Data will be an ever more valuable resource in the future, allowing business and governments to be dramatically more productive. But it is also deeply contested: as people’s digital and physical lives become increasingly entwined, data privacy will be accelerated on its course from being a niche concern to a mainstream political issue.
How can society strike a balance between data-driven innovation and data protection? If the balance is tipped, then either innovation will be stifled, or people’s privacy could be compromised.
Our recommendations
1. The coming European Data Protection Regulation is the most important piece of law that no-one has heard of. It will potentially define the data landscape for a decade. It is vital that the public is fully aware of its significance, and a national conversation should be instigated
Government should take measures to make it clear to the public what trade-offs are being made, and what the proposed new set of rights and responsibilities will mean in practice.
More generally, Government should begin a 12-month enquiry, based on a citizens’ jury, looking at how to make the most of data while safeguarding people’s interests.
2. Many businesses have extremely high standards in the management of personal data, but there is currently no way for them to signify to customers that they are going above and beyond the requirements of the Data Protection Act.
Government should develop a ‘gold standard’ framework so that businesses are able to demonstrate where they go above and beyond. The gold standard could be as simple as ‘We will never share any of your data with anyone unless you explicitly instruct us to’.
3. Government is held back from making most use out of the data it holds because of uncertainty about how best to work with datasets that contain personal data. This is a developing field – there is no perfect form of anonymisation, and no perfect solution to working with aggregated personal data.
Government should work with the UK Anonymisation Network to identify the best methodologies for working with aggregated personal data. Examples of good practice, such as the Ministry of Justice Data Lab, should be replicated or potentially turned into a cross departmental Data Lab.
Civil servants should receive consistent and up to date training about what the Data Protection Act requires of them. Where knowledge is partial, unnecessary fear of breaching the Act can get in the way of socially valuable use cases.
4. Skills for data analysis are one of the top priorities for the UK today. Much has been done already, but current measures should be taken further.