Consultation outcome

Government response to the consultation on the National Data Strategy

Updated 18 May 2021

Ministerial foreword

Data is the great opportunity of our time. It has the potential to transform almost every part of our society and economy — from boosting trade and productivity, to fuelling business and job creation, securing the next scientific breakthrough, revolutionising the public sector and creating a better and fairer society for all. In September 2020, we published an ambitious new National Data Strategy — launching a national conversation on how we can make the most of data’s many opportunities. I am delighted so many people took the time to respond to our consultation. Now, it is time to take action.

Having left the European Union, we can capitalise on the UK’s independent status and repatriated powers in pursuit of the data opportunity. That includes having the freedom to strike our own international data partnerships with some of the world’s fastest growing economies, and I will shortly announce our priority countries for those data adequacy agreements.

Domestically, we also have the chance to rebalance the narrative on data: from one where we only see risks, to one where we also see opportunities. That means creating a regime that doesn’t just focus on privacy, but unleashes the power of data across the whole of the economy and society.

The European Commission recognised the UK’s own high data protection standards in its recently published draft adequacy decision. Our bold new approach to data will be one which reimagines the ability to continue protecting data to a high standard while also creating the optimal conditions for growth. We will take an outcomes-based approach to regulation, maintaining trust while removing the disproportionate burden on SMEs and providing greater clarity and support to all organisations on how to use data to drive growth and innovation in responsible ways. That way, we will establish the UK as one of the most attractive data destinations for businesses all over the world.

We will also overhaul the way data is used in public services to improve life for people across the UK. In my Ten Tech Priorities, I made clear the importance of unlocking the power of data to build back better, safer and stronger from COVID-19 and shape a new golden age of tech for the UK. We will follow the high watermark set during our fight against COVID-19, when we used data quickly, efficiently and responsibly to model, predict and ultimately control the spread of the virus.

I also want to see the UK lead the global debate on data use. In April this year, the G7 Digital & Technology Ministers signed off an ambitious Ministerial Declaration that demonstrates UK leadership across the data, digital and technology agenda. This includes a roadmap for cooperation on ‘Data Free Flow with Trust’, which will boost collaboration on priority areas for data sharing; and later this year we will convene a meeting of the G7 data regulators to promote good regulatory practices. Through this ambitious G7 commitment to collaborate on key areas of cooperation, we will continue to work with our international partners as part of our National Data Strategy so that our citizens and businesses can reap its benefits.

Through our public consultation, you shared specific examples of where data has made the vital difference, both during the pandemic and against some of the biggest challenges of the future. Climate data from the Met Office helped researchers around the world determine the link between seasonality and the transmission of the virus, while data sharing between healthcare trusts has helped develop faster treatment methods. I am delighted that the forthcoming Data Strategy for Health and Social Care will outline sector specific interventions, building on the overarching vision set in the National Data Strategy.

Building on the insights received through your responses to this consultation, this document sets out in more detail our plans to use the framework outlined in the National Data Strategy to deliver this bold new approach, in such a way that builds public trust and ensures that the opportunities from better data use work for everyone, everywhere. Our new National Data Strategy Forum will ensure that a diverse range of perspectives continue to inform the strategy’s implementation.

As we build back better, we want to create an environment in which data-driven innovation can thrive. By combining our bold approach to data with investments in transformative technologies, we will unlock the power of data not only to help tackle COVID-19, but also to meet the challenges of tomorrow.

Rt. Hon Oliver Dowden
Secretary of State for Digital, Culture, Media and Sport

Executive summary

The National Data Strategy was published on 9th September 2020, bringing together our ambitions for data within a single, coherent narrative. Published as a consultation, the National Data Strategy was not intended as the final answer, but as part of a conversation about how we approach and use data in the UK.

This update provides an overview and analysis of key findings from the consultation, which took place between the 9th of September and the 9th of December 2020. We received over 250 consultation responses from a wide range of respondents — spanning technology companies (including both tech giants and SMEs), to members of the public, academic institutions, think-tanks, civil society and public sector organisations.

Respondents generally welcomed our framing of data as a strategic asset that should be used for economic and social benefit and tended to agree that the strategy identified the right pillars and missions in order to make the most of the opportunities presented by better data use. Respondents broadly agreed that data use should not just be considered as a threat to be managed, but also embraced as an opportunity to drive productivity and innovation across the economy, fuel scientific research, revolutionise the public sector and create a fairer and more prosperous society for all. Respondents also highlighted the potential for data use to support wider government priorities, such as those set out in the Integrated Review of Security, Defence, Development and Foreign Policy, as well as our ambitions to build back better, transition to net zero and to level up the UK’s regions. This perspective was complemented by numerous case studies highlighting responsible data use throughout the coronavirus pandemic showcasing the value of data use for public good.

However, respondents also stressed the need to ensure that the data revolution works for everyone, everywhere. This included drawing attention to specific challenges around incorrect or inappropriate uses of data (often expressed as data bias), digital inclusion and connectivity, as well as the need for all citizens to have the appropriate skills to operate and thrive in a data-driven economy. With this in mind, respondents highlighted the importance of continued stakeholder engagement. This will help bring in diverse perspectives from across industry, academia, civil society and the wider public to support implementation and inform future policy development.

Above all, respondents’ feedback confirmed that maintaining a high level of public support for data use will be key to unlocking the power of data. Creating a trustworthy data regime that maintains high data protection standards and enables responsible data use will ensure that the benefits of the data revolution are felt by all people, in all places.

Since the publication of the National Data Strategy in September 2020, we have already taken action across the five missions.

Mission One: Unlocking the value of data held across the economy

1.	Established the non-statutory Digital Markets Unit, laying the foundations for the future pro-competition regime for digital markets
2.	Conducted research into how government can increase access to data held across the economy that will guide our approach to prioritising interventions to promote data availability, supporting innovation and growth.
3.	Agreed a programme of work with the Centre for Data Ethics and Innovation to explore how Privacy Enhancing Technologies can remove barriers to data sharing by managing more effectively the risks associated with sharing commercially-sensitive and personal data.
4.	Agreed a programme of work with the Open Data Institute that includes building data literacy across the economy; bringing about new data institutions and improving the practices of existing ones; and developing open and trustworthy data ecosystems that support innovation.
5.	Published an in-depth analysis of the geospatial data market highlighting significant economic opportunities for this part of the data economy, and informing six new actions to enhance the UK’s geospatial data ecosystem.
6.	Held a series of workshops exploring how intermediaries stewarding data between those sharing and accessing it could enable new ways of sharing data safely and efficiently, and what government could do to enable this activity.

Mission Two: Securing a pro-growth and trusted data regime

1.	Launched the recruitment for a new Information Commissioner who will be empowered to ensure people can use data to achieve economic and social goals, as well as maintaining their focus on privacy.
2.	Agreed a programme of work with the Open Data Institute to improve data sharing by helping organisations assess, build and demonstrate both trust in and the trustworthiness of data and data practices.

Mission Three: Transforming government’s use of data to drive efficiency and improve public services

1.	Appointed the Chair and Executive Director for and created a new Central Digital and Data Office to drive forward Digital, Data and Technology transformation across government.
2.	The ONS’s Government Data Quality Hub has published the Government Data Quality Framework, which provides the public sector with a more structured approach to improving the quality of its data.
3.	By the end of last year, the newly established Data Standards Authority had published: • metadata standards and related guidance • guidance to improve how data is assessed in the government technology spend controls process • guidance for use of application programming interfaces (APIs) in data sharing.
4.	Initiated work to deliver the new Integrated Data Programme (IDP), led by ONS as lead delivery partner. User research is underway and a secure Cloud-native architecture is being trialled, which will form the backbone of the underlying technology. The programme will support data sharing in government through a secure platform to provide high quality data services and tools, such as the Reference Data Management Framework (RDMF), to enable up-to-date evidence and collaborative analysis to support improved policy development and public service delivery.
5.	Held the first working meetings between government and civil society to begin developing proposals for the National Action Plan for Open Government 2021-23.
6.	The ONS’s Data Science Campus has already exceeded the National Data Strategy target of training 500 public sector workers to use Data Science skills. In 2021, the Campus is scaling up existing training and continuing to develop new options to further improve data literacy and data science skills across the public sector.

Mission Four: Ensuring the security and resilience of the infrastructure on which data relies

1.

The National Security and Investment Act recently received Royal Assent, strengthening the government’s powers to scrutinise and intervene in transactions to protect national security, while providing businesses with certainty and transparency. The new National Security and Investment Act provides powers for a mandatory notification regime, and the government has proposed data infrastructure as one of the sectors in scope of mandatory notification.

Mission Five: Championing the international flow of data

1.	Secured positive draft adequacy decisions from the European Commission, which recognise the UK’s high data protection standards and will, once adopted, enable the continued unrestricted transfer of personal data from the EU to the UK.
2.	Agreed data flow provisions in trade agreements with the EU and Japan that avoid unjustified restrictions on the free flow of data between the UK and Japan and thereby address barriers to digital trade.
3.	Secured reciprocal free flows of personal data with all non-EU countries that the UK recognises as adequate, including Japan, Canada, Israel, and the Crown Dependencies.
4.	Published a memorandum of understanding (MoU) with the Information Commissioner’s Office (ICO) on how we will work together when conducting UK adequacy assessments.
5.	Under the UK Presidency this year, the G7 Digital & Technology Ministers signed off an ambitious Ministerial Declaration and four annexes which demonstrates UK leadership across the data, digital and technology agenda and seals. This includes a commitment from international leaders to work together to realise the opportunities the free flow of data with trust can drive for our citizens, our businesses and our economies globally.

Further detail on the actions we will take to implement the National Data Strategy are set out in the body of the document, but in direct response to consultation response feedback, we will:

1. Adopt a phased approach to future publications, sharing more frequent, focused updates against and across the Missions, to ensure we remain as open and collaborative in our approach as possible.

2. Launch the National Data Strategy Forum to outline our commitment to ongoing stakeholder dialogue and ensuring diverse perspectives beyond government and the public sector inform the implementation of the National Data Strategy. The forum will be chaired by the DCMS Minister for Media and Data.

3. Lead by example, furthering our efforts to build trust in government’s own use of data which may include:
   
   • engagement on methods used to increase transparency of algorithmic-assisted decision making in the public sector
   
   • monitoring the use of the Data Ethics Framework in central government
   
   • scoping data ethics as a role in the Digital, Data and Technology Capability Framework
   
   • working with the Centre for Data Ethics and Innovation and the newly formed cross-Whitehall Public Attitudes to Data & AI Network to build public support for data use, including the sharing of real-world examples, from the COVID-19 response and more broadly, where responsible data use has played a critical role in delivering economic and societal benefit

4. Maintain momentum across wider priority areas through key leadership appointments and international activity, which will include:
   
   • confirming a new Information Commissioner
   
   • announcing a new Board and Chair for the Centre for Data Ethics and Innovation
   
   • announcing our priority countries for UK data adequacy agreements

Government response

The National Data Strategy set out a framework for the action this government will take on data, and its part in a modern, digital government, economy and society. This framework identified four interconnected issues, or “pillars”, we must tackle and five areas of action, or “missions”, we need to prioritise now in order to make the most of data’s many opportunities.

As Figure 1 illustrates, the four pillars are: data foundations, data skills, data availability and responsible data use. The five missions are to: unlock the value of data held across the economy, secure a pro-growth and trusted data regime, transform government’s use of data to drive efficiency and improve public services, ensure the security and resilience of the infrastructure on which data use relies, and champion the international flow of data. By accomplishing the five missions and supporting the pillars of effective data use, we can harness the power of data to drive growth and innovation, fuel new jobs and businesses, support scientific research, revolutionise the public sector and create a fairer society for all.

Figure 1: The National Data Strategy framework

This section provides a concise overview of respondent feedback to the consultation, and outlines how we will take this forward as we refine and implement the National Data Strategy. More detail on respondent feedback to each of the 19 consultation questions can be found in the detailed summary of findings in Annex B.

Questions 1-4 of the consultation sought respondent views on the overall framework set out in the strategy, while Questions 5-19 sought views on each of the five missions and their associated areas of action.

The original strategy and consultation response cover both reserved and devolved areas. Where the strategy covers reserved areas (and, in respect of Northern Ireland, excepted areas), it does so for the whole of the UK. Where it covers devolved or transferred areas, it applies to England only. The consultation response is also focused on the central government’s role in harnessing data use. However, we remain committed to working with partners across all parts of society to land a strategy for the whole of the UK.

Feedback on the overall National Data Strategy (Questions 1-4)

In general, respondents welcomed the publication of a National Data Strategy that draws together cross-government work strands into a single overarching framework. They also tended to support our framing of the strategy as the continuation of an ongoing conversation about how we use and approach data in the UK.

Those who agreed with the strategy’s missions and pillars (76% of respondents) tended to support our ambition to unlock the power of data to drive innovation and research, improve public services and build a world-leading digital economy, underpinned by trust. Many respondents also recognised the need to rebalance the narrative on data use. This means moving away from thinking about data use primarily as a threat to be managed, and instead recognising data as an asset that, used responsibly, can deliver economic and public benefits across the UK.

This perspective was complemented by a huge range of case studies showcasing how data has been used for public good during the COVID-19 pandemic — from supporting civil society and public sector organisations to deliver essential goods and services to individuals on the Shielding list; to evaluating the impact of government financial schemes on struggling sectors; to enabling the development of new products and services in the private sector. These case studies reinforce our view that on the whole the response to the pandemic has set a new, high watermark for data use that should be maintained.

The UK’s response to the COVID-19 pandemic further demonstrated how data sharing between public, private and third sectors is essential to public health responses and comparable challenges and opportunities. Our response also cemented the importance of access to real time data to inform decision-making.

Case Study: Using data to support our cultural organisations and heritage sites

Sharing data has underpinned both the design and delivery of the Culture Recovery Fund (CRF), a £1.57bn support package to tackle the economic crisis precipitated by the pandemic. DCMS’s cultural funding Arms Lengths Bodies (ALBs) — Arts Council England, National Lottery Heritage Fund, Heritage England and the British Film Institute — usually work independently to support their respective sectors. However, during the COVID-19 pandemic, they came together with the government to systematically share data on the impacts to their sectors, identify organisations most at risk and collaborate on the rapid development of the CRF in order to get urgent support to cultural and heritage organisations. This ensured that funding went to those organisations most in need.

Case Study: Using data to understand the optimal temperature for COVID-19 transmission

By making climate data freely available through cloud-based platforms to modellers across the world, the Met Office supported investigations into the link between seasonality and the transmission of the virus. As a result of this collaborative data sharing exercise, researchers were crucially able to determine that the optimum temperature for COVID-19 transmission is 11.3°C. This information was then used by government departments for contingency planning to predict the potential spread of COVID-19 during the winter.

Two key themes emerged in our analysis of Questions 1-4: (1) ensuring the National Data Strategy works for everyone in our society, (2) reflecting on how data use can support our ability to build back fairer and greener.

1) Ensuring the National Data Strategy works for everyone in our society

Many respondents underlined the need to ensure that the National Data Strategy benefits everyone in society, including people with protected characteristics. This included drawing attention to specific challenges which can emerge both when datasets are inaccurate and when they “accurately reflect unfair aspects of society.” Respondents underlined the importance of developing robust approaches to managing bias in the context of data-driven decisions, and proposed developing governance bodies, risk assessments and guidelines for best-practice.

We are committed to delivering a National Data Strategy that works for everyone, everywhere. Ensuring that data is used responsibly in a way that respects individual rights and delivers fair outcomes to all members of our society will be vital to fulfil this commitment.

Since publication of the Strategy, government has continued to lead by example to support responsible data use, including by embedding the Data Ethics Framework across government processes and departments. The COVID-19 response over the last year has demonstrated the government’s commitment to ensuring it has robust, timely and representative data through initiatives such as the ONS community infection survey as well as making data and analysis available to the public, through regular publications and dashboards. The Central Digital and Data Office (CDDO) is also leading work to increase transparency in algorithmic-assisted decision making, while the CDEI is continuing to explore ways of building public trust in data use. Through this work, we hope to support data-driven policy decisions that deliver fairer outcomes, and to foster better public understanding of how decisions are made about them.

Although the UK has left the European Union, we remain committed to operating a data rights regime that promotes trust and responsible data use as well as robust data protection standards. This will be vital in securing public support for data use, with the CDEI’s COVID-19 repository and public attitudes retrospective pointing to a clear “opportunity gap” between the potential for data-driven technologies to deliver positive societal outcomes and the extent to which this is happening in practice. We will also work closely with the CDEI and the new cross-Whitehall Public Attitudes to Data and AI Network. Through these partnerships, we will explore new ways of building public support for data use, for example by showcasing examples of effective data use and sharing to deliver economic and societal benefits.

Case Study: Public campaign to build trust for Census 2021

The ONS employed 300 engagement staff to work with communities across England and Wales (since Oct 2020) as part of its work on Census 2021. These teams have been working to build trust and understanding for why public data like this is important, especially with people who may experience barriers to taking part and are therefore at risk of being under-represented in other studies. This work is based on the key messages that information from the census ensures the provision of public services on which we all rely, that the census is safe and secure and that all personal information is kept confidential for 100 years.

Used effectively and responsibly, data can promote a fairer, more inclusive society. As many respondents noted, protected characteristics and socio-economic data can be used to identify and tackle social inequalities, support inclusive research and ensure that government and private sector actions treat people fairly, in a way that does not discriminate against individuals with protected characteristics.

Case Study: Using data to identify ethnic disparities in COVID-19 related mortality

ONS has linked data from the 2011 Census with other relevant datasets to create the Public Health Data Asset, providing a rich source of information on COVID-19 exposures and outcomes for over 40 million people in England. This data was then used to model the association between self-reported ethnicity and the risk of COVID-19 related death, after adjusting for a broad range of demographic, geographic, socio-economic, and clinical characteristics to understand how the pandemic was affecting different parts of the population.

For the first wave of the pandemic, the ONS study shows a higher risk of COVID-19 mortality for all ethnic minority groups compared to the White British population. Results for the second wave show how the risk remained elevated for some ethnic minority groups, but not for others. These insights have fed into the government’s decision-making process in response to the pandemic. This project is also working as a proof of concept for the Integrated Data Programme.

2) Building Back Fairer: Ensuring the National Data Strategy delivers benefits across all parts of the UK

Respondents identified an opportunity for the National Data Strategy to support all parts of the UK to level-up. Some respondents described how better data availability at the local level could drive innovation, productivity gains and public service improvements across all parts of the UK, while others noted how data can be used to evaluate levelling-up initiatives. Many respondents also argued that the increasing prevalence of remote working has reduced geographic constraints to the development of regional data ecosystems. However, there was a broad consensus that UK-wide connectivity and data skills opportunities will be necessary for citizens across all parts of the UK to participate in the data revolution.

We agree that connectivity and data skills will be necessary for people, businesses and communities across the UK to share in the opportunities presented by better data use. That is why this government is committed to becoming a global connectivity leader. We have outlined a clear strategy for achieving this goal in The Future Telecoms Infrastructure Review, Statement of Strategic Priorities and proposed £5 billion investment in the UK Gigabit Programme. We are also working to become 85% minimum gigabit capable coverage by 2025, 95% 4G coverage by 2027 and 100% coverage in both areas as soon as possible.

Research commissioned by DCMS suggests that the UK faces a significant data skills gap. Almost half of businesses (48%) are recruiting for roles that require hard or technical data skills. A similar amount of businesses (46%) have struggled to recruit for these roles over the last 2 years. We want to address this skills gap and ensure those thinking of developing their data skills have access to data training and educational opportunities across England. To this end, the Department of Education is rolling out digital skills boot camps across all nine English regions, while universities across England are taking part in the data science and AI degree conversion programme led by DCMS and the Office for AI. The Alan Turing Institute is also helping to train the next generation of leaders in data science and AI, including through the Turing Institute’s doctoral programme, which seeks to equip them with the latest data science techniques, tools, and methodologies.

Going forward, DCMS will test effective ways to provide foundational data skills to university students. This will help ensure that future UK graduates have the data literacy required in almost every job. DCMS will also continue to work with the Data Skills Taskforce - a valuable knowledge and best practice-sharing forum that brings together key participants from industry and higher education. We will also continue promoting data skills and analytics to help ensure companies have the data skills they need. Finally, we recognise the need to develop data literacy and skills in the current workforce, in addition to the data governance and strategic skills that complement data science skills. That is why the Open Data Institute, which is part-funded by DCMS, will focus on improving data literacy and skills by increasing access and availability to workplace data literacy training and learning materials.

There is also a key role for local and regional government in supporting levelling-up through more effective data sharing. The CDEI’s report on local government use of data during the pandemic highlights that effective data sharing can support local-level public service improvements. Hackney Council, for example, combined internal and external datasets to identify residents who were particularly vulnerable to COVID-19, while local authorities in Essex shared data in real time with the ‘VIPER’ tool, improving the effectiveness and responsiveness of the county’s emergency services. Taking account of lessons from the pandemic, the CDEI will continue to work with cities and regions to support better data collection, use and sharing at the local level. For example, the Centre is working with the Greater Manchester Combined Authority to develop an ethical data governance framework. This will support the responsible use of data-driven technology across the combined authority and its constituent councils.

The National Innovation Centre for Data in Newcastle, a joint investment by both the UK government and Newcastle University, is also already empowering local organisations to gain insights from their data as well as transferring practical data skills into the local workforces. But there is more to be done to ensure that data can be used to harness the potential of regions right across the country. Towards this end, DCMS will work closely with cities, local government and regional organisations as we implement the National Data Strategy.

Case Study: Levelling up using town and high street data

The levelling up agenda has led to an increased demand from government and other stakeholders to analyse data for geographies of direct policy interest. Since 2019, ONS and Ordnance Survey have helped to support this with a project to provide data and analysis based on actual town and high street geographies rather than simply providing data aggregated only at the local authority level. Almost 1,200 towns in England and Wales have been included in the project with the data now widely used across government to inform policy making including appraisal, monitoring and evaluation. This project is also working as a proof of concept for the Integrated Data Programme.

Local government also has a key role to play in supporting levelling-up by opening up more data. This is vital both for building trust and accountability in the delivery of local services and for improving data availability across all parts of the UK. Already, the Transparency Code 2015 requires Local Authorities in England to openly publish certain data sets in the public domain, and the sector has made great strides in this direction. Local authorities are publishing increasing volumes of data in open and accessible formats, both to enhance transparency and to ensure that the full value of their data is used to deliver public benefits such as local public service improvements. Taking this further, we plan to update the Transparency Code 2015 to drive better availability of open data at the local level. We are also developing proposals to support our commitments made in the Open Government National Action Plan, including proposals to encourage and support councils to publish all the information they are able to open up as a matter of course.

3) Building Back Greener: Harnessing the power of data to support our transition to net zero

In Mission 4 (Question 17), we asked whether the government can play a greater role in ensuring that data use does not negatively contribute to carbon emissions. However, responses emphasised that this is only part of the puzzle when it comes to the role of the National Data Strategy in tackling climate change.

Respondents identified both an opportunity and a responsibility for the National Data Strategy to further explore how data use can support a greener, more sustainable economy. Some described how data can be used to monitor changes in biodiversity, waste production and air pollution. Others argued that data use would be a cornerstone of the UK’s transition to net zero, with data-driven innovations driving emissions reductions across sectors. Several respondents made specific recommendations, including to create a Data Net Zero Taskforce and a Digital Twin of the UK’s Natural Environment. Nonetheless, respondents also stressed the importance of considering the environmental footprint of increased data use, for example the carbon emissions generated by data centres.

In line with respondent feedback, we will explore ways of maximising the UK’s COP26 presidency to draw international attention to the role that digital and data technology can play in tackling climate change.

We also remain committed to producing a Data Sustainability Charter this year to guide government engagement with suppliers to ensure sustainable data use and management. This work will inform, and be informed by, our work with Digital Nations and other international coalitions leading into G7, G20 and COP26.

We are also using data to support our industry’s transition to Net Zero. The Industrial Decarbonisation Strategy, for example, sets out a concrete plan for reducing greenhouse gas emissions from the industrial sector, which need to fall by at least 90% compared to today’s levels to achieve our 2050 Net Zero target. The strategy underlines the importance of collecting and using data to identify and address inefficiencies within industrial processes and systems, determine the carbon embodied within industrial products, and increase the reuse of secondary materials to minimise waste. Government and Ofgem are also working together to develop an Energy Data and Digitalisation Strategy, which will set out clear actions that government, industry and the energy sector must take to ensure that the data management systems underpinning smart energy systems remain fit for purpose in a Net Zero world.

Additionally, to support energy efficiency and decarbonisation technologies and research projects or studies, data service providers in England, Wales and North Ireland can apply for UK government grants through the Industrial Energy Transformation Fund (IETF). Scottish providers can apply for the Scottish Industrial Energy Transformation Fund (SIETF). These funds can support data service providers to reduce emissions, thus mitigating against the environmental footprint of increased data use.

However, it is important to recognise that government cannot drive the UK’s transition to Net Zero alone. We welcome the technology sector’s proactive approach towards achieving Net Zero, as evidenced through the launch of the Tech Zero taskforce, and will continue to work closely with the sector to ensure that data-driven technologies fulfil their role in supporting the UK’s transition Net Zero.

Mission one: Unlocking the value of data held across the economy (Questions 5-9)

Questions 5-9 of the consultation focussed on Mission one: Unlocking the value of data held across the economy. We sought respondent views on which sectors have the most to gain from better availability and what role central government should undertake to improve data availability and support data foundations in the UK economy. We also asked respondents how to effectively tackle barriers to data use faced by small and medium sized enterprises (SMEs), as well as how to ensure that consumers’ data is put to work for them.

Respondents tended to believe that better data availability would benefit all sectors, although many identified public service providers and regulated sectors as having the most to gain. Respondents thought there are common challenges to data sharing between sectors. Some identified a need for cross-cutting solutions to particular barriers to data availability, with sector-specific variations where appropriate.

Respondents welcomed a government-led framework for intervention to improve data availability, but diverged over the appropriate levels of government intervention in the data economy. Most identified the government’s convening power as critical for improving coordination across sectors. Others called for government investment to incentivise data-driven innovation and overcome perceived risks to data sharing. Some respondents envisaged a more interventionist approach to improving data availability to deliver public benefit.

Case study: Collaborative public-private data sharing

Data for London is a new data ecosystem for London - a framework that will create a shared approach to data, bringing together the public and private sector. The goal is to promote collaboration and data-sharing to generate insights that will lead to better policy decision-making, improving the lives of Londoners.

The initiative, created by business members organisation London First and led by the Data for London working group, is delivering Data Innovation Challenges, which are promoting the use cases and testing of new data technologies such as 5G, artificial intelligence, and helping ensure these innovations benefit all Londoners. This work will be guided by a London Data Charter — safeguarding data security and privacy, championing transparency, and ensuring the highest standards of data management. Collaboration with cities across the UK forms an important part of the initiative.

Respondents identified one of this Strategy’s key pillars, data foundations (data that is recorded in standardised formats, easily retrievable and accessible when needed, is protected against unauthorised access and usage, and is sufficiently up to date) as an enabler for better data availability. They disagreed, however, over the role of government in supporting foundations across the economy. While some believed government should support an industry-led approach, others felt such a hands-off approach would be unfair, inefficient and hinder market participation. Many respondents also underlined the need for effective data stewardship to support safe, ethical and efficient data use across markets.

Respondents suggested that the resource savings and increased market competition associated with better data foundations and data availability, respectively, would alleviate SME resource constraints. Many considered such constraints as the distinguishing factor between SME needs and the needs of larger businesses. They disagreed, however, over the impact of regulation on SMEs: some believed existing compliance requirements place undue burden on SMEs; others believed regulatory certainty would give SMEs confidence to innovate and grow.

Respondents displayed support for the government’s Smart Data plans, which many identified as a template for action in the wider economy. Beyond existing plans, many respondents recommended developing monitoring and evaluation tools for Smart Data initiatives, undertaking further work to understand the benefits of Smart Data, and introducing Smart Data schemes into new sectors including health, education, retail and transport. Certain respondents also recommended greater use of anonymised or aggregated data in policymaking, arguing that consumer data should not just work for the consumer, but also for public good. Respondents also stressed the importance of consumer controls, transparency, standards and regulation for building trust in data sharing initiatives.

Government response

As set out in the National Data Strategy, we are developing a policy framework to focus and prioritise government’s role in enabling better data availability in the wider economy. Our approach has been guided by engagement with stakeholders during the development of the Strategy, and we will look to integrate evidence from this consultation.

We are also continuing to deliver on the National Infrastructure Commission’s Data for the Public Good recommendations. These set the foundations that will enable data compatibility across the built environment and beyond. An Information Management Framework (IMF) will provide the national system by which organisations will be able to share data in a way that is effective, resilient and secure. Data in consistent formats will also enable the greater deployment of digital twin technology, and ultimately the linking of digital twins. This will enable government to design and deliver infrastructure more efficiently and effectively and will improve our use of resources and reduce waste.

We have also undertaken extensive research to support our evidence-based framework. This includes ongoing primary research led by the Office for AI to explore how data foundations can enable data availability, and the Frontier Economics report on increasing access to data across the economy. The report identifies six levers government can apply to tackle barriers to data availability, including by improving knowledge and understanding of data sharing, supporting data foundations, improving incentives for and addressing risks associated with data sharing, for example (perceived) regulatory burden, and mandating data sharing in the public interest.

Given the potential effectiveness of these levers across a number of sectors, we are considering the extent to which central government intervention can provide a horizontal enabler of better data availability. This complements our role in ensuring that sectors and regions receive tailored support where necessary. We will pilot the most promising interventions; for example, we are considering the role that standards could play in enabling data sharing, we are undertaking research on the role financial incentives could play in encouraging data sharing for the public good, and we have held a series of workshops on the ways in which data intermediaries can enable new forms of safe and efficient data sharing.

As part of our policy framework, we are considering the role of data intermediaries in supporting responsible data sharing, and how government can intervene to support their adoption, building on the Ada Lovelace Institute and AI Council joint report on Legal Mechanisms for Data Stewardship. As part of this, we will support the Open Data Institute’s work on data institutions – organisations whose purpose involves stewarding data on behalf of others – to create an environment that supports existing data institutions in the public, private and third sectors and is conducive to innovation around new forms of data intermediaries such as data trusts and data cooperatives. We will work with the CDEI to build evidence, test solutions and identify where government contribution can serve as a catalyst for better data availability, for example by improving our understanding of government’s role in supporting the adoption of Privacy Enhancing Technologies (PETs). And by delivering to the UK Geospatial Strategy, we will ensure that the UK has a coherent location data framework^{[footnote 1]} to underpin economic, social and environmental value, following through on key projects such as the National Underground Assets Register.

We want better data availability to support a fairer, more prosperous society for all. Towards this end, we are strengthening our understanding of the importance of access to data in enabling market competition and delivering public benefit, and considering how to realign incentives to improve data sharing and data access for the benefit of people, businesses and society. Government’s response to the Competition and Markets Authority digital advertising market study agrees in principle with giving pro-competition powers, designed to tackle the sources of market power and promote competition, to the future Digital Markets Unit.

Case study: Opening up charge point data

In February 2021, the Office for Zero Emission Vehicles launched a consultation on proposals to improve the consumer experience of public charge points. The consultation includes a proposal to legislate on opening up charge point data. The aim is to support system planning across the transport and electricity sectors, and enable development of consumer-friendly apps so that all drivers are able to locate available charge points easily when they need to charge their vehicle. This could help drive down the costs of owning an electric vehicle by encouraging competition, innovation and efficiencies; reducing anxiety for electric vehicle users; and encouraging the mass market uptake of electric vehicles.

Finally, we will continue to work across existing Smart Data initiatives to develop trustworthy schemes underpinned by clear standards. Given the broad-based support for Smart Data in the consultation responses, we will consider where there are opportunities to grow the current ambition. We will publish an update report on the Smart Data working group in the next few months. This will outline progress on sector-specific initiatives and provide suggestions for improving coordination and delivery across sectors. We are also undertaking research into the benefits and costs associated with Smart Data.

Going forward, we will ensure that planned Smart Data legislation remains open for future use in additional sectors and continue to explore ways of improving consumer and industry engagement in data sharing initiatives. We also welcome suggestions on how to use data for public good, as well as how to effectively monitor and evaluate existing data sharing initiatives at the sectoral level.

Mission two: Maintaining a pro-growth and trusted data regime (Questions 10-11)

Questions 10-11 of the consultation focused on Mission two: Maintaining a pro-growth and trusted data regime. We asked respondents how to ensure that the UK’s data regime remains fit for purpose in an increasingly data-driven age. We also sought respondents’ views on the proposed future functions of the CDEI and how a change in statutory status might support the Centre to deliver its remit.

Respondents indicated support for a UK regime that continues to maintain high data protection standards without creating unnecessary barriers to responsible data use. Some respondents noted the burden of complying across multiple regimes and the resource that has already been invested in compliance under the current rules. Many respondents also recommended exploring ways of ensuring the Information Commissioner’s Office (ICO) can deliver against its broad remit.

Respondents recommended sharpening the regime’s focus on outcomes and risks, rather than burdensome paperwork that can misdirect resources away from activities that keep personal information safe. They underlined the need for a flexible regime that keeps pace with technological change, as well as the importance of clear, more specific guidance or rules to reduce uncertainty and vagueness. Certain respondents also suggested exploring ways of encouraging more effective data use and sharing to deliver public benefit, building on the high watermark set during the pandemic.

Many respondents cautioned against any weakening of data protection standards at the expense of citizens’ rights, noting the potential negative impacts on public trust or the international reputation of the UK’s data regime. Others highlighted the importance of educating citizens about the data protection regime, particularly in terms of their rights and responsibilities as data subjects.

Government response

Consultation feedback has confirmed that the UK should operate a data protection regime that encourages responsible data use, supports vibrant innovation and competition, and builds public trust. Getting this right will be critical to future jobs and growth as our economy becomes increasingly digitised and data-enabled.

The UK is an established world leader in technological innovation and data protection: two areas which enable businesses to grow and thrive in an environment that protects privacy, maintains security and builds public confidence.

We want our data protection law to remain fit for purpose amid rapid technological change, and to support the UK’s future objectives. Having left the European Union, we can capitalise on our independent status and repatriated powers to operate a pro-growth and innovation friendly regime that maintains our high data protection standards.

In line with consultation feedback, we will leverage the UK’s existing strengths and the progressive values, competence and pragmatism of our regulatory institutions to secure an independent data regime that supports our ambition to build a world-leading digital economy. By continuing the conversation with stakeholders, and building on the high watermark of data use set during the COVID-19 pandemic, this regime will:

1. Support vibrant competition and innovation to drive economic growth.

2. Maintain high data protection standards without creating unnecessary barriers to responsible data use.

3. Keep a pace with the rapid innovation of data-intensive technologies.

4. Help businesses of all sizes and innovators to use data responsibly without undue uncertainty or risk, both in the UK and internationally.

5. Ensure the ICO is equipped to regulate effectively in an increasingly data-driven world.

We also recognise the importance of maintaining interoperability between the UK regime and other regimes, particularly for businesses seeking to operate internationally. We welcome the European Commission’s draft data adequacy decisions. We now encourage the EU to swiftly complete the technical approval process for the European Commission’s draft adequacy decisions, to ensure data continues to flow seamlessly between the UK and EU.

Future Functions of the Centre for Data Ethics and Innovation (CDEI)

Consultation feedback revealed broad support for the CDEI’s proposed future functions:

• Analyse and anticipate: analysis and insight on data innovation and monitoring of public attitudes.
• Partnership working with organisations to address specific operational barriers to innovation.
• Operationalise policy: supporting the technical development and piloting of tech and data policy interventions.

Respondents were divided over the desirability of a change in statutory status. Some felt that a change in status would strengthen the Centre’s mandate; others believed it was unnecessary to effectively deliver the Centre’s proposed future functions. Certain respondents also recommended that the Centre should further explore how to effectively build trust in data.

Following two and half years of successful operation, we are in the process of recruiting for a new Chair and refreshed Board, to lead the Centre in its next phase. We will announce the new leadership of the Centre in due course, alongside further detail about how the CDEI will continue to support the government’s delivery of the National Data Strategy priorities in future.

Mission three: Transforming government’s use of data (Questions 12-13)

Questions 12-13 of the consultation focussed on Mission three: Transforming government’s use of data. We asked respondents to identify which actions would have the biggest impact across five areas, and which standards should be prioritised by the Data Standards Authority (DSA).

Consultation feedback indicates widespread support for all five areas of work to transform government’s use of data.

Quality, access and availability: Respondents supported government’s commitments to improve data quality, availability and interoperability, as well as its desire to tackle technical barriers to data use and re-use. Respondents underlined the need to promote a data sharing culture and best-practice data management, open up more data, focus explicitly on governance and more collaboration with external partners.

Standards and assurance: Respondents underlined the importance of using existing open standards and referenced the need for common data standards across multiple aspects of data, including data formats, geospatial data, data governance and data exchanges performed via application programming interfaces (APIs). A number of respondents identified a role for government in shaping global data standards.

In developing data standards and standard practices, respondents recommended that the DSA prioritise meta data, core geospatial identifiers, data governance, data protection and privacy, APIs, data formats, and identifiers of people and organisations. Respondents also underlined the importance of ensuring that standards meet user needs. Many suggested that the DSA use open standards, integrate accountability, transparency and fairness into all aspects of its work, and work closely on specific standards with expert bodies such as the British Standards Institute, Information Commissioner’s Office and Centre for Digital Built Britain.

Capability, leadership and culture: Respondents underlined the importance of building a culture of data literacy across government. Many argued that senior civil servants and politicians should have the data skills to champion data use in their departments, and that all public sector workers should have a basic level of data literacy. Respondents also identified the importance of the Government Chief Data Officer in driving a culture of data-driven decision making.

Accountability and productivity: Respondents encouraged the government to collaborate more effectively in developing regulation and open standards, often stressing the need for more robust and accessible data infrastructure to improve understanding of government’s data assets.

Ethics and public trust: Respondents supported increased transparency in data-driven decision making and the adoption of the Data Ethics Framework across the public sector. Certain respondents also recommended that the government focus on accountability structures for data ethics tools, recognising Data Ethics as a Digital, Data and Technology (DDaT) Capability Framework profession in government, and introducing civil service learning programmes focused on data ethics. Respondents stressed the need for ethics to be at the heart of government operations, and recommended robust ethical norms and standards to guide cross-government data sharing.

Across all five areas of work, respondents stressed the importance of proactive government engagement with experts across sectors.

Government response

Consultation feedback has been helpful in understanding areas to prioritise in transforming government’s use of data.

Quality, access and availability: We will continue to take forward the actions outlined in the National Data Strategy to improve data quality, access and availability across government, prioritising the use of Digital Economy Act (2017) powers and work to overcome real and perceived barriers to data sharing, including the work of the Data Standards Authority on standards to support data access, and on a future cross-government Integrated Data Programme for data sharing and joined up analysis, led by ONS as lead delivery partner.

Standards and assurance: The DSA, now part of the new Central Digital and Data Office (CDDO), has already begun work on many of the areas identified as priorities by respondents, such as the publication of metadata standards in August 2020, as well as working in partnership with ONS on guidance for publishing reference data. The DSA is also at the advanced stages of reviewing specific standards such as the Global Legal Entity Identifier (GLEI), Beneficial Ownership Data Standard (BODS), OpenReferralUK and the Digital Object Identifier (DOI).

Going forward, we will explore how the FAIR principles can support scientific data management and stewardship, and how the TRUST principles for digital repositories can help inform the government’s approach to data standards. We will also continue to seek the advice of expert bodies on specific standards, including the British Standards Institute, the Information Commissioner’s Office and the Centre for Digital Built Britain.

Capability, leadership and culture: In line with respondent feedback, we recognise the need to build a culture of data literacy across government. Towards this end, we will develop and improve data training opportunities for civil servants, building on No.10’s data masterclass for senior leaders, the GDS Academy, the ONS’ Data Science Campus, and the cross-government Data Science Accelerator programme. Additionally, CDDO will provide professional leadership to the DDaT function, and collectively shape strategy and assure delivery for digital, data and technology across government. Together with a government Chief Data Officer, a pivotal role that will sit within CDDO, this will provide the professional leadership and support needed for the DDaT and wider government community to fully leverage the value of data held across the public sector.

Accountability and productivity: Respondents support plans to review open data publication and decision making processes to ensure consistency, and to support the development of interoperable metrics for measuring the onward impacts of published data. To this end, work is underway in CDDO to strengthen the Technology Code of Practice and Service Manual in relation to data. Together with existing spend controls they will help drive the adoption of data standards and better data management practices.

Ethics and public trust: Respondent feedback has underscored the need to focus on the following actions in order to improve transparency, promote responsible data use and build public trust. We are working to:

1. Increase transparency in algorithmic-assisted decision making across government

2. Embed the Data Ethics Framework across government processes and departments

3. Embed Data Ethics as a capability in relevant government professions. This will also draw on the work of institutions such as the National Statistician’s Data Ethics Advisory Committee and UKSA Centre for Applied Data Ethics in statistics and research.

Mission four: Ensuring the security and resilience of the infrastructure on which data use relies (Questions 14-17)

Questions 14-17 focussed on Mission four: Ensuring the security and resilience of the infrastructure on which data use relies. We sought respondent views on responsibilities and requirements for data infrastructure service providers in ensuring the security, continuity and resilience of service supply, and asked how clients can assess the robustness of providers’ security protocols. We also asked respondents to identify roles for government, providers, their supply chain and clients in ensuring high standards of security, as well as any risk factors to be managed. Finally, we sought respondent views on the role of government in ensuring that data does not negatively contribute to carbon usage.

Respondents tended to agree that virtual and physical data infrastructure services providers should be placed under certain responsibilities and requirements to provide data security, continuity and resilience of service supply. This includes, but is not limited to: regulation and accreditation, compliance with codes of practice and critical national infrastructure. A number of respondents also proposed developing specific security frameworks for virtual, cloud and managed service provider (MSP) infrastructure.

Respondents outlined a range of methods employed by clients to assess the security protocols of prospective data infrastructure services, although the most commonly cited method was standard adherence assurances by providers. Many respondents also identified barriers preventing clients from obtaining their desired levels of security. To overcome these barriers, some respondents proposed clarifying the responsibilities between providers and clients and government creating or endorsing security and resilience standards.

Overall, most respondents invited the government to play a role in ensuring the security and resilience for the infrastructure on which data use relies. They referenced a range of avenues to do so, including legislation, regulation, standards, public sector procurement requirements, contractual clauses and audits. Respondents supported a model of shared responsibility for security and resilience data service providers and their clients. Broader challenges raised by respondents included fragmented regulatory regimes, rapidly changing markets, and the rising threat of ransomware.

Respondents identified cyber security threats as the most common risk factor in managing the security and resilience of the infrastructure on which data relies, covering the protection of networks and servers from attacks and unauthorised data access.

Government response

Responses to the consultation have reinforced our view of the importance of this category of infrastructure. The COVID-19 pandemic has also highlighted its criticality to digital and online activity; from homeschooling to the operation of assets within our critical national infrastructure to on-demand video streaming. As such, the government has already taken action to ensure that data and its supporting infrastructure is secure and resilient in the face of established, new and emerging risks, protecting the economy as it grows.

We have ensured that the critical staff working in data centres were granted key worker status, demonstrating the importance of the sector and its maintenance. We also considered responses to consultation on the definitions of sectors in scope of the mandatory notification regime, which will be introduced alongside the National Security and Investment Act. The government has proposed data infrastructure as one of the sectors in scope of mandatory notification.

The legislation, which received Royal Assent on 29 April, will provide the government with a strong lever to mitigate national security risks while minimising the impact on businesses in the sector.

Nevertheless, National Data Strategy consultation feedback has suggested that we need to do more. Responses will form an important part in shaping the steps required to build confidence in, and set a stronger risk management framework for, the security and resilience of the infrastructure on which data use relies. We want to build resilience across the UK to the risks we face, as set out in the Integrated Review of Security, Defence, Development and Foreign Policy. The government already imposes safeguards and enforcement regimes to ensure that our data is handled responsibly. Going forward, we will take a greater responsibility in ensuring that data is sufficiently protected when in transit, or when stored in external data centres.

Finally, recognising that the infrastructure on which data use relies forms an integral part of the wider digital ecosystem, DCMS is working with the National Cyber Security Centre to develop a security framework for MSPs to support the effective management of the cyber risks associated with MSPs. Government is consulting with industry as part of a public Call for Views on supply chain cyber security and MSPs to better understand how organisations manage the risks associated with their suppliers.

Ensuring that data does not negatively contribute to carbon usage in the UK

Over three-quarters of respondents supported a greater role for the government in ensuring that data does not negatively contribute to carbon usage. Some believed the government should begin by setting sustainability standards and policies for government use of data; many others envisioned a role for government in the wider economy, highlighting the potential for data to support the UK’s Net Zero, UN SDG and COP26 ambitions. However, respondents underlined the importance of considering the whole data life-cycle, for example the carbon emitted while storing data, and the need to manage the environmental footprint of increased data use.

Respondent feedback aligns with ongoing work led by DEFRA to encourage responsible and resilient ICT and digital services across government. The Greening Government: ICT & Digital Services Strategy 2020-2025, for example, seeks to develop the transparency, accountability, responsibility and resilience needed to reduce carbon emissions and costs associated with government procurement. We are also embedding sustainability as a key decision point and principle for the design and approval of government-owned digital systems and services, as well as in our central procurement frameworks such as the cloud. Annual government reports will continue to monitor government’s efforts to decarbonise our digital and data infrastructure, the move towards a circular economy and the implementation of Social Value.

Mission five: Championing the international flow of data (Questions 18-19)

Questions 18-19 of the consultation focussed on Mission five: Championing the international flow of data. We asked respondents how the UK can improve on current international transfer mechanisms, whilst appropriately safeguarding personal data. We also sought respondent views on the new UK data adequacy arrangements, in particular how we can work effectively with stakeholders to ensure the best possible outcome for the UK.

The majority of respondents believed that the UK can improve on current international data transfer mechanisms by improving standards, rules and regulations and working to reduce unnecessary barriers to cross-border data flows. Some respondents recommended that the UK support alternative international data transfer mechanisms such as standard contractual clauses (SCCs) and binding corporate rules (BCRs). Others suggested considering discrepancies between transferring different types of data across borders, with highest levels of safeguarding needed for health and social care data.

Respondents considered EU data adequacy as a priority and highlighted the importance of continued engagement with EU authorities and institutions such as the European Data Protection Board (EDPB) to share experience and expertise. A number of respondents also identified the need to address the UK’s shortage of expertise in international data transfers, particularly amongst SMEs. This was accompanied by proposals for clear guidelines and templates to support organisations seeking to access digital services and transfer data across borders.

Respondents expressed broad support for the new UK Adequacy Assessment capability, provided that HMG sets out a clear mandate and guidelines for using this capability. These should align with the UK’s democratic values and include principles for responsible data sharing across borders. The US and EU were identified as priority countries with whom to secure adequacy arrangements. Japan, South Korea, Canada, New Zealand and Australia were also commonly cited, while several respondents called upon the UK to explore potential arrangements with emerging markets in Africa, the Middle East, South America and the Indian Subcontinent.

Government response

We all rely on data to access essential services, connect with friends and family and benefit from developments in science and research. The flow of data across borders underpins these services, as well as supporting other global business operations, supply chains and enabling trade.

Consultation feedback has revealed broad support for our international vision to position the UK as a global champion of safe and secure data flows, driving the international agenda on cross-border data exchange whilst maintaining high standards for data protection. Going forward, we will continue working to agree ambitious data provisions in trade agreements. These will seek to remove unnecessary barriers to cross border data flows, including specific commitments to prevent unjustified data localisation measures, and will maintain high standards of data protection.

Having left the European Union, we have the opportunity to use the new UK Adequacy Assessment capability to strike our own data partnerships with some of the world’s fastest growing economies. We look forward to announcing our priority countries for data adequacy agreement shortly. We intend to be open in our approach, publishing the relevant information and working with key stakeholders to support new opportunities for innovation and ensure that citizens’ data is appropriately protected in all adequacy arrangements.

The government welcomes the European Commission’s draft data adequacy decisions, which recognise the UK’s high data protection standards and set out that the UK should be found ‘adequate’. We now encourage the EU to swiftly complete the technical process for adopting and formalising these adequacy decisions.

Whilst supporting new and existing adequacy arrangements, the government will further explore the potential of alternative transfer mechanisms to provide a flexible framework for cross border transfer flows that protects UK personal data. We are working with the ICO to ensure that UK transfer mechanisms are deployed pragmatically and creatively. This includes using repatriated UK powers to develop new UK SCCs, a new expedited process for the approval of UK BCRs. It also includes publishing new guidance on international transfers — for example, on the use of codes of conduct and certification schemes as transfer mechanisms.

Finally, drawing on the UK’s global influence and working with international partners, we will continue to champion the secure, trusted and interoperable exchange of data across borders. To this end, we will use regulatory diplomacy to bring together government, regulators, standards bodies and industry to influence rules, norms and standards on data. We will also continue to explore ways to improve data sharing and access across borders and promote international cooperation, seeking to build momentum on the G7 Data Free Flows with Trust Roadmap agreed under the UK’s Presidency.

Conclusion and next steps: Delivering the National Data Strategy

Consultation feedback has confirmed that the framework we set out in the National Data Strategy is fit for purpose and that we must now take action to ensure that we make the most of data’s many opportunities. We agree with respondents who said that data will play a vital role in delivering government’s ambitions across a range of policy areas and we will embed the framework across wider policy thinking, to create a shared frame of reference that has the potential to bring together and unify an extensive portfolio of activity.

The National Data Strategy has catalysed ambition across sectors, with the forthcoming Data Strategy for Health and Social Care demonstrating how the health and social care sectors can act as a trailblazer for better data use. The National Data Strategy is also a key component of the Integrated Review of Security, Defence, Development and Foreign Policy, which outlines how data innovation and management will be critical enablers of its Strategic Advantage pillar. As the Integrated Review is implemented across government, we will look to work with partners to capitalize on our strategic advantage as world leaders in digital and data use.

This strategic advantage is also reflected in ‘Build Back Better: Our Plan for Growth’, which notes how the digital sector is a major success story for the UK and emphasises the importance of growing more creative businesses around the country building on our advantages in foundational technologies like Artificial Intelligence (AI), quantum computing and digital twins. The strategic importance of data use will also be reflected in the forthcoming Cyber Strategy, Digital Strategy and Artificial Intelligence Strategy.

Going forward, our focus will shift to implementation — delivering across the Strategy’s five key missions as priority areas of action. This will include, but not be limited to, delivering against the commitments made in the framework strategy. To support effective delivery, we are structuring the implementation work programme around four core priorities. These are outlined below.

1. Monitoring: We are monitoring the delivery of the actions we committed to in the September publication. Annex A maps these initial actions to the strategy’s five missions, which will constitute the primary delivery channels for implementation. We are also developing a set of high-level indicators to support our ability to monitor the overall progress of implementation.

2. Governance: We are developing a governance framework to ensure clear lines of accountability for implementation. This will empower us to deliver the priority outcomes of each of the strategy’s missions. A cross-Whitehall National Data Strategy Implementation Steering Group will assume ultimate accountability for the strategy’s delivery.

3. Evaluation: Data use is a relatively novel policy area. We are currently scoping and assessing the most effective metrics for evaluating the success of our interventions to support implementation, as well as to ensure that the National Data Strategy delivers its intended outcomes.

4. Engagement: To ensure that we remain as open and collaborative in our approach as possible, we are creating a National Data Strategy Forum of key advocates and influencers, outlining our commitment to ensuring diverse perspectives inform the implementation of the National Data Strategy. This will draw together experts from a cross-section of stakeholder groups, facilitating collaboration across the data landscape. Given the cross-cutting nature of data and its far-reaching implications for our society and economy, it is important to recognise that the government cannot - and should not - deliver on the ambitions of the National Data Strategy alone.

Moving forward, to provide greater transparency, we will adopt a phased approach to future publications. This means that we will move towards publishing shorter, more frequent updates, focusing on developments relating to each of the strategy’s five missions.

Through these measures, we are confident that we can harness the power of data to enhance our economic and social prosperity and position the UK at the forefront of the digital transformation.

Annex A: Missions and actions

We are monitoring the delivery of the actions originally committed to in the September publication. This annex maps these actions to the five key missions, which will be used as the primary delivery channels for National Data Strategy implementation.

The National Data Strategy sets out a framework that we can continue delivering against, building on the initial set of commitments made. This is therefore an initial list of actions, and we will keep it updated as we identify new actions to drive forward the strategy. We will look to provide more regular updates building on this, ensuring that the strategy’s focus reflects the ever-evolving picture on data.

N.B. edits have been made to the wording of some of the original commitments to improve specificity and accuracy, improving our ability to monitor them moving forward.

Mission	Pillar	Action	Responsible Department
1: Unlocking the value of data across the economy	Data Availability	We will: - establish a cross-sector Smart Data working group, which will coordinate and accelerate existing Smart Data initiatives in communications, finance, energy and pensions, while providing recommendations to support the development of high-quality standards and systems across sectors - introduce primary legislation, when parliamentary time allows, to improve our ability to mandate participation in Smart Data initiatives and provide a legislative footing for all initiatives	BEIS
	Data Availability	We will respond to the Competition and Market Authority’s online platforms and digital advertising report and consider how its findings inform the establishment of a pro-competition digital markets unit.	DCMS / BEIS
	Data Availability	We will continue work to implement the recommendations of the Energy Data Taskforce and drive forward the Modernising Energy Data Access programme.	BEIS
	Data Availability	We will develop a clearer policy framework to identify where greater data access and availability across and with the economy can and should support growth and innovation, in what form, and what government’s role should be in supporting the market.	DCMS
2: Securing a pro-growth and trusted data regime	Data Availability	We will review and investigate how we can best improve the data standards and systems that underpin the detection of online harms such as child sexual abuse, hate speech and self harm and suicide ideation.	DCMS
	Responsibility	We will: - work in partnership with the ICO and other bodies to clarify aspects of the UK’s existing data regime that generate confusion or inertia, including by fast-tracking guidance and the use of co-regulatory tools - work in partnership with the ICO to lift compliance burdens wherever possible on businesses, especially SMEs - boost proactive advice and support for innovators, including via world-leading interventions such as the ICO’s regulatory sandbox	DCMS
	Responsibility	We will explore the role of privacy enhancing technologies to enhance consumer control and confidence.	DCMS
	Responsibility	We will explore further measures to ensure appropriate fairness, transparency and trustworthiness in private and third sector data use.	DCMS
3: Transforming government’s use of data to drive efficiency and improve public services	Data Foundations	We will launch a programme of work to tackle the cultural and coordination barriers to good quality data, including: - creating a central team of experts able to ensure a consistent interpretation of the legal regime around data sharing (Cabinet Office) - the Data Quality Framework (ONS) - Launching a Data Maturity Model for government (ONS/Cabinet Office) - building a data management community of good practice - learning and setting best practice and guidance through a series of demonstration – or ‘lighthouse’ – projects (Cabinet Office/ONS)	Cabinet Office / ONS
	Data Foundations	We will implement the recommendations of the ‘Joined-up data in government’ report to improve data linkage methods, application and skill sets across government.	ONS
	Data Foundations	We will commit to resolving the long-running problems of legacy IT and broader data infrastructure.	Cabinet Office
	Data Foundations	We will drive data discoverability across government through: - developing an Integrated Data Programme for government, which will provide a safe, secure and trusted infrastructure for government’s own data. This programme will facilitate collaborative analysis, between Departments and Sectors, that will support government to unlock the potential of linked data and build up data standards, tools and approaches, such as the Reference Data Management Framework (RDMF), to support policy makers with up to date evidence and analysis for policy development, improving public services and improving people’s lives. - creating a critical API catalogue, reference data catalogue, and data standards catalogue	ONS / Cabinet Office)
	Data Foundations	We will work to better support local government in maximising the benefits of data, for example through the MHCLG Data Accelerator Fund.	MHCLG
	Data Foundations	We will develop and validate a set of data principles to be applied across government.	Cabinet Office / ONS
	Data Foundations	We will set out a strategy for data standards across government to include: - clarity on where the DSA will mandate some standards - use of the DDaT spend controls process - a parallel controls process for APIs and Technology Code of Practice to ensure consistent adoption of data standards across government - a cross-departmental governance mechanism with the authority to enforce standards across government	Cabinet Office / ONS
	Data Foundations	We will recruit senior cross-government data leadership, including a Chief Data Officer to sit in the Central Data and Digital Office.	Cabinet Office
	Data Foundations	We will drive aligned governance structures across government through: - undertaking a review of governance structures for data within departments - ensuring central government departments include data management plans in their Outcome Delivery Plans.	Cabinet Office
	Skills	We will recruit leaders with data and digital skills across government to build a strong cadre of technical, policy, legal and analytical data experts in the centre of government.	Cabinet Office
	Skills	We will train 500 analysts across the public sector in data science by 2021, through the Data Science Campus at the ONS, the Government Analysis Function, CDDO and GDS. This will be reviewed in 2021 with a new capacity building strategy meeting the emerging needs of government up to 2025.	Cabinet Office/ONS
	Skills	We will deliver the range of actions to be outlined in the Public Sector Data Science Capability Audit.	Cabinet Office/ONS
	Skills	We will review the data training available to all civil servants and develop proposals to enhance and extend this offering.	Cabinet Office
	Skills	We will design a career pathway for data expertise in government.	Cabinet Office
	Skills	We will agree a shared definition of data expertise across central government.	Cabinet Office
	Skills	We will review the needs of local government in having the capabilities to manage, use and disseminate data.	MHCLG
	Data Availability	We will review open data publication and decision making processes to ensure their consistency; and support development of interoperable metrics to measure the impact of published data.	Cabinet Office
	Data Availability	We will drive use of the Digital Economy Act (2017) powers, as well as addressing barriers to data sharing more widely.	Cabinet Office
	Responsibility	We will run a national engagement campaign on the societal benefits of the use of government data.	Cabinet Office
	Responsibility	We will explore appropriate and effective mechanisms to deliver more transparency on the use of algorithmic assisted decision making within the public sector.	Cabinet Office
	Responsibility	We will work in partnership with the CDEI and other leading organisations in the field of data and AI ethics to pilot the proposed approach to algorithmic transparency this year, and consider what would be needed to roll it out across the public sector.	Cabinet Office
	Responsibility	We will promote the use of the government’s Data Ethics Framework across the wider public sector, support data scientists and data policymakers to build lasting capability for ethical data use; and disseminate knowledge, resources and case studies through the data ethics community.	Cabinet Office
	Responsibility	We will work with the CDEI to understand how to ensure public sector use of data is trustworthy, by exploring the potential for technical innovations, such as privacy enhancing technologies, and through research into public attitudes.	Cabinet Office
4: Ensuring the security and resilience of the infrastructure on which data relies	Responsibility	We will publish the Greening Government: ICT & Digital Services Strategy 2020-2025, that will look to address transparency, accountability, responsibility and resilience to reduce carbon and cost related to government procurement. Alongside this we will commit to producing a Data Sustainability Charter that will inform how government works with its suppliers to manage and use data sustainably.	DEFRA
5: Championing the international flow of data	Data Foundations	We will support the global effort on interoperability, which will facilitate the combination and cross-referencing of different data sources.	FCDO / ONS
	Data Foundations	We will collaborate with our international partners to build strong national statistical systems to drive economic growth and help to deliver inclusive, effective services.	FCDO
	Data Availability	We will seek ambitious provisions with trade partners – including current negotiations with the US, Australia and New Zealand – that remove unnecessary barriers to cross border data flows, with specific commitments to prevent the use of unjustified data localisation measures.	DCMS
	Data Availability	We will advocate for the importance of global data flows in the World Trade Organisation (WTO), G7, G20 and OECD.	DCMS
	Data Availability	We will draw upon the expertise of the UK Co-Chaired Data Governance Working Group under the Global Partnership on AI, work with international partners and explore approaches to international data access and sharing.	DCMS/BEIS
	Data Availability	We will establish an independent HMG capability to conduct the UK’s own data adequacy assessments for transfers of personal data from the UK.	DCMS
	Data Availability	We will review the transitional arrangements for international data transfers.	DCMS
	Data Availability	We will review the use of alternative transfer mechanisms which ensure that transfers of personal data outside the UK are appropriately protected.	DCMS
	Data Availability	We will seek positive adequacy decisions from the EU, under both the General Data Protection Regulation (GDPR) and the Law Enforcement Directive (LED), before the end of the transition period.	DCMS (GDPR) / HO (LED)
	Data Availability	We will support countries to take a more open approach to their data and will continue to play a leadership role on the open data agenda internationally.	FCDO / Cabinet Office
	Data Availability	We will develop methods to use big data and modelling analyses to support a greater resilience of vulnerable countries to extreme weather events and disease outbreaks, as part of our Official Development Assistance.	FCDO
	Data Availability	We will support the implementation of standards such as the International Aid Transparency Initiative open data standard, Extractive Industries Transparency Initiative and Infrastructure Transparency initiative.	FCDO / Cabinet Office
	Data Availability	We will work with international agencies such as the Red Cross and the UN to ensure data on crisis affected areas is handled safely, legally and ethically.	FCDO
	Data Availability	We will leverage our position as a founding member of the newly established Global Partnership on AI, collaborating with our international partners and drawing upon the expertise and recommendations on this agenda from the Responsible AI and (the UK Co-Chaired) Data Governance Working Group in particular.	DCMS / BEIS
Mission cross cutting	Skills	We will publish a working definition of data skills in the wider economy that sets out clear distinctions between data skills, digital skills and AI skills, and consider the benefits of providing information on pathways into data related careers.	DCMS
	Skills	We will consider the roles of the Alan Turing Institute, the National Innovation Centre for Data, the Open Data Institute, the Data Skills Taskforce, the AI Council, the UK Cyber Security Council, the Data Lab, and others in the data skills ecosystem for ways to improve the leadership and facilitation of new and better collaborations between industry, the public sector, universities and institutes.	DCMS
	Skills	We will work with the appropriate bodies to understand how data science is integrated into relevant technical qualifications, ensure that good quality data science courses are offered and that data related skills are given due consideration in their work to support emerging skills.	DfE
	Skills	We will test the most effective ways to teach foundational data skills to undergraduates in two ways – through offering modules including wider subjects such as AI, cyber and digital skills, and by integrating data skills in other subject areas. Universities will take part in the pilot on a voluntary basis.	DCMS
	Skills	We will examine ways of expanding the supply of advanced data skills across research engineers and professionals to help maximise R&D investments and to increase mobility across business and academia, and to foster the links between industry and universities at the regional level.	UKRI
	Skills	We will launch an online portal that will support businesses’ access to data skills training, helping signpost SMEs to good quality online training material matched to their technical data science capabilities and ambitions.	DCMS

Annex B: Detailed summary of findings from the National Data Strategy consultation

This document provides an overview of key findings from the consultation on the National Data Strategy, which took place between the 9th of September and the 9th of December 2020. This Annex complements the government response.

Methodology

The consultation on the National Data Strategy received 282 responses. Of these responses, 185 were submitted via SmartSurvey and 97 were submitted via email. A detailed coding framework was developed by DCMS analysts with support from the Office of National Statistics (ONS), enabling each response to be analysed systematically against a set of themes.

Drawing on grounded theory, the themes were iterated throughout analysis to fully capture the topics discussed in the consultation responses. In this way, the final themes from the coding framework cover the topics discussed by respondents and form the basis of this response. The respondents were categorised, for example by sector, to provide contextual understanding of who responded. A quality assurance process was undertaken to ensure consistency across analysis and categorisation.

Questions on the overall National Data Strategy

Q1. To what extent do you agree with the following statement: Taken as a whole, the missions and pillars of the National Data Strategy focus on the right priorities. Please explain your answer.

Almost three-quarters of respondents (76%) to this question agreed that overall, the missions and pillars of the National Data Strategy focus on the right priorities. The remaining respondents either disagreed (6%) or were ambivalent (18%).

Respondents who agreed with the questions on the overall strategy tended to welcome the publication of a single, coherent framework bringing together cross-government work strands and outlining HMG’s ambition to harness the power of data to build a world-leading digital economy, underpinned by trust. In particular, these respondents demonstrated support for the following aspects of the strategy:

1. The desire to transform the widespread perception held by individuals and organisations alike of data use as a threat to be managed to a strategic asset that can be used to boost productivity, drive innovation, improve service delivery and facilitate research and development. To cite one respondent, the strategy constitutes “a sensible framework upon which to build the policies and measures necessary to transform data from being shunned as a toxic liability [and security risk] to becoming a critical fuel for efficiency and growth, leading to it being nurtured and harnessed as the strategic asset that it represents.”

2. The ambition to improve data availability to support policy making within government and to drive growth, innovation and research across the wider economy.

3. The acknowledgement of poor data quality, and relatedly, the lack of agreed data standards, as barriers to effective data collection, use and sharing.

4. The strong focus on building foundational and technical skills across the UK population, with one respondent asserting that data skills “should be seen as equivalent to basic English literacy.” This was sometimes accompanied by support for the strategy’s positioning that people should be active agents in the data economy.

Respondents who disagreed with the questions on the overall strategy tended to highlight the need to ensure that the benefits of the data revolution are felt by all sections of society, including protected groups, across all parts of the UK. One respondent, for example, argued that the strategy should “portray the promotion of data use that benefits...people and groups, as well as innovators and technologists”; others contended that government has a primary duty of care to ensure data delivers positive and fair outcomes for UK citizens.

This perspective that people should be at the heart of the National Data Strategy was accompanied by proposals to establish governance structures and ethics frameworks promoting accountable, transparent and ethical data use in the UK. These were often considered as means for two complementary ends:

1. Upholding our democratic values: Good governance and ethical data use were often considered necessary for ensuring that citizens’ rights are protected as the strategy is implemented. This will allow the government to fulfill its duty of care to UK citizens by ensuring that data works for people and society, and that any potential risks of greater data use are mitigated. One respondent compared this duty of care to a “social contract” between government and citizen, in which government was responsible for mitigating against the risks of increased data use through the establishment of regulation, checks and balances and systems of governance.

2. Nurturing trust in data: Good governance and ethical data use were thought of as facilitating building and maintaining public and business trust in data use, which many respondents identified as a prerequisite for the strategy’s success. This is due to the fact that people will only be willing and businesses will only be confident to share and use data “in the context of trust and understanding.” As one respondent suggested, “[i]t is only by building trust that government and business will be able to reap the benefits [and] opportunit[ies] presented by data. Trust will, in itself, provide a spur to innovation and growth.”

Furthermore, many respondents urged government to further consider the relationship between data and sustainability. These respondents tended to believe that government has a duty to ensure that the National Data Strategy supports the UK to become more environmentally sustainable. To cite one respondent, “there is a strong international and moral obligation for the [UK] to align its economy, growth and society in ways that fulfill emissions and other environmental targets”; the National Data Strategy needs to focus more on sustainable growth and further consider “our environmental and climate stewardship”.

Many respondents highlighted the potential for data to realise the UK’s net-zero emissions, UN SDGs and other sustainability targets. TechUK, for example, argued that “data will be at the core of the net zero transition, enabling emissions monitoring as well as data-driven applications and services underpinning emission savings across sectors.” Respondents made specific recommendations, including proposals to create a cross-Whitehall Data Taskforce for Net Zero and to develop a digital twin of the UK’s natural environment. Respondents also underlined the importance of considering the potential environmental consequences of increased data use, such as the carbon emitted by data centres.

Respondents sought clarity over the government’s plan for implementation. In developing the National Data Strategy delivery plan, they suggested considering the following.

1. Developing guidance and oversight bodies to promote responsible data collection, use and sharing.

2. Harnessing the power of data to level-up UK regions. This relies on ensuring all regions are connected and have equal access to investment, data skills opportunities and digital technologies.

3. Mitigating against the potential risks of bias in data-driven decisions, particularly for protected, marginalised and minority groups.

4. Ensuring continued collaboration with a range of stakeholders from industry, academia, civil society and local/regional governments.

5. Strengthening engagement and open dialogue with the UK general public.

6. Outlining a clear vision of success - that is, as one respondent asserted, “what the intended future will look like - and indeed what it will not” if the strategy’s missions are accomplished, the pillars improved across the UK data ecosystem and the opportunities of better data use realised. This was often accompanied by the view that the ambitions of the strategy are a long way from the realities of data use in the UK, placing a strong onus on developing a clear and pragmatic delivery plan.

Q2. We are interested in examples of how data was or should have been used to deliver public benefits during the coronavirus (COVID-19) crisis, beyond its use directly in health and social care. Please give any examples that you can, including what, if anything, central government could do to build or develop them further.

Respondents submitted a high volume of cases studies, highlighting how data use has delivered public benefit during the COVID-19 pandemic to-date. This includes the following themes:

1. We heard how data was used to provide priority services to vulnerable groups. For example, Suffolk Office of Data and Analytics (SODA) used data to identify those vulnerable to COVID-19’s implications - clinically, socially, financially, and therefore in need of proactive support from the local authority.

2. Respondents also provided examples of using data to respond to the changing needs of consumers. For instance, Citizens Advice made extensive use of their consumer data during the Covid-19 pandemic, capturing key data and sharing it (in anonymised form) to inform energy suppliers and networks to help them understand the key issues emerging among their customers as quickly as possible when consumers contacted them. This work was synthesised into a best practice guide for energy suppliers and networks.

3. We also heard how data was used to understand how travel patterns were changing as the pandemic evolved. For example, Transport for London (TfL) used ticketing and other transport system data to create a suite of reports and outputs to provide insight into how people were travelling during the Pandemic. Due to the information being readily available in a timely manner, TfL were quickly able to identify overall trends and travel hotspots for TfL operational teams, and for Government to understand activity levels in London. TfL’s Travel Demand Management team drew on this data extensively to deliver targeted communications to busy areas and to work with stakeholder groups to encourage customers to travel at quiet times.

4. We also heard how data is being used to support small businesses. For example, through its economic observatory, Edinburgh’s Global Open Finance Center of Excellence - an industry-academic collaboration, used business data to provide real time regional and sectoral insights to better understand the impact of COVID-19 on SMEs. The aim is to provide better informed and targeted relief efforts to accelerate the recovery of small businesses.

Q3. If applicable, please provide any comments about the potential impact of the proposals outlined in this consultation may have on individuals with a protected characteristic under the Equality Act 2010.

Respondents to this question repeatedly raised the potential risks of bias in data-driven decisions to individuals with a protected characteristics. They often recognised that the inherent challenge of eliminating bias, which can emerge not only when datasets are inaccurate, of poor quality and unrepresentative, but also when they accurately reflect unfair, discriminatory or biased aspects of society. As one respondent asserted, “society naturally categorises people, and this can be reflected in datasets,” meaning that individuals and groups represented in datasets can be “adversely affected by the underlying bias derived from society.”

Whilst acknowledging the challenge of eliminating data bias altogether, respondents made concrete recommendations for mitigating against the negative implications of bias in data-driven decisions. Key proposals are listed below.

1. Consider the wider context and social implications of decisions formed using data.

2. Develop ethics frameworks, best-practice guidelines and impact assessments to mitigate against any potential discrimination in data-driven decisions.

3. Ensure human oversight of all data-driven decisions and establish governance structures to promote transparency, accountability and responsible data use.

4. Engage and consult individuals with a protected characteristic and other marginalised or vulnerable groups to ensure that they are not negatively impacted by data-driven decisions

With appropriate governance, accountability and ethical frameworks in place, many respondents highlighted the importance of using data about individuals and groups to promote equality and fairness in our society. Data on protected characteristics and other information such as socio-economic status can identify and thus support efforts to tackle instances of bias, discrimination or inequality. This data can also be used to identify and target support to the most vulnerable members of our society, as has been demonstrated by the use of Shielding List data during the pandemic to provide essential services and deliver essential goods to vulnerable individuals.

Finally, respondents emphasised the need to ensure that all citizens across all regions can access digital technologies and are equipped with the necessary skills to use these technologies effectively. These respondents also tended to stress the need to ensure that individuals with disabilities, those without detailed data profiles and those who lack access to digital technologies are considered in public service design and delivery. As one respondent asserted, “digital-first should not imply digital only”; government and public sector organisations must also offer non-digital services to all citizens.

Q4. We welcome any comments about the potential impact of the proposals outlined in this consultation on the UK across all areas, and any steps the government should take to ensure that they take account of regional inequalities and support the whole of the UK.

There was a general consensus amongst respondents that the National Data Strategy can support the UK regions to level-up.

Many respondents noted that the shift to remote working during the COVID-19 pandemic could spur future investment and economic activity across the UK, thereby shifting emphasis away from London and the South East as “the central hub for business” in the UK.

Certain respondents also called attention to the absence of physical constraints on where data analytics work can be performed given the relative ease of building digital infrastructure, highlighting an opportunity to develop data ecosystems across the UK. As one respondent argued, in contrast to “expensive, slow and static” physical infrastructure projects, digital infrastructure “can be built quickly, leveraged with private investment and is very responsive”, while “the human capital needed to drive data economies are not predicated on historical or geographical constraints”.

Others emphasised the role of improving data availability at the local-level in driving innovation and productivity gains across regional economies. These respondents tended to highlight the importance of creating consistent data standards across the four UK nations.

Finally, respondents underlined how data can be used to gain greater insight into the nature and scope of inequality across all parts of the UK, as well as to monitor, evaluate and improve government efforts to support levelling-up.

However, respondents argued that to fully harness the power of data to support levelling-up - and, indeed, to avoid widening regional inequalities - the National Data Strategy should further consider how all people, in all places can participate in the digital transformation. Key recommendations are listed below.

1. Respondents argued that connectivity will be a prerequisite for the successful implementation of the National Data Strategy across all all parts of the UK. This is because, as one respondent highlighted, “poor connectivity in specific localities will prevent those living there from taking part in the modern data driven economy that the Strategy envisages.”

2. Likewise, to participate in a data-driven and digitised economy, respondents noted that all citizens need to be able to access and use digital technologies and services. This places a greater onus on government to ensure that data skills training and educational opportunities are available to all citizens, as well as to improve the roll-out of digital technologies to deprived communities.

3. Respondents also stressed the need for both private and government investment in data assets and the infrastructure on which data use relies to promote job creation and productivity gains across all parts of the UK.

Finally, many respondents underlined the necessity of a two-way conversation between central and local/regional governments. They often stressed the need to develop common standards, share knowledge and expertise and improve local-level access to data held by the central government. They also tended to recommend continued engagement as the National Data Strategy is refined and implemented, in order to ensure that the different needs and levels of data maturity of particular regions are factored into central government policy and practice.

Questions on Mission one: Unlocking the value of data held across the economy

Q5. Which sectors have the most to gain from better data availability? Please select all relevant options listed below, which are drawn from the Standardised Industry Classification (SIC) codes.

• Accommodation and Food Service Activities
• Administrative and Support Service Activities
• Agriculture, Forestry and Fishing
• Arts, Entertainment and Recreation
• Central/Local Government inc. Defence
• Charity or Non Profit
• Construction
• Education
• Electricity, Gas, Steam and Air Conditioning Supply
• Financial and Insurance Activities
• Human Health and Social Work Activities
• Information and Communication
• Manufacturing
• Mining and Quarrying
• Transportation and Storage
• Water Supply; Sewerage, Waste Management and Remediation Activities
• Wholesale and Retail Trade; Repair Of Motor Vehicles and Motorcycles
• Professional, Scientific and Technical Activities
• Real Estate Activities
• Other

Respondents tended to identify public service-oriented and regulated sectors as having the most to gain from better data availability. However, many respondents highlighted the fact that improving data availability could deliver benefits to all sectors, including those where the value of data is lagging.

Many respondents also noted the benefits of data sharing between sectors, and common challenges to realising these. Some respondents suggested that Government should develop cross-cutting solutions to tackle certain barriers to data availability, with sector-specific variations where appropriate.

Certain respondents suggested that it may be more appropriate to consider how improving data availability could impact particular ecosystems using data for a particular goal, such as the UK’s net zero ambitions or the levelling-up agenda, rather than thinking about data availability in terms of the benefits delivered to specific sectors.

To measure the impact of improving data availability in the UK, respondents suggested a range of metrics, including GDP value-added, the impact on distinct demographic groups, and the contribution to policy initiatives such as the government’s 2050 net zero target and the levelling-up agenda.

Q6. What role do you think central government should have in enabling better availability of data across the wider economy?

Q6a. How should this role vary across sectors and applications?

Respondents tended to welcome a government-led framework for intervention to improve data availability and envisaged a greater role for government in improving data availability where doing served a clear public interest. However, views diverged over the appropriate level of government intervention in the wider economy where no clear public interest could be identified.

Respondent views varied in terms of the best government approach to support better data availability across the economy. Some respondents favoured a market-aware approach in which the government enabled and incentivised greater availability, including through leading by example, and cautioned that a more directive approach risked creating barriers to innovation. Others called for the government to leverage its convening power to support cross-industry data-sharing and collaboration with international partners, whilst some even suggested legislation to support better data availability.

There was a widespread recognition of the need for an institutional landscape to support future data markets, in part to manage the risks of sharing personal and non-personal data. Many respondents suggested the potential for innovations such as Privacy Enhancing Technologies (PETs) to mitigate against the commercial, legal and ethical risks of data sharing.

There was a widespread view amongst respondents that the government should lead an open conversation around data sharing to foster a greater understanding across sectors of associated costs and benefits of data sharing, as well as to develop robust mechanisms to mitigate against any potential risks. Many of these respondents considered cross-industry and international collaboration and mutual learning as the first step in tackling common barriers to data availability across the UK economy.

Q7. To what extent do you agree with the following statement: The government has a role in supporting data foundations in the wider economy. Please explain your answer.

There was a general consensus that supporting data foundations (data that is recorded in standardised formats, easily retrievable and accessible when needed, is protected against unauthorised access and usage, and is sufficiently up to date) in the wider economy was an under-recognised prerequisite for better data availability. Key foundational objectives identified by respondents included the need for shared infrastructure, resources and standards to ensure that available data is of appropriate quality, interoperable and used in an ethical manner.

Respondents also identified a number of barriers to developing better data foundations across the economy, including the lack of skills to ensure effective data management, demand for recognised data management professionals, or awareness of the value of investing in data foundations.

Despite a widespread acknowledgment of the need for intermediaries to support better data foundations in the economy, respondents were ultimately divided over the role of government. Whilst some believed that the government should support an industry-led approach, others contended that an industry-led approach would be unfair, inefficient, and hinder market participation.

Effective data stewardship - ensuring safe and efficient data use - was a cross-cutting theme, along with discussion of enabling legal frameworks and professions for data markets to develop.

Q8. What could central government do beyond existing schemes to tackle the particular barriers that small and medium-sized enterprises (SMEs) face in using data effectively?

The majority of respondents identified resource constraints as the key distinguishing factor between the needs of SMEs and the needs of the wider economy. In particular, respondents suggested that SME market participation was often hindered by a lack of access to data and data skills shortages.

With this in mind, the potential resource savings of improving data foundations was often cited as delivering benefits to SMEs in particular, whilst access to data was often cited as an enabler of market participation.

In regards to regulatory compliance, respondents ranged from a belief that such compliance constituted a burden and restrictor for SMEs, to a belief that regulatory certainty enabled SMEs to innovate and grow.

Q9. Beyond existing Smart Data plans, what, if any, further work do you think should be done to ensure that consumers’ data is put to work for them?

Respondents displayed widespread support for the government’s existing Smart Data Plans, emphasising the importance of customer control and transparency - and to a lesser extent standards and regulation - for building trust in data sharing initiatives. They tended to welcome the government’s coordinating role in the existing Smart Data Plan, as well as to encourage greater engagement with consumers and industry alike.

Beyond existing Smart Data Plans, respondents encouraged the government to explore ways of identifying clear benefits of smart data, monitor and evaluate the progress of existing initiatives, and introduce new smart data schemes in sectors such as health, education, retail and transport.

Additionally, certain respondents felt that consumers’ data should not just work for them, but also for the wider public interest. As an example, they tended to suggest greater use of anonymised or aggregated data to inform policy decisions, particularly at the local level.

In relation to both existing Smart Data plans and suggestions for further work to ensure consumers’ data is put to work for them, many respondents identified an urgent need to educate consumers. These respondents stressed the need for consumers to understand their data rights, the ways in which their data can be shared, and how to safely and confidently navigate data sharing processes.

Questions on Mission two: Securing a pro-growth and trusted data regime

Q10. How can the UK’s data protection framework remain fit for purpose in an increasingly digital and data driven age?

The vast majority of respondents displayed support for a UK data regime that maintains high data protection standards and encourages data sharing, without creating unnecessary barriers to responsible data use or sharing.

Responses indicated support for a more flexible regime focussed on risk and outcomes rather than the paperwork of compliance. According to respondents, this should build on the existing legislative framework (UK GDPR and Data Protection Act 2018), and account for lessons learned from the COVID-19 crisis about trustworthy, effective and secure data use and sharing to deliver public benefit.

Many respondents highlighted the importance of ensuring interoperability between the UK’s regime and other regimes to ensure the secure, seamless transfer of data with trusted partners such as the EU. This was considered as a priority for businesses operating internationally.

Achieving data adequacy was consistently referenced as being of high importance to UK organisations, particularly to ensure a robust digital economy and access to wider markets without unnecessary burden.

There was also a broad consensus among respondents over the need to improve understanding of the UK data protection framework. For organisations, respondents underlined the need to develop clear, unambiguous guidance to foster greater understanding of best-practice and remove uncertainty about the rules. For citizens, respondents stressed the need to educate data subjects about their rights, the rules of consent and the ways in which their data can be collected, used and shared.

Finally, respondents stressed the importance of ensuring that the UK’s data protection framework can easily adapt to technological advances and changes in the data landscape. This stemmed from a widespread recognition that, to cite one respondent, “technology moves fast and the law moves slowly”.

When considering the scope and nature of reform to the UK’s data regime, responses also highlighted two potential areas of risk:

1. Risk to UK businesses: Many respondents underlined that businesses have invested heavily in the UK’s current legislative regime for data protection, and that any substantive reform would incur costs. They also noted the potential for reform to increase compliance burdens on organisations operating internationally, as they would be required to comply with multiple data protection regimes.

2. Risk to data subjects: Many respondents expressed concern that data reform risks weakening UK data protection standards, at the expense of citizens’ rights. These respondents tended to call for more proactive enforcement of the current framework by the Information Commissioner's Office (ICO).

Q11. To what extent do you agree with the functions set out for the Centre for Data Ethics and Innovation (CDEI) - AI monitoring, partnership working and piloting and testing potential interventions in the tech landscape? Please explain your answer.

Q11a. How would a change to statutory status support the CDEI to deliver its remit?

Respondents broadly agreed with the functions set out for the Centre for Data Ethics and Innovation (CDEI), with many stressing the need to focus on building public trust and finding the “right” balance between ethics and innovation. However, certain respondents sought further clarity over the Centre’s specific role in the regulation, monitoring and enforcement landscape.

A number of respondents believed that if the Centre assumes responsibility for overseeing and, where appropriate, regulating the use of data-driven technologies and AI across sectors, then it should receive greater resourcing and independence, as well as differentiation from other regulatory bodies such as the ICO.

Respondent views were divided over whether a change to statutory status would support the CDEI to deliver its remit. While some believed that a statutory status would clarify the Centre’s mandate, improve accountability and build public trust, others were content with its current footing and did not believe a change in status was necessary.

Questions on Mission three: Transforming government’s use of data to drive efficiency and improve public services

Q12. We have identified five broad areas of work as part of our mission for enabling better use of data across government:

1. Quality, availability and access

2. Standards and assurance

3. Capability, leadership and culture

4. Accountability and productivity

5. Ethics and public trust

We want to hear your views on any actions you think will have the biggest impact for transforming government's use of data.

Respondents displayed widespread support for each of the five areas of work for transforming government’s use of data. A detailed summary of respondent views on each of the five areas of work is provided below. Respondents did not propose alternative areas of work.

1. Quality, availability and access: Many respondents, particularly those working within the public sector, welcomed Quality, Availability and Access as essential in transforming government’s use of data. They tended to support government’s commitments to improve data quality, increase data availability, sharing and interoperability, and tackle technical barriers to the use and re-use of data. Respondents outlined that the key actions to improving data quality and access were the promotion of a data sharing culture and data management best practice, enabling more open data, and a more explicit focus on governance, transparency and building public trust. A number of respondents felt that there was not enough emphasis on collaboration with academia and the private sector with some respondents also suggesting that the strategy should have more explicit focus on governance, monitoring and evaluation

2. Standards and assurance: The majority of respondents welcomed cross-government standards to improve data interoperability, but underlined the importance of using existing open standards. Responses referenced the importance of common data standards in relation to a number of aspects of data, including data formats, geospatial data, data governance and the exchange of data via APIs. Many respondents also identified a role for the government in shaping global data standards, stressing the importance of looking beyond UK borders to support international data transfers.

3. Capability, leadership and culture: Approximately 40% of respondents identified capability, culture and leadership as a key government priority, repeatedly calling on the government to recognise the importance of nurturing a culture of data literacy. This was highlighted both in the context of senior leaders and politicians needing data skills to promote and champion the use of data in their departments, but also more generally in that all civil servants and public sector workers should have a foundational level of data literacy. There were a number of references to the recruitment of a Government Chief Data Officer, and the criticality of that role in driving a culture of data-driven decision making.

4. Accountability and Productivity: Respondents supported the need to ensure transparency in government’s use of data, particularly in its approach to data sanitisation and retention. They also highlighted the need for clear accountability in government, with widespread support for open data as a mechanism for accountability that enables citizen oversight. They encouraged the government to collaborate more effectively in developing regulation and open standards, and stressed the importance of consistent data publication approaches across governments. Respondents called for more robust and openly accessible data infrastructure. This would, according to respondents, enable more widespread understanding of government’s data assets. Finally, respondents suggested that more effective use of government data promotes stronger accountability.

5. Ethics and Public Trust: The majority of responses focused on data ethics agreed that ensuring appropriate ethics mechanisms and working to increase public trust should be prioritised in the strategy. There was a wide support for the ambition to increase transparency in algorithmic-assisted decision making and for the Data Ethics Framework as a tool for addressing and mitigating ethical concerns when working with data in the public sector. Responses stressed that data ethics should be at the heart of government data operations and emphasised the need for improving ethical norms and standards to guide data sharing across the government. Recommendations included improving accountability structures for data ethics tools and making Data Ethics a recognised DDaT Capability Framework profession for all government teams, and introducing skills programmes focused on data ethics. Respondents also expressed tangible support for the use of ethical values, tools and data ethics assessments, and underlined the need to understand the Responsibility Pillar as relevant to all aspects of the strategy.

Q13. The Data Standards Authority is working with a range of public sector and external organisations to create a pipeline of data standards and standard practices that should be adopted. We welcome your views on standards that should be prioritised, building on the standards which have already been recommended.

Respondents suggested a variety of areas for the Data Standards Authority (DSA) to prioritise, including metadata, geospatial identifiers, data governance, data protection and privacy, APIs, data formats, and identifiers of both people and organisations. They also stressed that the DSA should ensure all standards meet user needs and that its work should be guided by transparency, accountability and fairness.

Additionally, a number of respondents highlighted the importance of proactive engagement with professional bodies on specific standards, and regular consultation with expert bodies such as the British Standards Institute (BSI), the Information Commissioner’s Office (ICO) and the Centre for Digital Built Britain’s (CDBB) National Digital Twin programme.

Questions on Mission four: Ensuring the security and resilience of the infrastructure on which data relies

Q14. What responsibilities and requirements should be placed on virtual or physical data infrastructure service providers to provide data security, continuity and resilience of service supply?

Q14a. How do clients assess the robustness of security protocols when choosing data infrastructure services? How do they ensure that providers are keeping up with those protocols during their contract?

Respondents generally agreed that virtual or physical data infrastructure service providers should be placed under certain responsibilities and requirements. The most commonly cited proposal was regulation and accreditation, with many respondents suggesting the importance of data service providers adhering to standards, including those developed by the International Organisation for Standardization (ISO), as well as to National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) guidance.

Respondents also proposed the responsibilities and requirements listed below.

1. Compliance with codes of practice and GDPR;

2. Auditing using performance metrics;

3. Data centre upkeep and security;

4. Supply chains and procurement;

5. Critical National Infrastructure; and

6. Transparency over the location of client data.

Many respondents focused specifically on the responsibilities and requirements that they believed should be placed on cloud providers. Some felt that cloud providers should have a specific security framework, and provide customers with the ability to move their data from one platform to another. While respondents generally agreed that cloud security was a shared responsibility, several also highlighted the need for all parties to have a clearer understanding of this division.

Respondents identified a variety of methods to assess the robustness of security protocols when choosing infrastructure services, although the most commonly cited method was the use of audits. Other methods referenced in the responses included the following.

1. Assessing the providers’ adherence to standards - including ISO 27001, ISO/IEC 19086-1:2016 and NCSC’s Cyber Essentials - as well as providers’ policies, procedures, personnel vetting, compliance documentation, and security culture;

2. Performing penetration testing, pre-contract security assessments and on-site visits;

3. Signing contracts, Service Level Agreements, or provisions allocating responsibilities to different parties and clearly outlining potential risks

Relatively few respondents outlined methods used by clients to ensure that providers maintain robust security protocols during their contract; those who did mentioned the use of regular reviews, reporting requirements and audits.

However, many respondents outlined barriers faced by clients in getting their desired levels of security. In particular, they highlighted the lack of transparency or visibility surrounding providers’ practices, in addition the lack of client expertise or skills required to navigate complex contracts, the use and selection of standards, and the allocation of roles and responsibilities. Some respondents also indicated that the prevalence of a few large providers in the market created additional difficulties for clients in understanding the risks and implications of different providers.

To overcome these barriers, some respondents proposed clarifying the responsibilities between providers and clients and government creating or endorsing security and resilience standards. Others highlighted the need to support clients’ development of skills and knowledge, to develop voluntary standard contractual clauses and offering opinions approved by the government, and to create accreditation or audit capabilities.

Q15. Demand for external data storage and processing services is growing. In order to maintain high standards of security and resilience for the infrastructure on which data use relies, what should be the respective roles of government, data service providers, their supply chain and their clients?

Overall, most respondents invited the government to play a role in ensuring the security and resilience for the infrastructure on which data use relies. They referenced a range of avenues to do so, including legislation, regulation, standards, procurement decisions, contractual clauses and audits.

In particular, respondents suggested that the government set, endorse and enforce standards and best practice for ensuring the security and resilience of the infrastructure on which data use relies, which could be used for service provider certification. They should build upon, or at least align with, existing frameworks and avoid creating conflicting obligations. Respondents also suggested that the government has a role in maintaining competitive markets for service providers, including for cloud infrastructure.

For data service providers and their clients, the model of shared responsibility for security and resilience was highlighted as a challenging, but nonetheless optimal approach.

Many respondents believed that data service providers and their supply chain should adhere to the letter and spirit of government regulations. They often identified contractual clauses and service-level agreements as key to ensuring the desired levels of security and resilience, provided they are clear and divide responsibilities between different parties. Several respondents also recommended that, where possible, service providers and their supply chain should adopt internationally recognised standards.

Many respondents also highlighted the need for clients to understand their own security and resilience requirements and share responsibility with suppliers for ensuring that these requirements are fulfilled.

In addition to outlining potential roles for government, data service providers, their supply chains and clients, respondents highlighted a number of challenges for the government in ensuring the security and resilience of the infrastructure on which data use relies. The key risks identified are listed below.

1. The fragmented regulatory and standards landscape;

2. The increasing threat posed by ransomware;

3. The rapidly evolving and complex nature of the data services value-chain;

4. The distributed nature of responsibilities for security and resilience; and

5. The risk of concentration in the cloud infrastructure market.

To address these challenges, respondents suggested the following solutions.

1. Building a UK-equivalent of the EU’s GAIA-X federation of data service providers, or indeed participating in GAIA-X itself;

2. Developing data centre and cloud security standards via the National Cyber Security Centre; and

3. Producing a scale of internationally recognised accreditation points with which to certify data service providers.

Q16. What are the most important risk factors in managing the security and resilience of the infrastructure on which data use relies? For example, the physical security of sites, the geographic location where data is stored, the diversity and actors in the market and supply chains, or other factors.

Respondents raised a wide range of important risk factors in managing the security and resilience of the infrastructure on which data use relies. These included cyber security, physical security, environmental safety, human factors, supply chain, ownership and markets, and the geographical location where data is stored.

Of the risk factors identified in responses, the most cited risk factor was cyber security, including the protection of networks and servers from attacks and unauthorised access. Environmental safety, in turn, featured the least commonly amongst responses.

Q17. Do you agree that the government should play a greater role in ensuring that data does not negatively contribute to carbon usage? Please explain your answer. If applicable, please indicate how the government can effectively ensure that data does not negatively contribute to carbon usage.

More than three-quarters of respondents to this question agreed that the government should play a greater role in ensuring that data does not negatively contribute to carbon usage.

There was a widespread view that the government should take a leading role in ensuring that its own data-related activities do not negatively contribute to carbon usage, as well as for setting standards and policy for sustainable data use across public procurement and in the wider economy.

Respondents highlighted the urgent need for the government and others to explore the role of data in delivering a greener and more sustainable economy, including how data can support the UK’s UN Sustainable Development Goals, Net Zero and COP26 ambitions. However, many also emphasised the importance of taking the whole life view into account when considering the impact of data on the environment, such as the carbon emitted during data processing and storage.

Questions on Mission five: Championing the international flow of data

Q18. How can the UK improve on current international transfer mechanisms, while ensuring that the personal data of UK citizens is appropriately safeguarded?

The majority of respondents asserted that better standards, rules and regulations would allow the UK to improve current transfer mechanisms whilst ensuring that UK citizens’ personal data is appropriately safeguarded.

Many respondents agreed that the UK should work internationally to reduce unnecessary barriers to cross-border data flows, including unjustified data localisation. However, many respondents also argued that the UK should seek to embody the global ‘gold standard’ for data protection, building on GDPR to develop a risk-based approach that protects personal data whilst minimising the compliance burden on organisations seeking to access digital services and engage in data transfers at the international level.

Approximately one third of respondents to this question identified maintaining EU data adequacy as an essential priority, with many stressing the importance of continued engagement with EU authorities and institutions. In particular, respondents highlighted the need for the ICO to continue cooperating with the European Data Protection Board (EDPB) to share experience and expertise.

A significant number of respondents also recommended that the UK explore alternative transfer mechanisms to adequacy arrangements, including Standard Contractual Clauses (SCCS) and Binding Corporate Rules (BCRs). Some also highlighted the need to consider discrepancies between transferring different types of data across borders, with highest levels of safeguarding needed for health and social care data.

Many respondents also highlighted the importance of enforcement in building business and consumer confidence in international data transfers. These respondents tended to underline the need for appropriate safeguards and sufficient policing of enforcement actions in order to allow higher confidence when transferring personal data to and from the UK. They also suggested a risk based approach is taken and for the government to introduce appropriate mechanisms in order to ensure potential harms of international data transfers to personal data protection do not outweigh the benefits.

Finally, respondents highlighted the need to address the shortage of expertise in establishing effective international data transfers and mitigating against technical, legal and security risks, particularly amongst SMEs. Certain respondents suggested clear guidelines and templates for international data transfers to support organisations seeking to access digital services and transfer data across borders.

Q19. What are your views on future UK data adequacy arrangements (e.g. which countries are priorities) and how can the UK work with stakeholders to ensure the best possible outcome for the UK?

In general, respondents supported the new UK Adequacy Assessment capability, provided that HMG sets out a clear mandate and guidelines for using this capability that align with the UK’s democratic values and include principles for responsible data sharing.

Whilst respondents welcomed a pragmatic approach to the new UK Adequacy Assessment capability, many cautioned against divergence from GDPR that risked weakening the UK’s data protection standards.

There was a widespread consensus amongst respondents that the US and EU should be prioritised for UK Adequacy Assessments. Japan, South Korea, Canada, New Zealand and Australia were also commonly cited, in addition to countries with whom the UK is engaged in ongoing trade negotiations, has reciprocal security and extradition agreements, or share similar data protection frameworks. Certain respondents also recommended that the UK explore opportunities in the Middle East (United Arab Emirates, Bahrain and Qatar), Africa (South Africa and Nigeria), the Indian Subcontinent and Brazil.

Contact and legal information

Contact details

This document contains the government’s response to the consultation on the National Data Strategy between 9th September and 9th December 2020.

If you have any comments or enquiries about this response, do not hesitate to contact us.

National Data Strategy team
DCMS
4th Floor, 100 Parliament Street
London
SW1A 2BQ
Email: <nationaldatastrategy@dcms.gov.uk>

Legal information

This consultation was designed in line with HMG’s Consultation Principles, with due consideration for the Public Sector Equality Duty.

Information provided in the course of this consultation may be disclosed in accordance with the Freedom of Information Act of 2000 (FOIA), UK GDPR and the Data Protection Act of 2018.

1. Framework is used to describe the whole national capability being established by the Geospatial Commission - policies, standards, skills, institutions, data, projects, partnerships. ↩