Limiting the risks of government data sharing

The UK Government is going to consult more widely on its proposals for data sharing within government.

A national identity register that allows data sharing across government could be the technological underpinning of a huge improvement in the provision of government services.  (It is important that the technology will not transform the services: it is a platform on which government processes can change). 

Those of us who understand the technology and care about our civil liberties should not adopt a luddite stance of opposition: we should send a clear, consistent and simple message about the safeguards we need so that we get the benefits of joined up services without the risks to our freedoms. 

I propose the following five, readily understandable safeguards.  The government should commit itself to each of these, or offer an extremely good reason why not:

  • government data should be stored in decentralized databases that can communicate with each other on a need to know basis, not in shared data warehouses;
  • citizens should have access to all data held about them by government
  • citizens should be able to see a complete log of every access to their personal data by all public servants
  • an independent information security ombudsman should police the systems
  • there should be no identity cards and no collection of biometric data

Published by Owen Barder

Owen is Senior Fellow and Director for Europe at the Center for Global Development and a Visiting Professor in Practice at the London School of Economics. Owen was a civil servant for a quarter of a century, working in Number 10, the Treasury and the Department for International Development. Owen hosts the Development Drums podcast, and is the author Running for Fitness, the book and website. Owen is on Twitter and

Join the conversation

3 Comments

  1. A good start, Owen.

    I’m particularly worried about the ability to draw all the data together into a meta-database. Even if they are separate stores, if you can query across them with foreign keys, then bob’s your uncle…

    Remember also the definition of Sensitive Data as per the Data Protection Act 1998. The data being talked about here is surely within that scope.

    Therefore, we’d need a qualifying clause to the effect that it explicitly names which classes of Sensitive Personal Data the Register may be linked to and excludes all others (like say DNA).

  2. Pingback: Atopian.org
  3. Keep an eye on the other ninjas and gurus raising similar issues. There’s been a good community at work for a couple of years –  see the pretty all-encompassing ID and data-sharing thread on idealgovernment.com.  Top industry ninja is Kim Cameron, MS’s identity architect – check out his 7 Laws of Identity  at http://www.identityblog.com/ which have gained good cross-industry consenus. Other important ninja voices you might want to check out eg Jerry Fishenden, MS’s national technology officer, Robin Wilton at SunMicrosystems etc. All making important at times trenchant but constructive (and importantly, intelligible to the non-tecchies) comment on their blogs and elsewhere. And if you want to imbibe the spirit of the ninja underworld (and I guarantee you a laugh out loud), have a look at the exemplary pertinent video art of Eclechtec: http://eclectech.co.uk/clarkeidcards.php and http://eclectech.co.uk/swizz.php. Fabulous

Leave a comment

Your email address will not be published. Required fields are marked *