Here we go again. It has emerged this morning that the UK government has been consulting on plans to remove a host of legal constraints so that
departments and agencies can share the personal data of citizens with other public bodies. At present it is difficult for departments to link two or more disparate datasets together to discover underlying trends, thanks to legislation such as the Data Protection Act, which encourages a far more closed and private approach to personal information.
A Cabinet Office document, which was published earlier this year, has been discovered by the Daily Telegraph and claims that the government is planning an open policy making period, which could result in new legislation being brought through Parliament. It states:
People tend to assume that Government can share data between departments to complete simple tasks, and are surprised to learn that it cannot. Removing barriers to sharing or linking different datasets can help Government to design and implement evidence based policy, for example to tackle social mobility, assist economic growth and prevent crime.
This could be in the form of a permissive but constrained power to share data between defined public agencies for specified purposes such as the delivery or targeting of public services for individuals from specified groups. The aim would be that individual whose data is shared would benefit through, for example, improved outcomes in health, education or employment.
The document goes through a whole host of ways in which allowing departments to share information could make life easier (and cheaper) for government and UK citizens. For example, the Office for National Statistics could make more accurate estimates of GDP, policies could be developed to support young people by by 'identifying pathways to success' through the linking of education, employment, status and income data, and citizens could save money by linking data on energy use with property data. It is also thought that linking data could help deliver targeted crime prevention strategies.
One of the main drivers for the government is also likely to be that linking de-identified data between departments would make it much easier to target fraud, error and debt problems across the public sector. The document states:
The tax-payer is losing an estimated £37 billion to fraud, error and debt annually. Those committing fraud exploit the slowness of the system by changing tactics regularly. This leaves public authorities ‘playing catch-up’.
A more holistic view of an individual’s debt with Government can lead to better managed repayment, whilst relieving the pressure that mounting debt can place on those most at need.
The fraud, error and debt proposals could allow specified organisations to share any data for the purposes of the prevention, detection, investigation and pursuance of fraud, error and debt.
However, any plans being put forward will almost certainly be an uphill struggle for the Cabinet Office. Only a few weeks ago plans by NHS England to make anonymised medical data available for wider use was kicked into the long grass after a huge privacy backlash that saw campaigners successfully argue that putting huge amounts of NHS information into one database was a recipe for disaster. Although the arguments for and against care.data were nuanced and complex, the main point that emerged is that the general public just isn't that comfortable with having their personal information shared.
- The real cost of maintaining privacy when your data isn't private anymore (diginomica.com)
- Healthcare, data privacy and the need to DIY (diginomica.com)
- NHS data sold to consultants and uploaded to Google servers - Twitter explodes (diginomica.com)
The care.data programme hit a serious set back when NHS England itself admitted in a risk assessment of the programme that the sharing and linking of anonymised data could still result in patients being identified, if the data was linked with other publicly available datasets (a technique known as a jigsaw attack). The Cabinet Office will no doubt have to answer concerns about how it will make moves to limit the possibility of this for its own data sharing plans.Equally, data sharing plans across the pond in the United States have also been heavily criticised – where it recently emerged that the sharing of intelligence between the FBI, the Department of Homeland Security and local police departments was branded “organised chaos”. Although the criticisms were dismissed by the Department of Homeland Security, it was claimed by a damning report that the systems put in place were poorly organised and ultimately wasted time and resources. This begs the question, is there a workable model out there that is in use by a government and has proved to be successful?
At present the Cabinet Office's plans focus on a controlled process that would see departments that want to jointly analyse data, handing over the information to an accredited third party (which could include private firms), but is not allowed to be one of the data owners that are the source of the information. Data owners would be able to disclose “whatever type of data is necessary”, but once the data has been analysed the joint database could either be linked or destroyed. However, these plans are still in the early days and will face a whole host of public scrutiny before developing any further.
The document states:
We are acutely sensitive to the potential concerns of citizens and proposals need to be designed in a way that safeguards people’s privacy. We are keen to undertake an open policy making approach to this work through bringing together relevant parts of Government with stakeholders who have an interest in the use of data for delivering better public services.
The Cabinet Office is yet to reply to my request for comment.
The 'big data' benefits are obvious for the government and echo plans that have been developing in the private sector for years – for example, supermarkets and their loyalty card schemes probably mean that there are some retailers out there that know more about you than the government does. However, given that the government doesn't exactly have a stellar track record in protecting private information, there is no doubt that the privacy campaigners will be up in arms about the plans.
Also, in this post-Snowden world, any plans that involve governments handling your private information outside of what society has become accustomed to, will face extra scrutiny.
However, this doesn't mean that it shouldn't happen. There are tangible financial and social benefits to government departments sharing information witheach other and it would be a shame to let scare tactics get in the way of them. However, the government really does need to make this an open process and keep the general public and the media in the loop as much as possible – which is exactly what went wrong with care.data.
But given that all these plans emerged thanks to a national newspaper uncovering a government document, I'm not getting my hopes up that this will be the case. I am also aware that there are senior figures within the Cabinet Office that were pleased not to be associated with the NHS England plans, because they were seen to be too risky, so it will be interesting to see whether this actually has buy in from those working across government departments.
Also, the government needs to figure how to explain this to the general public in a way that makes sense for them. Going on about databases and data sharing isn't going to work – it needs to be explained in a way that makes it worthwhile for the average person on the street. For example, we barely think about the risks of signing up to a loyalty scheme with a supermarket because of the tangible benefits. Government need to figure out a way to make this a beneficial trade-off.