Icebreaker One welcomed the opportunity, in December 2020, to participate in and respond to the UK Government’s very timely Consultation on the UK National Data Strategy.
A. Introduction – Icebreaker One
Icebreaker One (IB1) is a global non-profit dedicated to making data-at-scale work harder to deliver innovative financing for a carbon-zero future. It is focussed on creating frameworks and open standards for robust and secure data sharing across environmental & financial data; understanding the use-cases, business models, policies, processes, principles and practice that will unlock value at scale; developing & sharing expertise to provide knowledge and insight that will enable climate-specific interventions across the financial ecosystem.
We’re working to help everyone understand how to instrument change: where there is scope for material, transformational, rapid change—and how to implement it—that will help us all address the greatest challenges of our time. In 2020 we will be designing and testing climate-ready financial products and helping take them to market with our Members. We are connecting policy, strategy, risk management and investment to real-world data to:
· Enable climate-ready financial instruments
· Enable climate-aware risk management
· Enable climate-credible deployment of robust, long-term solutions
We want to ensure that we produce a forward-looking strategy that takes into account public opinion and delivers real change. These questions will help to inform future work that the government will take in this space. They will provide evidence for the government to target areas for intervention in future policy.
Please find a diagram below of the NDS pillars, missions and opportunities for reference.
Q1. To what extent do you agree with the following statement: Taken as a whole, the missions and pillars of the National Data Strategy focus on the right priorities. Please explain your answer here, including any areas you think the government should explore in further depth.
IB1 Response: Icebreaker One is somewhat in agreement that the missions and pillars of the National Data Strategy focus on the right priorities. Below are the areas which we think the government should explore in further depth:
- Environment – Given the UK government’s stated commitment to tackling climate change, and in light of HM Treasury’s announcement, on 9th November 2020, of the intention to make position the UK at the forefront of green finance, and to mandate disclosures in line with the Taskforce on Climate-Related Financial Disclosures (TCFD) recommendations across the economy, we believe that there is a strong case for Environment and the Transition to a Net-Zero Economy to be added as an Opportunity for the NDS to address.
- Distributed data strategy – consistent, cost-effective mechanisms for sharing and accessing data are required, as a core component of any national data strategy. We therefore recommend that “Adoption of a consistent national distributed data strategy’ be added to the Missions of the NDS. This should encompass an agreed common approach to sharing data, whether business-to-business (B2B) or business-to-consumer (B2C). Furthermore, we believe that Open Banking and the Open Banking Implementation Entity (OBIE) model and infrastructure provide a template and springboard for developing cross-sector national data infrastructure.
Q2. We are interested in examples of how data was or should have been used to deliver public benefits during the coronavirus (COVID-19) pandemic, beyond its use directly in health and social care. Please give any examples that you can, including what, if anything, central government could do to build or develop them further.
For question two, we are only looking for examples outside health and social care data. Health and social care data will be covered in the upcoming Data Strategy for Health and Social Care.
IB1 Response: Open Banking provides valuable examples that demonstrate how an effective data sharing ecosystem can respond to rapid market changes. The Fintech developer community – is characterised by agile working practices that continually test and learn as they meet customer needs. During the Covid-19 pandemic, this particular ecosystem proved to be highly collaborative and quickly developed a new tool to support self-employed people claiming financial relief from the government using transactional data to provide evidence of past earnings.
Good examples can be found through the Open Banking #powerofthenetwork page (https://www.openbanking.org.uk/insights/power-of-the-network/ ), as well as the clear pivot demonstrated by several of the participants in the Nesta Open Up 2020 Challenge: Explore the Apps — Open Up 2020 (https://openup2020.org/explore-the-open-banking-apps ) which helped consumers to build financial resilience, plan for the future, address problem debt, improve their credit score or access short term credit at fair rates.
The key learning from this is that building new well functioning ecosystems that can respond to market needs quickly can provide very significant benefits, and generally respond much faster than incumbents. This, therefore, must be supported by forward-looking regulation and government policy decisions.
Q3. If applicable, please provide any comments about the potential impact of the proposals outlined in this consultation may have on individuals with a protected characteristic under the Equality Act 2010?
IB1 Response: There is a need to ensure that individuals with a protected characteristic under the Equality Act 2010 – but also including vulnerable consumers – are effectively protected, with consideration of aspects such as data ethics and unintended consequences from algorithms etc. The NDS creates an opportunity to enhance consumer protections across the board, and to close regulatory gaps associated with data and its applications.
The Open Banking Implementation Entity has taken a lead by including Customer Experience Guidelines, that includes a section on vulnerable customers (Customer Experience Principles | Open Banking Documentation – https://standards.openbanking.org.uk/customer-experience-guidelines/introduction/design-and-experience-principles/latest/ ) as well as Operational Guidelines for Third Party Providers which address data governance and ethics (Data Ethics – General | Open Banking Documentation – https://standards.openbanking.org.uk/tpp-operational-guidelines/data-ethics-gdpr/latest/ ) These are areas that should be consistently applied and included within the scope of cross-sector guidance through BEIS Smart Data Initiatives.
Q4. We welcome any comments about the potential impact of the proposals outlined in this consultation on the UK across all areas, and any steps the government should take to ensure that they take account of regional inequalities and support the whole of the UK?
Government should encourage investment in data innovation and better data usage outside of London and the South-East, and should also build on existing opportunities and initiatives (for example, existing fintechs clusters in Manchester, Edinburgh etc.). This can be done through incentivisation towards investment in and development of data-driven businesses in the regions, and creation of regional clusters of data innovation.
There is also a need to look more holistically at the skills base required to support a more data-driven economy, particularly and more immediately with respect to Covid-19 economic recovery planning. Government should incentivise higher education institutions such as universities and colleges to create more academic courses around areas of technology and data innovation, including but not limited to data engineering, data standards, and artificial intelligence and machine learning techniques (AI / ML). Firms should also be incentivised to offer traineeships and apprenticeships in these areas, enabling the UK to grow these skills domestically. There is a need to focus on the wider skill sets required to support a thriving data-driven industry base – going beyond technology, to encompass the soft skills and creativity aspects required to drive innovation.
Initiatives such as the Global Open Finance Centre of Excellence (GOFCoE – https://ddi.ac.uk/case-studies/gofcoe/ ) provide a template and model for a holistic approach to skills and knowledge development and sharing, combining academic rigour and support with practical training and infrastructure in conjunction with industry, supported by government leaning in. We strongly encourage leverage of these models and replication in other regional contexts.
C. Mission one: Unlocking the value of data across the economy
Data is an incredibly valuable resource for businesses and other organisations, helping them to deliver better services and operations for their users and beneficiaries. However, there is increasing evidence to suggest that the full value of data is not being realised because vital information is not getting to where it needs to be.
Our first mission is to create an environment where data is appropriately usable, accessible and available across the economy – fuelling growth in organisations large and small. We will create a clearer policy framework to identify where greater data access and availability across and with the economy can and should support growth and innovation, in what form, and what government’s role should be, in the UK and globally.Data availability: For data to have the most effective impact, it needs to be appropriately accessible, mobile and re-usable. That means encouraging better coordination, access to and sharing of data of appropriate quality between organisations in the public sector, private sector and third sector, and ensuring appropriate protections for the flow of data internationally.
Q5. Which sectors have the most to gain from better data availability? Please select all relevant options listed below, which are drawn from the Standardised Industry Classification (SIC) codes.
· Accommodation and Food Service Activities
· Administrative and Support Service Activities
· Agriculture, Forestry and Fishing
· Arts, Entertainment and Recreation
· Central/Local Government inc. Defence
· Charity or Non Profit
· Electricity, Gas, Steam and Air Conditioning Supply
· Financial and Insurance Activities
· Human Health and Social Work Activities
· Information and Communication
· Mining and Quarrying
· Transportation and Storage
· Water Supply; Sewerage, Waste Management and Remediation Activities
· Wholesale and Retail Trade; Repair Of Motor Vehicles and Motorcycles
· Professional, Scientific and Technical Activities
· Real Estate Activities
IB1 Response: In the context of Icebreaker One’s work in developing the shared data infrastructure required to drive a transition towards green finance and a green economy, we identify the following sectors which we believe stand to gain significantly from better data availability – nevertheless acknowledging that other sectors may also benefit to an equally significant extent when viewed through this or other lenses. There are many opportunities that can be leveraged from better data availability in these sectors, and we have specifically highlighted those that arise in relation to climate change, understanding and management of climate-related risks, and the transition to a net-zero economy:
- Agriculture, Forestry and Fishing
- Data availability can support better understanding of the impacts of climate change at present and allow for better projection into the future.
- Can also allow more granular assessment of the impacts of policy changes and new technologies on the sector.
- Better data, particularly through enhanced use of sensors and other capabilities, can enable creation of feedback-driven systems and buildings.
- Electricity, Gas, Steam and Air Conditioning Supply
- Icebreaker One is currently working on Open Energy – a project to introduce shared data infrastructure, in the style of Open Banking, to the energy sector. This will enable better understanding of energy sources and consumption across the sector and enable development of new and innovative applications. See https://energydata.org.uk for an overview of the Open Energy initiative and its benefits in opening up access to energy data.
- Financial and Insurance Activities
- Data availability is absolutely vital in order to assess the impact of climate change on firms, their activities and their asset and share prices, as well as in determining the climate-related risk associated with firms, which ultimately impacts factors such as creditworthiness and the cost and availability of capital finance and debt.
- Data from all sectors is required in order for firms to develop better models of climate-related risk and understand its future impacts on the financial system and economies.
- Data inputs from all sectors are required in order for firms to assess their own climate-related risk in line with TCFD and other recommendations – and soon-to-be regulatory requirements.
- Transportation and Storage
- Better data can help develop an understanding of the costs and impacts of transitioning to hydrogen and electric-powered vehicles.
- Water Supply
- Data will help build a better understanding of water availability and quality.
Q6. What role do you think central government should have in enabling better availability of data across the wider economy?
IB1 Response: Central government has a number of tools at its disposal to facilitate cross sectoral data sharing and sensible re-use of public sector data, be that via the creation of bodies to act as intermediaries in data sharing and assess requests for data access, or via the introduction of legislation which builds trust in the private sector for the sharing of industry or business data to reach common goals or for the greater good. It is key that the government uses these tools to ensure that data is shared appropriately and that interests in the data (whether that is personal data rights or ownership of intellectual property rights) are protected so that both individuals and businesses are incentivised to share quality data. With Brexit in mind, it is also key to ensure that the UK retains access to European data sources and the common EU data space so that the UK does not fall behind.
We highlight the following as specific recommended actions that could be taken by central government in promoting and enabling better availability of data across the wider economy:
- Creation of appropriate and well-funded central and sector-specific regulation, with clear oversight and supervision through leveraging existing regulatory bodies, or via the establishment of new regulatory bodies where appropriate.
- For example, cross-sector issues such as consent, digital identity and authentication, liability and redress etc should be looked after by a central regulatory body (either the CDEI or a new entity), whilst Ofgem, Ofcom, FCA etc. regulate for their specific sectors, managing regulatory authorisations and undertaking supervisory and enforcement activities.
- Creation of a dedicated data standards and implementation body – building on the OBIE model – that has the ability to develop both cross-sector standards (e.g. for consent) and sector-specific standards (e.g. for sharing of transportation data, or agricultural data).
- Adoption of a distributed data strategy with appropriate governance, again building on the Open banking / OBIE model (which Icebreaker One is leveraging in developing the Open Energy initiative).
- Ensuring that these regulatory, standards and governance bodies are adequately funded to drive successful outcomes, and have the necessary legislative mandate to operate effectively.
- At present, the ICO appears to be under-resourced and under-funded when one considers the pace of change and rapid move towards a more data-driven economy. Strong regulatory strategy and oversight is required, with appropriate levels of supervision and powers of enforcement. In this context, we see the Financial Conduct Authority (FCA) as representing a more appropriate example for such an agency to be modelled upon.
Q6a. How should this role vary across sectors and applications?
IB1 Response: Government should take a more interventionist role in sectors where there is a key public interest. For example, where there is a key public benefit, such as reaching the 2050 Net Zero target, Government may need to take more action in order to facilitate private sector data sharing or to make relevant public sector data available for re-use in order to reach the target (either by increasing requirements to share relevant data or to facilitate access requests). There are also some sectors in which data use and access should be more highly regulated, for example, where sensitive health data is involved.
Data foundations: The true value of data can only be fully realised when it is fit for purpose, recorded in standardised formats on modern, future-proof systems and held in a condition that means it is findable, accessible, interoperable and reusable. By improving the quality of the data we are using, we can use it more effectively, and drive better insights and outcomes from its use.
Q7. To what extent do you agree with the following statement: The government has a role in supporting data foundations in the wider economy. Please explain your answer. If applicable, please indicate what you think the government’s enhanced role should be.
IB1 Response: We strongly agree with this statement.
We are also strongly in agreement with the NDS’ assertion that “The true value of data can only be fully realised when it is fit for purpose, recorded in standardised formats on modern, future-proof systems and held in a condition that means it is findable, accessible, interoperable and reusable. By improving the quality of the data we are using, we can use it more effectively, and drive better insights and outcomes from its use.” In this context, the UK Government clearly has a role to play in supporting data foundations in the wider economy, through supporting and promoting:
- Development and adoption of data standards, preferably through existing standards-setting bodies, but where these do not exist, through incentivisation and support for creation of standards-setting bodies.
- Digitisation of data – storage of data in (preferably digital-native) formats that are both machine and human-readable, searchable, retrievable and electronically accessible.
- Shared data infrastructure – enabling data to be held and updated at source, but shared on an open and accessible basis, rather than creating centralised, privately or publicly held databases. In this context we are great supporters, again, of Open Banking and the OBIE as a model.
- Trust – trust is at the core of a successful national data strategy and in building out the data-driven digital economy of the future. Government and regulatory oversight with clear objectives is required in order to support this trust. We have closely followed the work undertaken by the Smart Data Working Group (SDWG) around areas such as consent, liability, authentication and participant authorisation, which, taken together, are at the heart of creating trust in a data economy. We are strongly supportive of the SDWG’s ongoing work in this area.
Q8. What could central government do beyond existing schemes to tackle the particular barriers that small and medium-sized enterprises (SMEs) face in using data effectively?
IB1 Response: We would advocate for greater consistency of standards across sectors, so that SMEs are consistently using a familiar approach when dealing with and accessing service providers, be they banks, HMRC, energy providers or other entities. In this respect, we adopt a broad definition of the term “standards”, considering not only data specifications but also guidance around customer experience (with the SMEs being, in this context, the “customers”) and access to portals and infrastructure, which should be designed for familiarity and consistency across sectors. There is also a need to examine the shared services and infrastructure that underpin cross-sectoral and cross-functional multi-entity data access; for example, single sign-on mechanisms, and digital identities and identity management for SMEs, across platforms and sectors.
In terms of the benefits to SMEs that can accrue from adoption of a shared data infrastructure, based on Open Banking principles, we are also heartened by Andy Haldane’s speech on 18th November (https://www.bankofengland.co.uk/-/media/boe/files/speech/2020/seizing-the-opportunities-from-digital-finance-speech-by-andy-haldane.pdf?la=en&hash=508F4972D17DE5A6DE3E0A1439A284BE904AC1C5). In this speech, the Bank of England’s Chief Economist stated that “Breaking down those well-entrenched barriers calls for a new infrastructure, one which expands the scale and scope of Open Banking – an Open Data platform for SMEs. The Bank set out some ideas on the design of such an open platform for SMEs earlier this year. This would provide a standardised means of permissioned sharing of data about businesses. In addition to data held by banks, this could include data from insurance and utilities companies, credit rating and social media data companies, and Government sources such as the Passport Office, DVLA, HMRC and Companies House.
The platform would run as a decentralised network of data providers using a standardised set of APIs. There would be no central data repository, physical credit file or central infrastructure. Instead, like the internet, the platform would be built around standard protocols that would enable interoperability between decentralised data providers and data users, with businesses having control of this process.At a practical level this would mean an SME could, at the touch of a button, permission an API call to a handful of data providers to instantly share specified data fields with a third-party, such as a lender. The data transfer would be close to real time and encrypted end-to-end. This would greatly expand the dataset, and shorten the application process, for SME loans.”
The Smart Data Review in 2019 consulted on ways to make evolving schemes more coordinated across banking, finance, telecoms and energy. The focus of Smart Data is citizens asking their providers to share information about them with third parties.
Q9. Beyond existing Smart Data plans, what, if any, further work do you think should be done to ensure that consumers’ data is put to work for them?
IB1 Response: Icebreaker One believes that there is significant scope for putting consumers’ data to work for their benefit. Consumer data can be used to gain a better understanding of, and to develop plans for addressing, a number of major societal challenges such as financial exclusion, digital exclusion, fuel poverty and others. We would advocate for the incentivisation of innovation in these areas through such measures as creation of funded (e.g. via UKRI) challenges and competitions, better R&D tax breaks for initiatives aimed at addressing such issues, and encouraging co-operation and partnerships between industry and charity sectors. At the same time, we would also advocate for greater transparency for consumers as to how their data is being used.
D. Mission two: Maintaining a pro-growth and trusted data regime
Building on our status as a world leader in technological innovation and our robust data protection standards, we will maintain a data regime that supports the future objectives of the UK outside of the EU and promotes growth and innovation while maintaining public trust. This regime will not be overly burdensome for the average company, nor will it be unnecessarily complex or vague; it will help innovators and entrepreneurs use data legitimately to build and expand their businesses, without undue regulatory uncertainty or risk at both the domestic and international levels.
To encourage the widespread uptake of digital technologies, we will also work with regulators to provide advice and support to small- and medium-sized businesses to help them expand online, and develop sector specific guidance and co-regulatory tools to accelerate digitisation across the UK economy.
Q10. How can the UK’s data protection framework remain fit for purpose in an increasingly digital and data driven age?
IB1 Response: Problems that are shared across jurisdictions, such as Covid-19, require sharing and pooling of data resources across jurisdictions in order to identify common solutions. We agree that, in light of Brexit, the UK must seek to maintain access and interoperability with other data sharing regimes globally, particularly in light of the various data localisation rules that are emerging around the world.
With respect to personal data, the UK will need to keep on top of developments in new uses for personal information as well as new tools and technologies used to process it in order to ensure that individuals remain protected and are provided with a degree of control and incentivisation to share their data. We would encourage and support the push at governmental level toward the regulation of non-personal data sharing, such that businesses may feel more comfortable sharing data which they had previously treated as confidential and proprietary for other uses, including both commercial and altruistic purposes. Only by doing this can we ensure that the UK market benefits from access to large datasets of a good quality to enable growth in the UK economy and to stay aligned with our peers on the global stage.
Through Icebreaker One’s sister organisation, Dgen, we authored two reports on Consent and Liability. Our core recommendation is that the government should develop additional consumer protections and enhanced rights for consumers through a Smart Data Right and a Smart Data Consumer Agreement. This will be essential in ensuring regulatory consistency for consent and liability, and their management, in smart data initiatives across sectors. The link to these reports is here: https://www.gov.uk/government/publications/smart-data-research-on-consent-liability-and-authentication
In section 7.1.2 we lay out the functions of the Centre for Data Ethics and Innovation (CDEI), set up in 2018 to advise the Government on the use of data-driven technologies and AI.
Q11. To what extent do you agree with the functions set out for the Centre for Data Ethics and Innovation (CDEI) – AI monitoring, partnership working and piloting and testing potential interventions in the tech landscape? Please explain your answer.
IB1 Response: Icebreaker One strongly agrees with the functions set out for the Centre for Data Ethics and Innovation (CDEI), including AI monitoring, partnership working and piloting and testing potential interventions in the tech landscape. We are strong advocates for the adoption of data ethics principles on a more widespread basis, particularly with respect to the emerging and more widespread use of AI / ML techniques in combination with the opportunities afforded by Big Data. We would strongly recommend development and adoption of a set of UK AI Ethics guidelines, along the lines of the EU AI Ethics Guidelines ( https://ec.europa.eu/digital-single-market/en/news/ethics-guidelines-trustworthy-ai ).
Specific areas for consideration with respect to an AI Ethics framework include, for a given proposed application of AI: what are the benefits of the application? What are the potential risks and detriments? How does it work – can it be explained? Is its application and implementation just and fair, and how are disputes handled?
We are also supportive of the ODI’s proposal (http://theodi.org/wp-content/uploads/2020/11/Getting-data-rightperspectives-on-the-UK-National-Data-Strategy-2020.pdf) to develop a professional framework for data scientists, with shared codes of practice and accreditation, as this will go some way as well to embedding ethical principles at the core of data science as an emergent field.
Q11a. How would a change to statutory status support the CDEI to deliver its remit?
IB1 Response: We believe that a change to the CDEI’s statutory status – for example, by giving it the status of a regulator with the ability to supervise and enforce regulations implemented with respect to data ethics – would be a welcome indication of the UK Government’s commitment to the development of an ethical base on which to build its foundations for a national data strategy. We would strongly advocate for the creation of a regulatory framework aimed at ethical governance of data and the firms that process them. This should, for example, encompass responsibilities on boards and directors to ensure that businesses are operating ethically. Additionally, if there is a role to be played by the CDEI in providing oversight of such firms, to hold them to account and to have enforcement capabilities, then it ought to have some registration requirements for organisations that are processing data, in order to ensure that they are not acting unethically, either consciously or unconsciously.
It has been noted from work in Open Banking that unconscious bias can be introduced through algorithms that have not been fully tested. Testing for and elimination of such bias should be a prerequisite before market launch, particularly where financial or other sensitive data is being used. For example, sandbox testing of algorithms using sensitive data or having applications that might have outcomes affecting the rights of individuals (such as facial recognition algorithms) should be mandatory prior to the live usage of these algorithms, and standard facilities for such testing be made available to the development community, which does not currently have easy access to such facilities. This is particularly true of smaller developers operating within very tight budget constraints. This could be provided through organisations such as the Global Open Finance Centre of Excellence (GOFCoE) or similar establishments.
E. Mission three: Transforming government’s use of data to drive efficiency and improve public services
There is massive untapped potential in the way the government uses data. We will implement major and radical changes in the way that the government uses data to drive innovation and productivity across the UK. In doing so, we will improve the delivery of public services, as well as our ability to measure the impact of policies and programmes, and to ensure resources are used effectively.
To succeed, we need a whole-government approach led by a Government Chief Data Officer from the centre in strong partnership with organisations. We need to transform the way data is collected, managed, used and shared across government, including with the wider public sector, and create joined-up and interoperable data infrastructure. We need the right skills and leadership to understand and unlock the potential of data – and we need to do so in a way that both incentivises organisations to do the right thing, as well as build in the right controls to drive standardisation, consistency and appropriate data use.
The government is going to set an ambitious package of work in this space and wants to understand where we can have the biggest impact.
Q12. We have identified five broad areas of work as part of our mission for enabling better use of data across government:
· Quality, availability and access
· Standards and assurance
· Capability, leadership and culture
· Accountability and productivity
· Ethics and public trust
We want to hear your views on any actions you think will have the biggest impact for transforming government’s use of data.
IB1 Response: We are supportive of the Government’s plans to take a whole-government approach to improving the use of data for innovation, service delivery and decision-making. In developing a data infrastructure that is fit for purpose for Government’s needs, it is essential that the process is led by real-life use cases, in order to avoid the pitfalls of developing infrastructure for theoretical use cases that do not reflect real-life usage of data. We would therefore recommend that the Government undertake a comprehensive analysis of its needs and identify the core use cases that apply, prior to embarking on the design and development of such data infrastructure. This is essential in order to ensure that the data sharing solution both meets the requirements of the users, but also is designed in a way that allows easy use of the data regardless of the technical capability of the user.
We strongly recommend a trust framework, enabling participant management and data access control, as the basis for an effective data sharing solution. It is essential to enable users to find and access the data they require, and to enable a service layer to develop within this trusted environment. The core components for this are:
- Knowledge Graph – This allows users to search for datasets according to parameters that they set. It works by crawling metadata and understands the meaning and relationships between data sets, so that users can understand the full spectrum of information available to them.
- Decentralised architecture – The architecture should have only the minimum required centralised components, removing a single point of failure and allowing rapid and low-cost system evolution. This approach has the major benefit that the data is maintained only by the relevant departmental holder, so requires no additional curation and is always up to date.
- Directory – This is the critical enabler for the decentralised architecture as it provides a secure, trusted environment with strong governance. It enables data providers to verify the identity of the party requesting the data, ensuring that access control for authorised users can be effectively managed. It is used to signpost the API endpoints for data, and enables granular control over the specific data that is being accessed.
- Standards – Once adopted a standardised approach reduces the effort, time and cost of integration. A metadata standard enables better data search and discovery used in a Knowledge Graph approach.
We believe that adopting this approach will ensure security, access control, scalability, flexibility to meet government needs as they develop.
We would also advocate for the creation of a separate vehicle that can sit between data regulators and industry, with a focus on unlocking leadership, capability and a culture of responsible and innovative data usage whilst also facilitating an effective feedback loop between regulators and industry, given the emergent nature of much innovation in this space.
Q13. The Data Standards Authority is working with a range of public sector and external organisations to create a pipeline of data standards and standard practices that should be adopted. We welcome your views on standards that should be prioritised, building on the standards which have already been recommended.
IB1 Response: We believe that the development of Open Standards is of paramount importance and represents the foundation of data infrastructure in the UK. Icebreaker One’s founders were also involved in developing the Open Banking Standard, and the organisation is now building an Open Energy Standard based on the same principles.
Such development must be done collaboratively, with broad stakeholder engagement. They must encompass, at a minimum and based on user needs, frameworks for licensing, operations, policy and technology.
F. Mission four: Ensuring the security and resilience of the infrastructure on which data relies
In the UK, the government already imposes safeguards and enforcement regimes to ensure that our data is handled responsibly. But we will also take a greater responsibility for ensuring that data is sufficiently protected when in transit, or when stored in external data centres.
The government will determine the scale and nature of risks and the appropriate response, accounting for emerging trends in the market landscape. We will also determine whether current arrangements for managing data security risks are sufficient to protect the UK from threats that counter our missions for data to be a force for good. And we will consider the sustainability of data use, exploring inefficiencies in stored and processed data, and other carbon-inefficient processes.
The infrastructure on which data relies is the virtual or physical data infrastructure, systems and services that store, process and transfer data . This includes data centres (that provide the physical space to store data), peering and transit infrastructure (that enable the exchange of data), and cloud computing that provides virtualised computing resources (for example servers, software, databases, data analytics) that are accessed remotely.
Q14. What responsibilities and requirements should be placed on virtual or physical data infrastructure service providers to provide data security, continuity and resilience of service supply?
IB1 Response: No response.
Q14a. How do clients assess the robustness of security protocols when choosing data infrastructure services? How do they ensure that providers are keeping up with those protocols during their contract?
IB1 Response: No response.
Q15. Demand for external data storage and processing services is growing. In order to maintain high standards of security and resilience for the infrastructure on which data use relies, what should be the respective roles of government, data service providers, their supply chain and their clients?
IB1 Response: No response.
Q16. What are the most important risk factors in managing the security and resilience of the infrastructure on which data use relies? For example, the physical security of sites, the geographic location where data is stored, the diversity and actors in the market and supply chains, or other factors.
IB1 Response: No response.
Q17. Do you agree that the government should play a greater role in ensuring that data does not negatively contribute to carbon usage? Please explain your answer. If applicable, please indicate how the government can effectively ensure that data does not negatively contribute to carbon usage.
IB1 Response: The Government should make all endeavours to ensure that new data infrastructure and standards around data storage and use are designed with the Net-Zero Target in mind, and, where possible, encourage and motivate industry participants and businesses to make net zero-enabling choices in their selection of data storage and processing solutions and outsourcing providers. There is also scope for Government to go a step further with respect to its own data storage, usage and infrastructure – to ensure that all future procurement decisions have a net-zero requirement to fulfil.
G. Mission five: Championing the international flow of data
In our hyper-connected world, the ability to exchange data securely across borders is essential.
As the UK leaves the EU, we have the opportunity to develop a new UK capability that delivers new and innovative mechanisms for international data transfers.
Using our reputation as a world leader in digital, a champion of free trade and the rules-based international system, and an engaged, rule-abiding member of the global community, we will build trust in data’s use, creating the regimes, approaches and tools to ensure personal data is appropriately safeguarded as it moves across borders. We will also facilitate cross-border data flows by removing unnecessary barriers to international data transfers that promote growth and innovation. And we will seek to promote data standards, data interoperability, and UK values internationally.
Q18. How can the UK improve on current international transfer mechanisms, while ensuring that the personal data of UK citizens is appropriately safeguarded?
IB1 Response: Increasing numbers of international governments are putting in place localisation measures; measures which either mandate data to be kept locally or measures which impose conditions on the cross-borders transfer of data. There is an urgent need for the Government to work with other governments and international institutions to seek to reverse these trends and to foster trust in the sharing of data across borders. We repeat that problems that are shared across jurisdictions, such as Covid-19, require sharing and pooling of data resources across jurisdictions in order to identify common solutions.
Many of the ideas we have noted above aimed at encouraging the increased flow of data would be applicable to data sharing across borders. Additional safeguards may be necessary to ensure intellectual property rights are protected in accordance with international agreements and national security is maintained. In addition, uniform licensing frameworks should be designed and adopted.
As a first step, however, we urge the Government to ensure EU ‘data adequacy’ to maintain free flow of personal data from the EEA. The UK should also engage with the EU in relation to its recent proposals for the sharing and re-use of non-personal data, ensuring access for UK businesses and institutions to the resources that foster innovation and enable digital services. For information see http://europeanmemoranda.cabinetoffice.gov.uk/files/2020/11/ST_13351_2020_INIT_en.pdf
We will seek EU ‘data adequacy’ to maintain the free flow of personal data from the EEA and we will pursue UK ‘data adequacy’ with global partners to promote the free flow of data to and from the UK and ensure it will be properly protected.
Q19. What are your views on future UK data adequacy arrangements (e.g. which countries are priorities) and how can the UK work with stakeholders to ensure the best possible outcome for the UK?
IB1 Response: We are aware, anecdotally, of informal conversations between various data initiatives in the UK and other jurisdictions, such as Australia and New Zealand, around some of the issues raised around post-Brexit data adequacy, continuation of data access and accessibility / interoperability of data. These conversations cover topics such as the development of data consent mechanisms, which are crucial for data sharing and interoperability in a cross-border context. There is a need for these types of conversations to take place via more formal, Government-sponsored channels, if we are to truly collaborate with international partners in development of more robust common frameworks and open up opportunities for businesses, fintechs, and technology providers.
There is also a need, when considering post-Brexit trade agreements, to understand the full impact of their provisions on the UK’s data security and on data sharing, and the challenges for data adequacy and consent. For example, concerns exist that the recent UK-Japan free trade agreement (FTA) could create a back door for UK data to flow to third countries via Japan.
In this respect, we are in agreement with the ODI’s view that “Furthermore, on the future of adequacy regime after Brexit, injecting free data flows in trade law is a questionable way forward, because this tends to crowd out other efforts around multi stakeholder governance that aspire towards a more rights-preserving and inclusive approach to safeguarding human rights. Instead, a more viable strategy would be, as mentioned above, to create a digital rights scaffolding, together with liberalising cross-border data flows while respecting data protection.” (http://theodi.org/wp-content/uploads/2020/11/Getting-data-rightperspectives-on-the-UK-National-Data-Strategy-2020.pdf , p29)