Trust, Transparency, Tech: The Public Sector 'License to Operate'

On Wednesday 11th September 2019, the All-Party Parliamentary Data Analytics Group (APGDA) were delighted to host the first in a series of roundtables following on from the publication of the group’s Trust, Transparency, Tech inquiry.

The event brought together a range of stakeholders from across industry, academia and government to explore the public sector “license to operate”. This term refers to the principles by which individuals and society as a whole have confidence in how data is used by bodies such as the NHS as well as private organisations working with them.

The roundtable, chaired by Lord Knight of Weymouth, opened with presentations by Gavin Freeguard of the Institute of Government (IfG) and Naomi Sharman of the Information Commissioner's Office (ICO).

Mr Freeguard gave an overview of how public sector bodies use data, highlighting the asymmetric way in which data is handled by Government. He noted the contrast with dedicated bodies such as the Government Digital Service and the success of GOV.UK standing in contrast with the continued reliance on paper forms within the NHS and issues with how raw data is made available to the public. Mr Freeguard also spoke about the long-term impact of the forthcoming National Data Strategy and the future role of the Centre for Data Ethics and Innovation (CDEI) at the Department for Digital, Culture, Media and Sport.

Speaking on behalf of the Information Commissioner’s Office (ICO), Naomi Sharman referred to the future regulatory landscape for data and the impact that this would likely have on public sector bodies. Ms Sharman noted the importance of the public being informed about their rights and how their data is used, with an informed population being more likely to trust public bodies with their data. The ICO is currently working with other organisations, such as the Alan Turing Institute, to make members of the public more aware of their rights and obligations in this sphere via programmes such as Project Explain.

The panel then discussed the wider policy landscape and how the concept of the ‘license to operate’ is changing in the era of big and open data. Alexander Babuta of the Royal United Services Institute noted the regulatory gaps currently emerging in areas such as policing. Bias in algorithms is increasingly being studied by policy makers and is an area currently being investigated by CEDI. The roundtable concurred with the need to examine the legal and political frameworks as a matter of priority, as well as ensuring that any new oversight was based around common perspectives between the public and private spheres wherever possible.

There was also agreement at the need to avoid a “one-size-fits-all” approach to regulation, with participants considering an overarching set of principles as being preferable to an overly prescriptive approach to such a wide area of public policy. With the exponential rise of data and the roll-out of increasingly connected technologies as part of the Internet of Things, participants discussed the challenges of balancing regulation with civil liberties. The roundtable also noted the challenges of maintaining public trust in how bodies use and keep personal information, as cyberterrorism and hacking of strategic and personal assets becomes increasingly prominent in the public eye.  

As the amount of data collected by public bodies has increased, participants also noted the challenges this presents to good public policy making. One member noted the example of Borges’ Library of Babel. As more data is collected, it becomes increasingly more challenging to make sense of it, with infinite data being as irrelevant as no data at all. For the public sector in particular, the General Data Protection Regulation (GDPR) has helped to make organisations more discerning in terms of the data that is collected and developed. It was agreed that these principles represent a positive development for government and public services.

Whilst controversial, the Investigatory Powers Act of 2016 attempts to resolve these challenges. Although the Act has given British intelligence services some of the most wide-ranging and invasive powers to use personal data, the way in which they can be used is also underpinned by some of the most stringent judicial and legislative oversight in the world. Although this represents the most high-level role of Government, national security, the roundtable noted that principles enshrined in the Act could form a benchmark for how other areas of the public sector can develop new regulations in the future.

Finally, participants discussed ways to engage the public in discussions regarding the synergy between public and personal data flows. Given how the ‘license to operate’ naturally includes private bodies working with or alongside government agencies, the roundtable noted that many technology giants, such as Facebook and Google, are becoming more in favour of clear regulation on the grounds of it providing more certainty in an increasingly complex world. This naturally gives rise to the need to better engage the public in such discussions. The roundtable noted the use of ‘citizen juries’ by ICO in these area, but there was agreement that such schemes need to be done in a way that is genuinely representative of the country.

Jonathan Shaw, Chief Executive of Policy Connect, closed the event by reiterating the APGDA’s ongoing engagement work with the CDEI to ensure that the body is placed on a statutory footing. He added that, despite the complex political situation, the big and open data agenda is a policy area with a great deal of cross-party interest and support.

The findings from the roundtable will be taken forward into subsequent dissemination work ahead of a ‘One Year On’ review event in May 2020.