When governments work well, they safeguard citizens’ health, wellbeing, resilience and security, and they increase prosperity. To do this, they must respond effectively to the new, the unexpected and the game-changing. Industrialisation, mass transit and the internet are technological revolutions that have reshaped lives, nations and the planet. The explosion of digital data on each and every one of us is a new opportunity and challenge. What should governments do?
They should be catalytic, facilitating benefits and mitigating risks. We can gain enormously from sharing our data, personally and economically. Deloitte estimates that the value of the UK’s public-sector data alone in 2011 to 2012 is approximately £1.8 billion. Sharing data allows us to research, communicate, consume media, buy and sell, play games and more. In return, businesses develop products, scientists undertake research and governments use data to enable voting, inform policies, collect tax and provide better public services.
Making the case for using personal data is easier when the benefits are tangible. I am happy to give my data to the DVLA because it gives me a driving licence. Amazon recommends books I may have missed. Nectar provides me with discount vouchers.
There is a big role for government when the benefits are longer term or for the wider public good. One example is allowing researchers access to anonymised medical records (unless people have opted out). It is the government’s job to remind people of these opportunities, and indeed for care.data it is taking more time to do this. Equally, we benefit from the sharing of anonymised data in the private sector. I appreciate that my car’s sat nav warns me of congestion from data provided from masses of smartphones carried by drivers, but each of those signals pinpoints an individual at a particular place at a particular time.
So government and the private sector also have a responsibility to protect society from risks created by proliferation of personal data. And some of the biggest risks arise from the potential for a combination of one apparently anonymised data set with another to decrypt the identity of individuals by those intent on doing harm.
The best approach to risk is to identify and manage it. The degree to which stored data can be linked to a person, the strength of the technical barriers and the extent to which the desired level of privacy is monitored are all important.
Government must be vigilant, not frightened, of the risks of large data sets that contain information about us, and respond in a way that minimises these but does not lose sight of the benefits.
Data privacy is not a binary issue, to share or not to share - it is contextual:
- what data
- what aspect of the individual
- for what purpose
- with what security and governance arrangements
Policy debates need to acknowledge these nuances.
The web’s freedom is a fundamental strength and has helped give technology disruptive power, but can it be acceptable that it is now a wild west? It cannot be right that there is an asymmetry between the ability of criminals and terrorists to transact harm and law-enforcement agencies to hunt these individuals down.
At one extreme, shared data leads to fairness, opportunity and knowledge. At the other, the fabric of society is disrupted, the monopoly of state in law enforcement is disturbed, and ultimately we lose trust.
We must reap the benefits while minimising the risks - but we should never assert that we can eliminate these completely.