The data protection and privacy issues surrounding the UK’s National Data Strategy were discussed by experts during a session at a recent Westminster eForum policy conference.
The strategy was published at the end of last year by the UK government, with the aim of harnessing data collected to boost productivity and innovation, both in the public and private sectors.
However, the panellists emphasized that safeguards around data privacy and protection are essential when implementing this national strategy. Gayle McFarlane, partner, Eversheds Sutherland, said that as a starting point, the objective of the data collection and its appropriateness must be clearly defined and communicated. “We need to think about what the ultimate purpose of it is and how it is going to be used,” she outlined. For example, McFarlane noted that while many would consider it a positive to allow the NHS to gather large amounts of data about people’s activities in order to drive health policies, “if that data is used to say if my smart watch hasn’t collected enough steps today and therefore I’m not entitled to particular treatments, do we still feel the same way?”
McFarlane also emphasized the importance of recognizing that different people will feel very differently about their data being collected and used by organizations. This can lead to unintended consequences, including users refusing to access vital services. “Individuals have a different view as to how comfortable they are about the risk-reward of sharing of data,” she explained, adding that “we need to make sure we bring people along with us.”
Due to such considerations, Laura Lazaro Cabrara, legal officer at Privacy International, believes that data subject rights should be one of the key priorities of the National Data Strategy. This includes ensuring clarity and consent takes place during any changes, and allowing individuals to object to their data being used in a certain way. “It is important that these principles are carefully applied to the data strategy and balanced against the hypothetical benefits from more processing,” commented Lazaro Cabrara.
She highlighted the example of the COVID-19 track and trace system set up in the UK last year, in which data from hundreds of millions of check-ins from people who visited pubs, restaurants and hairdressers had barely been used by test and trace. “This is a clear example of data processing which proved to be unnecessary and ultimately excessive,” said Lazaro Cabrara.
Roxanne Morison, head of digital policy, CBI, outlined data issues related to the UK’s formal departure from the EU, and how these should be a crucial component of the National Data Strategy. “Securing adequacy remains the top priority for firms,” she stated. “It matters to all sectors and underpins business operations from logistics to financial services, and really the free flow of data is at the heart of the success of the UK’s digital economy.”
Morison also expressed her belief that the National Data Strategy offers a great opportunity to set a strategic direction and improve coordination in this area. One key way it can make a difference to businesses is to set more uniform standards domestically regarding data protection, with the current situation often quite confusing. “Awareness of these trade-offs between these different definitions between regulators is so important for firms to stop them being caught in the cross-hairs of these different systems,” she said.
Another important benefit the strategy can have is to “show the art of what’s possible, not just what you can’t do” with data in order to harness its full potential, according to Morison. In particular, this involves improving accessibility of guidance, particularly for SMEs and startups which don’t have large compliance teams.