A bit like Dr Dolittle’s pushmi-pullyu, government presents two heads when it comes to data security, neither able to agree with the other. Despite the Centre for the Protection of National Infrastructure (CPNI) warning about the security risks of holding bulk personal data, many government departments and agencies are keen to use such data in the hope that doing so will somehow magically improve public services.
The idea of acquiring and mining our personal data has become pervasive, fuelling the relentless growth of numerous “free” commercial services – despite cultivating in its wake a massive growth in online fraud. Now governments are keen to play Mini-Me to the data-invasive commercial corporates.
So who’s right? Is the exploitation of personal data a panacea that will reform public services and ensure greater protection against security threats – or a fatal mistake that will undermine public trust and wreak havoc with the stability and resilience of the UK?
Striking the right balance is difficult. Acquire, retain and mine bulk data and, as the CPNI warns, security risks also increase. But pull the lever too far the other way and politicians will stand accused of allowing vulnerable people to fall through the cracks of our fragmented public services, or enabling a terrorist outrage to succeed.
These are complex issues to resolve. David Anderson, the independent reviewer of terrorism legislation, recently concluded that allowing the security agencies to collate large volumes of personal data from UK citizens had a clear operational purpose. But his conclusion came with important caveats, and his review did not consider the issue of whether such bulk powers were desirable.
However, if personal data becomes subject to pervasive interception, sharing and analysis by government agencies, no citizen, country or organisation will trust a newly “independent” UK with their data – with damaging consequences to our economy.
The UK is already at the nucleus of the debate about where the right balance sits between democratic oversight and accountability, fast-evolving technology, citizen control of data, and national security. So let’s turn this to our advantage and decide how to get the balance right, and establish democratic safeguards that make the UK an exemplar when it comes to protecting and securing personal data.
There’s a huge potential upside here, empowering people to both regain control of their data and get better services – while at the same time reducing the fraud-fest caused by leaky technology and the routine abuse of our personal data.
The UK should not just begrudgingly comply with the likes of the General Data Protection Regulation (GDPR) in order to continue hosting EU citizens’ data after we wave farewell to the EU. Instead, it should aim to excel in all aspects of personal data management and security. We have the academic expertise, computer scientists, entrepreneurs, investors, start-ups, democratic heritage and creativity as a nation to make this happen.
So instead of obsessing about reviving the groat and the farthing, let’s use the catalyst of Brexit to reboot the broken model of personal data security. And let’s demonstrate just how entrepreneurial, democratic, tech-savvy, trusted and citizen-empowering post Brexit Britain will be.