Today ORG attended an important meeting between government and civil society groups to discuss Data Sharing across government.
The Cabinet Office has started an early pre-consultation process looking at removing barriers to sharing or linking different databases across government departments. The rationale is that this can help Government “design and implement evidence based policy, for example to tackle social mobility, assist economic growth and prevent crime”.
Open Policy Making
This engagement is part of the new “open government” approach, where groups such as ORG, Big Brother Watch, MedConfidential and No2ID are consulted very early in the process. This means that many things under discussion may never happen and it would be pointless to air them. This is quite unique, so ORG has agreed not to disclose detailed discussions until things take more shape, in order to allow for a safe space for frank discussions. There is a public paper outlining the proposals so far in the website DataSharing.org.uk and we have asked for more information to be published more often, including minutes of meetings and evidence presented. The process is open to anyone, and we certainly could do with more participation from civil society groups.
Concerns about Data Sharing
After the PR disaster around the release of medical information in the care.data programme, and more recently the sharing of tax data with private companies by HMRC, the government is acutely aware of the sensitivity of these proposals. And for good reason: connecting databases gives government officials a richer picture of an individual’s life. This is a clear interference with the right to privacy that must be shown to be necessary and proportionate.
Data sharing within government tends to be a complicated process involving lengthy legalities. Some of this friction may be unnecessary formality, but part of the friction is also a safeguard against abuses. There is a public interest in making government more efficient, but removing too many checks and balances could also remove basic protections.
Moving to an extreme sharing by default position could fundamentally transform the relationship between citizens and the state, almost as much as the introduction of a national ID card.
Some will argue that the prize is worth the risk. Underlying these proposals is an understanding that more and better data will automatically translate into better outcomes. But this is far from clear and we will be looking for detailed explanations of how exactly more data sharing will help and what exact changes are needed. The ideas considered so far include both new legislation and practical measures. New laws should only come into place when it's clear that the problem cannot be solved by simpler means.
But we don’t have to support the status quo either. From what we’ve heard so far, data sharing can clearly be improved. The whole thing is perceived as arcane by public employees who have not been trained on how data protection works. Nobody in government knows how many data sharing agreements there are in place, and streamlining the process could allow for more transparency and consistency. It could even lead to less data being shared but used more efficiently.
Data sharing should be based on a general principle of consent. This should be individual informed lawful consent if possible and applicable to the case, which clearly is not in areas such as taxes and criminal justice. Other cases will require a social consent, much like policing in the UK is based on consent. But this is complicated. Perceptions of privacy are context dependant. We must be careful not to assume that a willingness to share personal details in social media automatically translates into lower concerns about sharing of data on tax, health, education or social security. Privacy is also heavily dependant on exposure and direct experiences, such as media scandal or a close relative suffering identity theft. So what appears to be ok today may cause outrage tomorrow
Government Proposals for Data Sharing
There are three main strands covered by the current proposals, all the information is at http://datasharing.org.uk
1. Research and statistics
This strand brings together two distinct proposals that relate to existing policy development elsewhere:
Office for National Statistics (ONS) to access more data from public authorities
There has been a long consultation on the future of the census, which has recommended an end to the paper questionnaires, with a predominantly online census from 2021 supplemented by further use of administrative and survey data.
ONS would be receiving more data held by other parts of Government. The Statistics and Registration Services Act 2007 could be amended to authorise the disclosure of information held by public authorities to ONS for statistical purposes. The Cabinet Office argues that “information from HMRC, for example, could allow ONS to improve the quality and speed of estimates of GDP”.
Sharing of de- identified data for research
In many cases, research on Government and public body data is limited to the analysis of single data sets. A report by the Administrative Data Taskforce Improving Access for Research and Policy recommended a model of data sharing that allowed for cross-linked research on de-identified data.
The government has presented several examples where such research could be useful:
“identifying pathways to success, and barriers to social mobility by linking data on education, employment status and income. Improve energy efficiency and save citizens money by linking data on energy use with property data; Help deliver targeted crime prevention strategies.”
Improving evidence based policy and national statistics are worthy goals, but there should be proper safeguards against re-identification and a guarantee that any sharing will ultimately benefit the public.
Something we have learnt from the recent data sharing scandals is that taxpayers and users of the NHS don’t necessarily care about the technical details of how their identities are protected. They are angry about commercial entities profiting from their personal data - even if de-identified - and worried about negative consequences, such as hikes in insurance premiums.
Current proposals will need to address these very real concerns, which may fall outside the remit of privacy legislation. For example, using statistical data for targeted crime prevention strategies could easily turn into unfair profiling of sectors of the population, even if no individual is ever identified.
2. Tailored public services
The heading of “tailored services” is slightly confusing, as it would appear to relate to the delivery of personalised services to individuals already in receipt of benefits. But our understanding is that it includes mixing datasets to identify and refine target groups. This has completely different privacy implications.
The Cabinet Office defines the proposals very broadly new “powers to allow organisations to share data around specific groups of citizens who use multiple public services for the purposes of improving their health, education and employment”.
Examples presented by government include:
Data sharing between departments and local authorities to target energy efficiency measures and fuel poverty grants, reducing mortality rates and hospital admissions amongst vulnerable groups; Better identification of families requiring more assistance and targeting of services and support, reducing costs to government and delivering better outcomes for those most in need.
The idea is to create a framework for new data sharing channels that are flexible and broad enough to survive specific policy initiatives but narrow enough to be clearly focused on specific outcomes. But each new data sharing channel would still need to comply with data protection, so this flexibility should be limited.
For now we are exploring what a generic new instrument for data sharing would look like, and are trying to understand what are the existing frameworks and obstacles to sharing. Ultimately, the intrusiveness of a specific sharing arrangement will depend on the exact datasets and access involved in each proposal. This makes it very difficult to discuss a generic new "power" for data sharing.
The government is exploring safeguards with civil society, including “transparency of data shares so that the public are fully informed of the process”. But this is not enough. Transparency is important, and for ORG one of the best outcomes of this process would be clearer processes and some form of register of data sharing. But transparency is no substitute for protection against harms in the first place. In some cases, not sharing may be the best safeguard.
In our meetings we are also finding that many of the problems with data may not be directly related too a lack of sharing, but to implementation and use of data. For example, we heard complaints about file formats that could no be opened without specialist software. In other cases where sharing is an issue, we have heard complaints that the law in itself is not the problem. Clashes in the culture of departments and refusals to implement what is already legally available seem important issues that could be solved without creating a new "data sharing legal power".
There are many open questions on which agencies would be covered, and proposals need to be analysed individually to ensure that there is a need or benefit in data sharing. For some people, concerns about stigmatisation and potential profiling may not compensate any benefits that they would get by being included in a program. These people should have the choice not to be part of the process. This has been happening with free school meals, where many parents of eligible children prefer not to tell the schools.
By focusing on public services we are generally dealing with vulnerable groups. We have to be careful to avoid paternalistic attitudes that create a two tier system where some citizens have lower privacy protections than other based on socio-economic circumstances.
3. Fraud, error and debt (FED)
The government believes that data sharing would dramatically reduce the estimated £37 billion lost to FED each year. They describe the status quo as “an inconsistent patchwork quilt of legislation that is difficult and time-consuming to navigate”.
The idea is that new “permissive gateways” would allow for any new datasets need to be shared, but limit the organisations involved and purposes. This will have to include DWP and HMRC at least, but the idea seems to be quite a flexible and very ambitious system where
“any public authority or organisation providing services of a public nature on behalf of a public organisation could apply to join the lists of those who can share data for these purposes. The addition would be made by secondary legislation.”
Everyone has to contribute their fair share to the public finances, but these proposals have clear and huge privacy implications. We would hope to see well develop evidence of benefits to justify such intrusive system, and so far we have only seen projections of huge savings from limited pilot studies by the Cabinet Office’s FED Task Force.
We need to decide what level of FED, with a corresponding level of intrusion, we as a society are prepared to accept. Making FED completely disappear is virtually impossible without creating a totalitarian dystopia. Besides, a lot of tax money appears to be lost to legal avoidance schemes by companies and high net worth individuals. It is unclear how much these would be affected by a rewrite of the privacy rule book for ordinary citizens.
These proposals could have popular appeal. It is increasingly socially unacceptable to abuse social security benefits, although a lot less so to avoid paying the right amount of tax. But in any case, it is unclear how targeted this data sharing would be. It is very possible that the personal data of large groups of the population would be shared and processed to find out the minority of people defaulting the exchequer.
The special case of HMRC
Many of the above proposals involve data sharing from HMRC, and we believe that this should be dealt with separately. There is clear social concern after The Guardian published an article alerting of proposed changes to HMRC's statutes that allegedly would allow them to sell data to commercial companies. More than 300,000 people have signed petitions by ORG, 38 Degrees and SumofUs asking HMRC to reconsider.
While other ministries can share data under common law powers, HMRC is unique in its legal constraints to protect taxpayer confidentiality, as explained in their consultation documents for the proposed changes:
HMRC was created by the Commissioners for Revenue and Customs Act 2005 (CRCA). This legislation provides strong protection for the information that HMRC holds. HMRC officials are prohibited from sharing information except in the limited circumstances set out in the CRCA. This legislation enshrines the core principle of what is often described as ‘taxpayer confidentiality’.
The CRCA prohibition on disclosure applies to all of HMRC’s information including non-identifying (general, aggregate or anonymised) information as well as information on identifiable individuals or legal entities. As a result, it is arguable that for non-identifying information the current disclosure restrictions afford more protection than is necessary.
These fundamental changes should be properly discussed against concerns that private companies will access taxpayers’ data.
There could be some good reasons to share more HMRC data, for example aggregated postcodes of home and workplace of employees could be used to improve transport planning. And the gender pay gap is a lot smaller in Scandinavia where tax information is available. But it is not clear that all data sharing will have a public benefit. Selling such unique data to credit agencies and other big institutions will only entrench the asymmetry of information against citizens.
We need more people to help shape data sharing
ORG are coming into the process with an open mind and trying to influence the outcomes. We would love to be able to say that we helped create sensible proposals, but we will never endorse something that goes against our principles.
The pre-consultation process is open to anyone with an interest. At present this is largely civil society organisations, mainly focused on privacy, but we would encourage more people to join in. It would be particularly useful to have more participation from groups and individuals directly affected or working with the target groups - vulnerable families, NEETs, ex-offenders; experts in taxes and fraud, etc. Privacy advocates normally lack the detailed knowledge of these domains.
The meeting today marks the end of the initial round of the open policy making process. We will be discussing the results so far and our next steps as soon as the notes are published in the Data Sharing website.