At the beginning of this week I was invited to be a speaker at the Conservative Technology Forum alongside Liam Maxwell.
The meeting was chaired by MEP Malcolm Harbour and also attended by Adam Afriye, MP, Shadow Minister for Innovation, Universities & Skills. It was a very lively debate and there were some important messages both for government and also for the businesses that are involved with fulfilling government contracts, should the Conservative party form our next government. There was talk of ending the culture of awarding single large contracts to increasingly large Systems Integrator and instead award smaller contracts to a larger pool of competitors, there was also talk of the need to slash IT budgets for government projects and level the playing field, particularly through the more widespread use of Open Source software and by creating open standards for interoperability.
With regard to the discussion topic itself "Who Owns Our Data?"; my own point of view is that we should each own our own data and we grant temporary rights to third parties as regards the use or retention of it. It is striking though that current legislation and accordingly current business practices are not aligned with this way of thinking. As a particularly stark illustration of this, consider the Data Protection Act. In the act, very clear legal definitions are set out for:
· "data controller" means, subject to subsection (4), a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed;
· "data processor", in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller;
· "data subject" means an individual who is the subject of personal data
So we have someone who is the subject of the data, someone with the right to control the data and another party who may be granted permission to process the data, notice anyone missing? The Data Protection Act does not make any legal definition about who actually owns the data, in fact it is almost as if the data has a life and existence of its own, we are the subjects of our own data. This kind of legislation can lead to some very wrong-headed thinking by those to whom we entrust our data.
Journalist, John Ozimek raised the interesting concept of Habeas Data which in his own words "is very simple. Instead of individual "rights" being delegated to a body such as the Office of the Information Commissioner, one's rights to one's data are enshrined directly in law. If you suffer harm as a result of data misuse, you have a right to take action against whoever caused you harm...and clearly, the level of the action would be proportionate to the degree of harm caused."
The idea of this kind of personal ownership of data is very appealing to me and certainly seemed of interest also to the forum. I'm certainly no lawyer but it is clear (to my simple mind at least) that if we were to aim for a data society such as this then radical changes in policy and law will be required and this will certainly thro up some very interesting technological and procedural challenges and innovation.