The Cabinet Office is consulting on new legislation to extend data sharing across government. Here we set out our overall approach and main areas of concern with the proposals.
The Cabinet Office is embarked on an attempt to redesign public administration, a new digital revolution led by a belief in the power of data to solve every problem. We’ve often heard arguments that if Google can do this or that, why can’t the government. This needs some pause. At ORG we also believe that we are at the gates of a data revolution, but unless we put people squarely at the helm this may not lead to the positive outcomes data evangelists expect.
There is currently a public consultation on proposals to extend data sharing across government as part of this new drive. It concentrates on three relatively limited areas - essentially, research, fraud investigations and a more concerning area of identifying people in need of specific help or services. This is a highly sensitive area for privacy campaigners and ORG has spent a lot of time on this. We feel we need to explain in detail the process and our position in order to avoid misunderstandings.
The government wants to legislate to create several frameworks that would make data sharing agreements between public bodies - and a few private entities - easier and faster. Some of those agreements can take over two years to establish and involve considerable time and effort from lawyers. It must be stressed that data sharing already takes place and government could simply choose to follow current procedures to create all the data transfers involved in this legislation.
Our instinctive response as privacy advocates is that removing friction and barriers could also remove controls and enable the proliferation of invasive databases. For example, removing the need for Parliament to approve new data flows - a key plank of the proposals - speeds up the process considerably. It also removes public accountability. The government's approach has been to narrow the scope while introducing safeguards that they claim should provide equivalent protections against abuse, without creating unnecessary bureaucratic burdens.
The current proposals relate to quite specific areas: fraud, debt, improving research and statistics and profiling for the delivery of beneficial public services. These carry various degrees of risk, which we discuss in more detail below.
The critical question in this process is whether it is possible to have agile and fast data flows within government to quickly match policy developments while providing adequate protections and avoiding a free for all.
These proposals have been discussed for two years as part of a groundbreaking Open Policy Making process, where civil society and civil servants have collaborated to try to achieve the highest level of consensus possible. We must stress that the process did not aim to achieve full and absolute consensus and we have disagreements and criticisms. We know that despite our best efforts the end result will not be exactly what we would have liked.
We remain positive about the engagement though, as it has sharpened our capacity to constructively intervene in policy making, and many details in the proposals have been improved. We expect that wider scrutiny under the consultation will find loopholes we may have missed.
As many of our specific objections and concerns have already been dealt with, this makes it all the more important to explain very clearly our remaining reservations about the overall approach and specific areas.
One difficult issue for us throughout the process has been to focus our engagement on privacy and data aspects, not straying too far from our core issues. At the same time, as part of civil society representing a public interest position, we've had to raise broader points on the fairness of the underlying policies. Where possible we've brought along other organisations with expertise in particular areas such as debt.
ORG’s minimal criteria are that data sharing agreements should not lead to a widespread intrusion on people’s privacy; should be proportionate, limited in scope and enshrine fundamental rights; and carry strong safeguards against wilful abuse and unintended consequences.
It would be fair to say that these aspects have been taken very seriously by the Cabinet Office team and particularly the scope of proposals has been tightened. We are concerned however that in cases safeguards are placed in codes of practice, which are no substitute for primary legislation.
One concern around safeguards is the tendency throughout the process to see compliance with data protection laws as a safeguard. We have stressed that this is not necessarily the case. This is particularly problematic with the new EU General Data Protection Regulation (GDPR), which is set to replace the Data Protection Act as the backbone of privacy protections in the UK. The recently approved GDPR is a much needed update and an overall improvement, but during a long and convoluted negotiation process European governments carved out many exceptions in the GDPR that give public administrations plenty of room to manoeuvre around privacy restrictions. Data sharing legislation needs to provide specific safeguards closing any potential loopholes.
More proactively, ORG engaged in this process as an opportunity to consider the expectations and relationships between citizens and government. Putting citizens at the centre of a new data-driven administration should include devolving much higher levels of control to individuals. It is disappointing that these aspects have not been explored.
Where devolving control is not possible - e.g. taxation or justice - new information governance models need to accompany any increase in data sharing. We have concerns that simply creating a legal powers without a shift on how we see personal information could end up taking us to widespread data sharing without any consent. ORG members know better than most that data and technology can save lives, but we also know that mistaken, even if well meaning, decisions based on bad data can ruin lives. The Cabinet Office seems to have focussed on the former.
At the very least this legislative drive could be an opportunity to streamline the vast number of data gateways currently in existence and improve transparency. Where the Cabinet Office sees an administration hamstrung by restrictive privacy regulations, we refer them back to the Joseph Rowntree sponsored report from 2009, which found large numbers of government databases had problems and some may well be in breach of human rights laws.
The proposals contain some improvements on transparency, and a rationalisation of data flows has been a subtext to much of the discussions, but we believe these are not enough. We would like to see mandatory central registers of data transfers and the closure of “zombie” sharing agreements when new ones are started. Use it or lose it sunset clauses should become the norm in any new data agreement.
Accountability is also paramount. If Parliament is not to have a role in authorising data sharing we need to have mechanisms for challenging any new agreements without the need to go to court for a judicial review.
Increasing data sharing may bring some improvements to government efficiency and the quality of public policy, but the case for these positive outcomes, given the other costs, must be clearly made. The government must demonstrate that new legislation removing obstacles to data sharing will deliver improvements. Our perception during discussions was that in some cases civil servants were under pressure to come up with positive case studies after a decision that data sharing must be good had already been reached somewhere higher up. Throughout the discussions we also found a healthy scepticism among some civil servants, who believed that there were other issues that would need to be tackled, such as technical capacity and organisational culture.
We will go in more detail in our response to the consultation but here we want to give a quick summary of our views on the concrete proposals included in the legislation.
The proposals around research and statistics are the least problematic from our perspective. If the safeguards proposed are applied properly sharing data for these purposes could lead to better policies and insights without causing excessive privacy intrusions.
The proposals on fraud are sensitive because there is a thin line separating it from errors. Indeed, during the discussions with the Cabinet Office we looked at the use of data to reduce administrative errors and prevent fraud as part of the same processes.
Fraud investigations can be a legitimate use of data, if done narrowly and proportionately and does not involve wholesale data matching. A key issue is who makes this judgement, can how it be challenged. There should be sufficient transparency to ensure that Judicial Review is possible. Is the ICO providing oversight?
This and other strands must also demonstrate that the sharing is working: is the privacy intrusion reducing fraud? Is the sharing targeted, or can broad searches be further narrowed? During the discussions this area was going to be tested in pilot projects and we think that is the best approach.
The third strand on profiling for public services is where we see very high risks. There are dangers of discrimination, stigma, and risk aversion leading to oversensitive reactions.
We spent a long time trying to ensure that the proposals were narrowed to only cover positive interventions, eg to identify people who are low income who could benefit from government subsidies. Interventions need to be defined very tightly. Absolutely they must not include punitive elements. There is always the danger that targeted benefits are used to withdraw generalised benefits, or reduce the pool of beneficiaries.
Even with best intentions people can be stigmatised or may simply not wish to participate. Individuals need to be able to opt out from participation and profiling as much as possible.
One common thread is the central role of HMRC's data, with many of the provisions in the proposals designed to remove statutory limitations on access. The wider implications of these changes should be debated more widely.
In particular, two proposals have been brought into the process very late. These are very controversial, and go against the grain of the process, which was designed to find the areas where agreement could be found.
We are particularly worried about proposals to share data on debt that were removed and then brought back at the end of the Open Policy Making process. The proposals to enable widespread data sharing to tackle government debt have not been supported by a clear case, and could have huge implications for vulnerable people facing economic hardship. Creating a “single view of debtors” requires a broader strategy on public debt management that is currently missing. As such we think it would be best to leave these proposals out of the current process and take more time to consider the issue of debt as a whole, not just the data angle.
Another last minute addition is the plan for the sharing across government of data from the General Registry Office, who hold certificates for births, deaths and marriages. We have concerns about proposals for bulk sharing of the whole registry database across government to improve identification. Despite repeated reassurance from government to the contrary, the sharing of these common identifiers across government has a whiff of ID Cards lite.
The best person to make data sharing decisions for the citizen is the citizen. We can see the case for making it easier to for citizens to send certificates electronically instead of having to apply and send a paper copy by post. It is the sharing of data in bulk outside of a consent framework that is a concern. In cases where bulk registry data might be useful, such as fraud prevention, specific agreements should be explicitly mandated by Parliament, instead of creating a broad power.
In any case, bringing such proposals into this process late runs against the spirit and intention of the open policy process. Government should remove them, if only to retain the credibility of future processes. If they are retained, then civil society will take note, and be far less willing to engage in such processes in the future. There is, in short, an element of good faith which is being sacrificed here.
We have prepared a tool to help you respond to the consultation. Responses should be send by Friday 22/04/2016.