On 6th January 2016, a plenary meeting was held to review the latest data sharing proposals against the recommendations of the open policy making (OPM) process to check:
- That they fit with the spirit of what was discussed during the year long OPM process.
- What could be improved.
- Whether there were any aspects of the proposals that crossed any red lines.
The meeting was attended by representatives from privacy groups, civil society organisations and government. The meeting was opened by Rt Hon Minister for the Cabinet Office, Rt Hon Matthew Hancock MP.
Minister for Cabinet Office’s introduction
The Minister stated his hope that we can continue this relationship and dialogue which has existed for some time now. The data sharing discussion is vital historically. It is comparable to the printing press, which had huge and unpredictable consequences. The collapse in the cost of storing and transmitting data is having an impact on a similar scale.
The Minister stated that in government, we should be smart and thoughtful about responding to the discussion. We should be harnessing progress whilst at the same time protecting citizens’ privacy. The DPA works well and there is a broad consensus. But as technology develops, the legal framework needs to continue to be relevant whilst protecting the citizen. There was much progress in the last Parliament on modernising rules. But the rules are significantly out of date in many areas, so we need to update them today. We plan to run a normal consultation, but we also wanted to fully engage the wisdom, insight and collective experience of those in the room.
There are three areas of importance:
- Improving research and statistics.
- Tailored public services.
At the core core is striking a balance between harnessing the opportunities of data and protecting citizens. Ultimately the Minister does not see this as a trade-off. If we get it right we can improve the way data is used and managed, and make sure citizen protected. He underlined how important this is for the government. The end goal is a system that works better for citizens. It is an exciting new area of policy yet to reach full maturity.
Previous OPM proposals: De-identified Data
Simon Meats, Cabinet Office, presented the current version of the proposals for sharing de-identified data for the purposes of research and statistics (“the de-identified data proposals”), part of the set of proposals originally explored during the OPM process.
Simon talked through the key areas of agreement that have been covered in the OPM process to date.
- That the power is permissive across all public authorities (with the exceptions of health and social care) to share/link de-identified data for the purposes of research and statistics in the public interest.
- The use of models of data sharing (recommended by the 2012 Administrative Data Taskforce report*) that allow for such cross-linked research to take place whilst maintaining privacy protection for the data subjects by restricting the use of identity data.
- Oversight through a designated accreditation body for indexers and accredited secure access facilities.
Simon went on to describe how these main policy features have been reflected in draft legislation. There are detailed clauses describing processes in a way that strikes a balance between; transparency and robust legal definition, and flexibility for future - proofing. There are also provision for accreditation and commitments to transparency (publishing registers of accredited indexers, access facilities and researchers, for example).
The modifications that have taken place include:
- UKSA being named as the accreditation body,
- Limited delegated power for Minister to amend certain provisions by affirmative process,
- Unlawful disclosure provision.
The reasons for these modifications are that the UKSA is the only body to fit the criteria agreed through the OPM process, there is a need to ensure legislation can be adapted to cover new processes and that universal protection of data held by all public authorities to share data under this power will provide additional assurance.
The group reflected upon the proposal and were broadly supportive of its inclusion for consultation. The following questions were raised:
- Who adjudicates/arbitrates if a public authority refuses an application to share data under this power (i.e. should there be an ombudsman)?
- What are the potential impacts from local authority devolution?
- What about the effects of organisations leaving the public sector e.g. schools academy programme, with the consequent loss of data sources?
- With reference to implementation – what will/should be done to test the robustness of de-identification process?
- Is this simply a way of lowering the bar set in s.47 SRSA?
*Improving Access for Research and Policy, December 2012
Previous OPM proposals: Tailored Public Services
Jess Adkins, Cabinet Office, presented the Tailored Public Services (TPS) proposals.
Jess described the myriad of legal barriers which impact on the ability of public authorities to share data between them and identify which citizens are eligible for particular services or benefits, ensuring that the right people receive the right intervention or offer, at the right time.
The TPS power is designed to facilitate data sharing where it would directly benefit service recipients, by enabling authorities to better tailor services; as well as protecting privacy by restricting the authorities and the purposes involved in any particular share quite tightly.
The power is also future proofed to meet data sharing needs of public policy delivery as they change over time.
The key elements of the power are:
- The power is permissive. Data controllers retain the right to say no to a data share,
- The power is intended to benefit individuals – the purpose of a data share cannot be detrimental to individuals,
- Only specified public authorities – not private providers – can use the power.
A separate policy paper was developed in the OPM process, bringing together safeguards that were new with those already existing in practice/legislation. Draft clauses reflect where there is a need for new primary legislation, where existing legislation is reflected it will not be mentioned, and where legislation isn’t appropriate the safeguards will be included in the Code of Practice.
The OPM group discussed the proposal, generating several questions:
- Who makes the decision that the power is being used appropriately?
- How can you ensure that any data share is for ‘The benefit of citizen(s)’? Conversely, how do you define ‘not to detriment of citizens’?
- What are the unintended consequences of TPS data sharing? What is the mitigation/solution to this?
- How does the power work for ‘direct’ (e.g. face-to-face) interventions?
- What is the rationale behind excluding private companies? How does this work in public/private service partnerships? Can private sector organisations receive data from authorities to provide services with explicit consent?
- How are data shares communicated transparently to those whose data is being shared?
- Does this power lead to data segregation within organisations? (e.g. debt recovery teams using data collected by other areas of the department).
- Would the power overrule departments’ existing data powers and agreements?
- Does a family count as an individual for the purpose of processing?
- How can the term ‘beneficial outcome’ be adequately constrained?
- Will information-sharing orders be used?
- Is there a statutory bar for information release under FOI?
Previous OPM proposals: Fraud
Graeme Thomson, gave a presentation in plenary to explain why this proposal is being re-introduced and outlining the new proposal.
Previously the group had an OPM session which recognised that government faces substantial problem with fraud, and the process for data sharing is very slow and may take up to six years. However, fraud moves very quickly and it takes too long to get the data for it to be useful. Data sharing could be an answer to this. Government dropped the idea of looking at error in addition to debt as it was decided that there would be too much data and too much sharing required to address it.
This proposal is permissive, not mandatory. A business case will be needed to justify sharing, and it will be used to measure success. The proposal allows for pilots to prove that this data sharing is of value, as the previous OPM process asked for this evidence. If the pilots do not prove value within a defined period of time, they will stop. They will publish criteria for measurement and the outcome of what benefit is. There is also the capacity for minister to shut the whole thing down, and there is a review period after three years. An assessment will judge whether it has been successful and if not will shut down.
There will be a code of conduct and if it is breached, the data will be surrendered. If you breach the legislation you can be taken to court, It includes all public authorities including local government. It’s not clear whether it includes the NHS, more discussion is needed on this.
This project will involve the ICO and external civil liberties groups. ICO anticipate a huge number of requests for data and are considered ways of managing it. They will be starting the project with a team in place to implement. The secretariat will be in Cabinet Office.
The groups had some reflections and questions on the revised proposal:
- More detail is required on the assessment criteria for the pilot, and what the criteria will be for it to be deemed successful after the 3 year period.
- There were some concerns that three years is not long enough for projects to be established and prove their value.
- The measurement criteria needs to be set near the start and a support team set up immediately.
- Will there be a statutory bar for release under FOI?
- Transparency of benefits and measurements and transparency of openness and sharing will be vital.
- How will citizens be protected from false positives, could greater transparency be an answer?
New/revised proposals: Identified data for research and statistics
Ross Young, UK Statistics Authority, gave a presentation in plenary to explain why this proposal is being re-introduced and outlining the new proposal.
This proposal is to open up sources of administrative and other data for the Office for National Statistics for the sole purpose of producing aggregate National and other official statistics. Official statistics are a core part of UK’s information and data infrastructure. Everyone needs official statistics ‐ legislators, policy makers, companies, academics, media, the public. The proposal is good for efficiency, improved official statistics and statistical research, and better decision making.
The powers will enable ONS to share data with the statistical functions of the Devolved Administrations while preventing the use of information for any operational purposes, ensuring information is only used for statistical purposes. In terms of safeguards, the UKSA is independent and reports and is accountable directly to Parliament. ONS has strong track record of security and confidentiality of data. They will reinforce rigorous penalties for the misuse of data.
The groups were supportive of the proposals. The groups had some reflections and questions on the revised proposal:
- There was support for powers to compel disclosure of information – permissive powers may not allow desired outcomes.
- How to make the difference between de-identified and identified data intelligible to people?
- How to guarantee quality and standardisation of the data?
- Greater clarity is required on how the powers to compel businesses will impact global companies based in the UK.
- Clarification is required on where indemnity lies in the case of a data breach.
- Will there be an explicit statutory bar on FOI requests and other legal obligations?
- What type of data is covered?
- Transparency should be an integral part of this proposal – i.e. the number of data breaches and failures to comply recorded and published.
- Clarification is required on who meets the cost of the provision of data?
- Clarification is required on where the permissive power ends and power to compel starts?
- What does it mean to say that the National Statistician is “consulted” on changes to systems for collecting data? What power does that confer?
New/revised proposals: Debt
Naomi Hunter, Cabinet Office, gave a presentation in plenary to explain why this proposal is being re-introduced and outlining the new proposal.
Naomi stated that they are bringing back the proposal for consideration to align with the fraud proposals. There will be the same safeguards, code of conduct and review period process as the fraud proposals. The objective is to recover money owed to different parts of government under one payment. This is more affordable for debtors and more effective and efficient at recovering debt.
Currently government has powers to share data regarding debt owed. However, the system for accessing it is bureaucratic and neither timely nor practical. The process can take two to six years. The National Audit Office believes that there was £22 billion owed in 2013 which rose this year to £24 billion. Sharing this data can help government to identify the people who can pay and the people who can’t. There will be different responses to those people
When this proposal was considered before, there were a few issues. The OPM group felt that the key purpose was unclear. In response they have defined the purpose as to help people manage their debt better and pay back the money they owe. In addition, the OPM group identified a need for better terminology, and they responded by creating clear and consistent terminology.
Naomi clarified that the Debt Market Integrator (DMI) doesn’t do anything independently that government doesn’t mandate.
The groups had some reflections and questions on the revised proposal.
- The group felt that not enough detail or clarity was provided on the revised proposal to consider it thoroughly.
- How is the ownership of shared debt viewed, given that it seems to focus on individual debt?
- It is unclear whether the legislation will only support a pilot of this project.
- Are corporations subject to this data sharing or only individuals?
- Will data be shared with private sector companies such as Experian?
- Attendees had concerns about the quality of the data being shared and noted that there is a lack of persistent identifier in the data – which may cause issues in relation to projects pertaining to debt.
- Attendees saw identifiable data elements as a potential red line for citizens.
- The group felt that debt assessments need to be linked up and that it doesn’t make sense to centralise information.
- There were concerns about the Debt Market Integrator (DMI). As a joint venture, will government’s position be as the supplier or the customer?
New/revised proposals: GRO Civil Registration Data
John Duffy from the General Register Office presented new proposals for the sharing of Civil Registration data.
The data in scope is the registration of all births, stillbirths, adoptions, deaths, marriages and civil partnerships. John explained that the data is governed by a complex and dated legislative framework that dates back to 1836. Civil registration is a devolved function in the UK with Scotland and Northern Ireland having their own registration services.
The General Register Office (GRO) supports the delivery of local registration services that are delivered by 174 local authorities and retains all centralised records – 270m dating back to 1837. Records are held in a variety of formats. Approximately half are digitised.
Civil registration information is only shared where there are statutory gateways in place.
Current legislative gateways have been built up over time, in a piecemeal manner, in response to individual requests for registration information. Examples include:
- Police and Justice Act 2006 – Provides for death registration information to be shared with private bodies for the specific purpose of preventing, detecting and prosecuting fraud offences,
- Immigration Act 2014 – provides for information to be shared for immigration purposes.
The GRO is aiming to enable wider use of registration data without requiring primary legislation each time a new requirement emerges; remove requirements for paper certificates, therefore reducing the opportunity for fraud in relation to forged certificates; increase the integrity of data across government systems; providing benefits for citizens who would have greater choice over how they access government services
Restrictions on sharing civil registration information within government will continue to be constraining unless additional powers are put in place to extend information sharing.
GRO would benefit from getting to a position where they have:
- A discretionary power that allows civil registration information to be shared with public bodies for the purpose of fulfilling public functions,
- Restrictions on sharing information to continue to apply where there are prohibitions – e.g. linking gender recognition records,
- Secretary of State control over the sharing of GRO data.
It is proposed that a number of safeguards would be introduced, including:
- Strict adherence to the current UK legal framework including the Data Protection Act and the Human Rights Act,
- Ministerial notification and agreement on data sharing provisions relating to GRO data,
- Completion of Impact Assessments, Data Sharing Agreements and Memoranda of Understanding,
- Adherence to data sharing principles and a developed criteria for considering requests to access information.
The subsequent discussions with the OPM group generated the following questions and comments.
- Can case study examples be generated?
- What is the implementation plan when not all GRO data is digitised?
- Is there a consent element to these proposals?
- Distinction is required between service and sharing of a dataset.
- Data is currently openly available but not in bulk.
- Why is this data only for the public sector?
- Why is death data not already completely openly available?
- What’s the purpose of sharing marriage data?
- There are potential issues around the collection and recording of marriage data.
- Using this data as a means of verification seems justifiable.
- Clearer benefit analysis is required to justify the proposals.
- What does this proposal extend to (birthday, marriages, deaths – anything else)?
- Will this power be used to:
- Verify individuals?
- Nationality/immigration status?
- Provide access to services?
- How is it different to National ID? Using the same justification as for Verify.
- Data is big, complex and nuanced, could this lead to accidentally creating a national database?
- Is this effectively creating a national register?
- It’s not centralised and the linkages are not there to create an identity database.
New/revised proposals: DECC assistance for fuel poor citizens
Alan Clifford from the Department for Energy and Climate Change (DECC) presented on proposals to expand the automatic provision of direct energy bill support for citizens living in fuel poverty. This type of assistance is currently provided each winter under the Warm Home Discount scheme.
Each winter, approximately 1.4million pensioner households receive an automatic discount off their energy bill. This is possible because energy suppliers can ‘match’ some of their customer records with DWP to identify who is eligible without the customers’ prior consent.
The policy is delivered in a way that:
- Ensures eligible customers get support automatically.
- Ensures that vulnerable customers don’t miss-out.
- Is simple and low-cost to administer, so helps to keep everyone else’s bills down too.
DECC stakeholders from all sectors have called for more use of this type of data matching to facilitate the provision of assistance to fuel poor citizens. It’s tried, tested and demonstrably safe.
Currently many recipients of fuel poverty support are not actually fuel poor, so DECC want a way to prioritise those with the most pressing need – i.e. households in the coldest homes and lowest incomes:
There are already powers (s.131 of the Welfare Reform Act 2012) to extend automatic provision of assistance to some non-pensioner households. This includes recipients of means-tested benefits.
But there are two important gaps:
- No power to include those on tax credits, which are some of those facing the most severe levels of fuel poverty.
- No power to use the Government’s housing stock data, which would allow the coldest homes to be prioritised.
The proposed permissive power would enable Government to use HMRC tax credits data, housing stock data (e.g. that held by the Valuation Office Agency), and other relevant public sector datasets. It would dramatically improve the targeting of finite resources, meaning that the Government helps more fuel poor citizens sooner. The power would use the same tried-and-tested approach and safeguards as existing Warm Home Discount (WHD) data matching process.
The discussion raised the following questions:
- Why does this practice not share attribute data (rather than full data sharing)?
- Why this specific policy area? What about all the others?
- What do poverty groups think of this?
- How would this work with tax credits data (as structured around individuals not households)?
- What stops energy providers from musing this data for their own purposes (e.g. marketing services to fuel poor customers)?
- Is there a link to schools and academy data?
- What will flagging data be used for outside of government? Is there potential for private companies to use it to pitch/market products?
- What are the red lines/unintended consequences of the data sharing?
- Are there opt-out mechanisms for the discount?
- Could this data be used by academia/private sector in a safeguarded environment?
- In terms of future proofing, if successful is there scope for a private sector role in Tailored Public Service proposals?
- Safeguards are required to ensure energy companies do not misuse the data – irrespective that the data shared is just a flag as that offers considerable insights to an energy company.
Final Plenary session
In the final plenary session the group was posed two questions:
- What do you need from the Cabinet Office to be able to contribute to the 19th January follow up session?
- What’s the overall steer?
Attendees had the following reflections:
- More detail is needed in advance of the next session.
- There could be too many proposals now and this is a big risk.
- Send paperwork in advance. Paperwork should include anything that is being presented on the day, even the material which is already published online. Paperwork should be circulated at least 5 working days in advance.
- Need a clear definition of safeguards and the details. What exactly will they be?
- On 19th January need to think of ways to communicate these proposals to the public, and be able to explain clearly what it means in practise.
- There needs to be greater clarity on how these proposals will actually work: where responsibilities lie and who makes the decisions on data sharing in these proposals.
- There needs to be greater clarity on the ways in which proposals are different to each other.
- Should be a greater explanation of the extent to which there have been thoughts about permissions and penalties.
- Need to know about the transparency across the piece. Will there be something which articulates this clearly?
- Something like an appendix on the website which defines terminology. Need evidence of consistency as terms are being used inconsistently currently.
- The narrative on this set of seven proposals is missing. If they’re going to hang together in one consultation, there needs to be a narrative.
- Need examples. If this legislation passess, what will be possible but what will still not be possible?
- There needs to be clarity on the very simple questions of what data, to who, why and how
- There needs to be some consideration of the impacts at local level and the need for training for local staff. This legislation won’t change the problems they have. Don’t want this to come to a grinding halt if the legislation doesn’t go forward.
Attendees requested the email address of one point of contact to email suggestions. Sue Bateman gave her address.