The Big Data Dilemma and Big Datasharing Intentions

News update: defenddigitalme has submitted evidence to the The Science and Technology Committee “Big Data Dilemma” and you can read it here on why children’s voices must be better represented in data discussions.

Any discussion of the opportunities of “Big Data” tends to focus on gains for organisations, summed up in the enquiry as ‘business data worth £31bn by 2016.’ In this Big Data Dilemma, having heard and read many big business and data broker submissions, you see that public voice, and in particular children’s voices, too often go unheard in these policy and lawmaking proposals.

We’re calling on the Department for Education (DfE) to listen to what children and their guardians want instead. Today the DfE exploits the trust of children and parents to monetise their personal data. These policies and practice must change.

The DfE must protect the identifiable personal data in the National Pupil Database (NPD) of 8+ million children:

• Stop handing out identifiable personal data to commercial third parties
• Start telling pupils, their guardians and schools what you do with personal data
• Be transparent about policy and practice.

We want to see legal and regulatory frameworks fit for our children’s digital future and call for:

• secure handling of sensitive and or identifying pupil data
• statutory privacy impact assessments and public consultation
• the legislative review of DfE sharing of children’s personal data
• the separation of consent for identifiable data required for school administration from secondary use commercial purposes

When in 2011 Mr Cameron said he was; “opening up access to anonymised data from the National Pupil Database […] from June 2012” he either misspoke, or someone else misheard. These NPD data releases are all of identifiable data.

Data sharing: a new era of new intentions?
Whitehall has lost sight of what is in the public interest and what the public want.

And now they want more.  Who else will this more be expanded to? We await to be convinced of the government’s intention of the current data sharing review.

If public engagement is a genuine commitment then it must include the right to opt out of secondary uses of data sharing. The blog of the cross-Government Data Programme had this to say: on their new “Data Science Ethical Framework”.

“Principle 4 is about understanding what the public think.” 

Here’s evidence on what the public think. On the National Pupil Database we already know: No parent in the country would volunteer their child’s identifiable data to be passed around to journalists at a Fleet Street paper.

Your Principle 4 sounds fine, and we’d be delighted to be involved.

We also have a suggestion.

Before inventing your own Principles, Whitehall must start meeting their current legal obligation under Data Protection law: to data protection principles like Principle 1 ; the fair and legal processing of personal data.

For our children whose pupil data these are, that doesn’t mean informing schools with a discrete little email or webpage update without any public announcement. Today’s consent procedures for direct school admin cannot reasonably be understood to mean commercial use and given to press. Consent must be meaningful and freely given to be valid. And once given, the data subjects maintain their rights to be told what happens to their personal data, for what purposes and who is using it. You don’t “get consent” and then get a free pass to do whatever you want with other people’s personal data.

Consent is not a cure-all to the current government datasharing ills.

We agree that ‘Government should be making use of data to make better policy and improve public service efficiency’. Use data well and wisely. That includes remembering that Big Data are a collection of stories of individual lives.

The DfE really must answer public questions why 8m children’s personal and sensitive data are being given away ‘into the wild’ outside DfE oversight and why pupils, parents and schools are being deliberately kept in the dark.

***

Facts and stats:
The data available in the NPD is divided into 4 tiers and can be requested in a number of different combinations including identifying and sensitive data in the top two, though all 4 are identifying:

Of 466 recorded releases since 2012, 165 have been of the most highly sensitive and identifiable data – “tier 1 requests”. (See page 19-20 classifications)

Only 11 releases have been from the less sensitive tier three. Even these data still include identifiable and sensitive items and could include single counts according to the National Pupil Database user guide.  For 59 further requests the level of sensitivity and identifiability of the data are not recorded at all.

Tier 1: highly sensitive, identifying personal data (e.g. name, DOB, postcode, ethnicity, SEN, disability, service family, unique pupil number, looked-after status, exclusions)

Tier 2: other personal, sensitive, identifying information (higher level SEN, FSM, language)

Case Study releases from the NPD: identifiable and sensitive data given to press.

Further releases include commercial third parties such as data management consultancies, think tanks, charities and “one-man shows” as well as more Fleet Street papers.