UK agency calls for "social contract" on data sharing

The UK's Centre for Data Ethics and Innovation (CDEI) has called on the government to establish a “social contract” with citizens governing the use and sharing of their personal data between agencies to improve government service delivery.

Part of the Department for Digital, Culture, Media and Sport, the CDEI has been tasked by the UK government to develop a new governance regime for data-driven technologies including AI.

The centre’s inaugural report on public sector data sharing argues that AI and data-driven technology offer extraordinary potential to improve decision-making and service delivery in the public sector, including the delivery of personalised public services.

But meeting this potential will require a step change in the way data is shared and used.

“For this to happen sustainably and effectively, public trust in the way data is shared and used is vital. Without such trust, the government and wider public sector risks losing society’s consent, setting back innovation as well as the smooth running of public services,” the report states.

“The government and wider public sector will be unable to deliver the standard of services that citizens are entitled to expect if they lack societal consent to share data as effectively as is now required.”

In the public interest

The report cites research suggesting that between 40% and 60% of the UK population believes that the government’s use of data is not serving their interests.

According to the report, this is resulting in an “environment of tenuous trust” which threatens to hinder the effective use of public data that could result in major societal benefits.

In addition, trust is undermined by the inconsistent interpretation and application of legal mechanisms for data sharing, as well as the lack of a common security and technical standard framework.

The report asserts the need for governments to establish a social contract between the citizen and the state covering ways data is shared and used, in the same way there is a social contract in relation to taxation and public spending.

This reflects the fact that data is arguably as important to the functioning of the state as money, and its significance is increasing, the report states.

Meanwhile, the need for a social contract may be partly addressed by enabling citizens to have more control over data held on them, the CDEI said. But it may also involve identifying conditions under which data can — or should — be shared in the public interest without citizens’ explicit consent.

In this context, an important consideration is the trade-off between the insights that can be derived by big data and the matching of different datasets with the risk this will undermine individual privacy or personal autonomy.

Another trade-off will involve weighing an individual’s right to privacy against the rights of other people or wider society.

These trade-offs must “reflect democratic values, wider public acceptability and a shared vision of a data driven society”, the report states.

It will also be important to address the common barriers to effective data sharing, the report adds. These barriers generally fit into three broad categories — legal, technical and cultural.

Technical barriers include limited adoption of common data standards and inconsistent security requirements across the public sector.

Legal barriers include confusion over the legal status of data sharing arrangements, and cultural barriers include reluctance within government departments to prioritise data sharing if it requires significant investment in resources or taking on significant reputational or legal risks.

According to the report, substantial additional investment is required to facilitate access by government to high-quality data capable of serving the public good.

This could include establishing a cost recovery model to address the financial disincentives of data sharing, which would be used to compensate departments committing resources to sharing data for projects led elsewhere in government.

Data sharing principles

The report also outlines the next steps for the CDEI in its ongoing efforts to facilitate public interest data sharing.

The first step will involve working with stakeholders including the Office for National Statistics (ONS) and the Information Commissioner’s Office (ICO) to establish clear principles for determining exactly what constitutes public interest in the sharing and use of data.

This work will explore specific areas that can be improved by greater use of public data, such as health care, digital service delivery and the transparency of public services such as the court system.

The centre will also explore the potential to create an integrated data infrastructure for access to anonymised public sector data. This could also involve creating an independent body tasked with overseeing this infrastructure or anonymised data sharing environment.

Meanwhile, the centre aims to identify opportunities to give citizens greater access to data the public sector holds on them, while supporting the creation of digital products that operate on shared data.

Examples listed in the report include creating digital records of qualifications for citizens to share with employers; medical health records that can be shared directly with patients desiring immediate access — such as those anxiously awaiting a diagnosis; and digital death records that can speed up the probate process for next of kin.

As part of this work, CDEI will aim to learn from the Open Banking initiative — which Australia’s Consumer Data Right legislation is based on — and similar initiatives, while also considering contexts where “data portability and data mobility in the public sector should be given higher priority”.

An important consideration for evaluating whether the citizen or government be given priority will be the likelihood that citizens will even make use of having greater control over data about them, the report states.

For cases where it is deemed more beneficial to share data without citizens’ explicit consent, the CDEI plans to explore whether existing safeguards adequately ensure data sharing can be considered trustworthy. The centre also plans to develop a more consistent data sharing framework.

“Such conditions would need to consider the protection of individual citizens from privacy invasion, protection of vulnerable groups, and measures of transparency and public engagement. A clear framework consistently applied would help to protect the dignity and privacy of individuals and build public trust, while also supporting the wider public interest.”

The centre will also explore the use of technologies aiming to preserve the privacy of individuals when sharing data for public interest uses.

One example listed in the report is homomorphic encryption, a technique which allows computation based on encrypted ciphertexts. When these texts are decrypted, the output matches the results of the computing operations as if they had been performed on unencrypted plain texts.

Finally, the centre plans to consider approaches to strengthen democratic accountability, including the parliament’s role in scrutinising the sharing and use of data in the public sector.

But the report adds that at the conclusion of this work it is unlikely that CDEI will recommend entirely replacing existing mechanisms for data sharing, because existing data protection legislation and the UK Information Commissioners Office’s Data Protection Impact Assessment regime are expected to prove up to the task.

Image credit: ©stock.adobe.com/au/SasinParaksa