Privacy and Consumer Advisory Group

The Privacy and Consumer Advisory Group (PCAG) advises the government on how to provide users with a simple, trusted and secure means of accessing public services.


PCAG aims to ensure:

  • users are in control of their information
  • information isn’t centralised
  • users have a choice of who provides services on their behalf

They do this by providing independent review, analysis, guidance and feedback on government identity assurance and data-related initiatives, such as the Identity Assurance Programme.

Terms of reference


The UK Government is undertaking a variety of initiatives with implications for individuals regarding the use of their personal data and their privacy. These range from the Identity Assurance Programme to the use of patient records in the NHS, to interdepartmental data sharing and anti-fraud initiatives.

The success, credibility and viability of such programmes depend upon their trustworthiness. The Government requires independent review, analysis, guidance and feedback on these initiatives from organisations and individuals with expertise in the areas of privacy and consumer interests. To achieve this, the Privacy and Consumer Advisory Group (PCAG) has been established.


PCAG is a forum that:

  • provides an independent view on issues involving privacy and wider consumer concerns
  • brings together a broad range of expertise in privacy and consumer issues to engage with Government in an open and mutually-respectful environment where issues can be discussed candidly and honestly
  • ensures that Government programmes engage effectively to incorporate issues related to citizen privacy, trust and confidence during each of the design phases – from initial policy planning to requirements specification through to delivery, with the aim of improving the eventual design and implementation of the programmes
  • provides a channel for Government and wider public sector engagement with representatives from the privacy and consumer sectors
  • advocates and promotes privacy-friendly approaches to the handling of personal information
  • clearly communicates and explains privacy and consumer issues
  • develops and agrees PCAG’s key messaging, and monitors Government developments and the extent to which expert input is implemented

Governance and Membership

  • PCAG will be chaired by one or more of its independent members
  • The Chair will be elected by consensus amongst group members and hold office for a year. Where consensus is not possible the Chair will be elected by a simple majority of members.
  • The role of Chair may be shared across more than one member of the group with the majority agreement of group members. Acting Chairs may be appointed by consensus.
  • The Chair, or a designated person, may act on behalf of PCAG and represent the views of PCAG externally.
  • The Chair is empowered to act on behalf of PCAG in matters of importance and urgency that preclude full consultation. Any such instances shall be reported to the group at the earliest opportunity and subject to review for group ratification or dissent at the next PCAG meeting.
  • The Government Digital Service (GDS) will provide the Secretariat who will act in consultation with the Chair.
  • The membership of PCAG will comprise invited individual experts and nominated representatives from privacy organisations, consumer advocacy organisations, regulators and ombudsmen with specific interests in privacy and/or consumer affairs, relevant trade associations and other representative organisations.
  • GDS and other Government departments and agencies will participate as invited by PCAG, providing appropriate senior personnel able to address the agenda items arising at any given meeting and able to influence and intiate changes in the organisation they represent.
  • PCAG will review these terms of reference annually, together with its working methods, and also the balance of representation on the group to ensure it best meets its objectives.
  • PCAG will publish a brief annual report of its activities.
  • PCAG will act independently, taking its own view on the matters referred to it with freedom to publish its views without the approval of third parties, whilst also acting responsibly in relation to materials shared with PCAG that are not yet in the public domain.
  • Decisions will be reached by broad consensus of the group, with other members free to express divergent opinions.
  • Membership of the group does not preclude members from publicly speaking, writing or publishing on any topic within the remit of the group.


As appropriate, PCAG may remit work to one or more informal sub-groups, an individual or group of individuals, generally on an ad hoc basis as and when the need arises.


The group meets several times a year, subject to the availability of members. Minutes of the meeting are approved and published when the group next meets.

  • Meetings will usually take place every three months, although this may be varied with the agreement of members.
  • The schedule and dates of meetings will be agreed annually.
  • Proposed agenda items should be forwarded to the Chair and Secretariat, at least a week in advance of the next meeting.
  • The agenda and supporting documents will be circulated to members at least three working days in advance of the meeting.
  • A draft record of meetings will be issued where possible to members within seven working days of each meeting and be reviewed and agreed as a correct record by members.
  • The record of meetings will be published subject to any redactions necessary to respect the confidentiality of third parties.
  • The timing and length of meetings will be flexible, taking account of the agenda and of members’ views.
  • Meetings will be held under the Chatham House Rule: “When a meeting, or part thereof, is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed.” The published record of the meeting will reflect this approach unless agreed otherwise.
  • Attendees will not be subject to Non-Disclosure Agreements.
  • The Secretariat will maintain an Actions Log to record and manage progress in respect of actions raised by members at or between meetings
  • The Actions Log and any amendments thereto, will be issued with agendas and notes of the meetings.



Current members are:

  • Edgar Whitley (Co-chair): London School of Economics
  • Louise Bennett (Co-chair): Digital Policy Alliance
  • Chris Pounder: Amberhawk
  • Colin Griffiths: Citizens Advice
  • Silkie Carlo: Big Brother Watch
  • Steve Pannifer: Consult Hyperion
  • Guy Herbert: NO2ID
  • Tom Fisher: Privacy International
  • Gilad Rosner: Horizon Digital Economy Research Institute
  • Sam Smith: medConfidential
  • Swee Leng Harris: Luminate
  • Toby Stevens: Enterprise Privacy Group

Identity assurance principles

In 2014 PCAG updated its identity assurance principles following a consultation. The principles set out how the government’s identity assurance approach should meet users’ privacy and consumer expectations.