Part 5 of the Digital Economy Bill, currently making its way through Parliament, focuses on "Digital Government". The policy objective is important: to make better use of data to improve public services.
However, to do this it proposes "data sharing" - letting officials and organisations share citizens' personal data with others, even if citizens don't provide their permission or consent. This organisation-centric approach conflicts with the desire to put citizens in control of their own data (as set out, for example, in the government's Technology Code of Practice).
These contradictions were foreshadowed in the consultation on "Better use of data in government" that preceded the Bill. It missed the opportunity to resolve the complex issues that surround making better use of data. Contrary to the good practice championed by the Government Digital Service (GDS), the two-year consultation didn't explore, test and validate any technical options, missing a golden opportunity to inform the policymaking process.
As a result, the "data sharing" proposals read as if they have been lifted from the days when the Whitehall typing pool made multiple copies of information to distribute in foolscap manila envelopes. They risk perpetuating the security challenges and inefficiency of copying data out of a system, shipping it around, and then attempting to ingest, merge and match it into other silo systems. It's an approach from the age of the filing cabinet, neither citizen-enabling nor a modern and secure "digital" solution in the face of growing fraud and escalating cyber threats.
The recent National Audit Office report "Protecting information across government" highlighted weaknesses in the protection and management of information in government. Diluting already inadequate controls on protecting personal data will only further undermine trust at the very time government seeks to promote increasingly digital services.
The Bill is now at the Committee stage. As Co-Chair of the government's Privacy and Consumer Advisory Group, set up to provide independent expert review and advice when Francis Maude was Minister for the Cabinet Office, I've been invited to provide evidence alongside other colleagues. At the moment the Codes of Practice that were drafted to accompany the Bill remain unaccountably AWOL, making a meaningful assessment of its safeguards difficult, particularly how it will empower citizens, reduce fraud, and improve data security and the quality and timeliness of data.
Making better use of data is important and this is the perfect moment for an updated approach, one that establishes trust in post Brexit Britain and which is fit for the 21st century. Well-meaning but poorly designed "data sharing" will impede moves towards data-enabled public services. Undermining citizens' trust by reducing control over their own data, particularly at a time of increased cyber threats, is the wrong approach. We should instead be seizing the moment to undertake a much needed rethink about the role of data and identity in the design of modern public services.
The Committee stage is the ideal opportunity to reset Part 5 and bring it into alignment with government policy, drawing upon best technical and legal practice. Doing so will ensure a much more sustainable, trusted and citizen-empowering foundation on which to deliver digital government.