innovation and the maintaining of high data protection standards as joint drivers of economic growth.

Innovation is enabled, not threatened, by high data protection standards, she wrote, adding:

I support the intention of the proposals to make innovation easier for organisations. I agree there are ways in which the legislation can be changed to make it simpler for companies to do the right thing when it comes to our data.

Perhaps most notably, it is vital that the inevitable regulatory and administrative obligations of legal compliance are proportionate to the risk an organisation's data processing activities represent. That means finding proportionate ways for organisations to demonstrate their accountability for how they collect, store, use, and share our data. They must ensure data is safe and is not used in ways that might cause harm. And they must ensure that all people are able to exercise rights over their personal data.

An independent regulator assures the public of their protections. To ensure high standards are met, and that people have the trust and confidence to contribute positively to the digital economy, the UK needs a strong, effective regulator.

My take

It's hard not to read that as a parting shot across the bows of HMS UK, as she sails into the future. Is No 10 plotting a coherent course ahead, with a destination in mind and all passengers onboard? Or is it merely all at sea? Answers on a postcard, please.