Responsible and ethical use of data is a top priority for information commissioner Elizabeth Denham. Her number two Steve Wood, deputy information commissioner at the ICO, said increasing the trust and confidence people have in how their data is used is one of the key goals of her tenure. One of the things that the ICO does in this regard is carry out research and measure the attitudes of the UK public towards data use and data sharing. The results of its most recent annual track survey on trust and confidence produced some interesting findings.
In spite of the countless hacks and data breaches that the public has been made aware of and (the innumerable others that have been kept hush-hush) there has been a year-on-year increase in the percentage of people who trust the way organisations use their data.
Wood said there was an increase to 34% from 21% the previous year. Wood made sure to add that this was just one survey that only reflected a years’ worth of data and therefore the statistic could anomalous.
The research also looked at which type of organisations were the most and least trusted. Public sector bodies came out on top, while social media companies unsurprisingly are the least trusted with personal data by the British public.
"Awareness and interest in personal data is becoming mainstream."
Wood said that the ICO would be conducting more research to see whether regulation, GDPR in particular, is causing an increase in trust and confidence in the use of personal data, and stated that awareness and interest in personal data is becoming mainstream. He said: “That is something we are starting to observe in speaking to data protection officers around the UK in how people are engaging with their data protection rights.”
According to Wood, in the past people would want to access their data if there was something wrong, such as an incorrect credit score. However, now the ICO is increasingly seeing greater numbers of people who are just interested in knowing what data is held about them and often then make requests for data to be deleted.
With reference to the GDPR, Wood stated there are three central concepts of the regulation in relation to privacy risks, those of transparency, control and accountability.
Wood stated that the job of the regulator is to ensure that these concepts are translated into practice, therefore, now that the GDPR has been enforceable for almost 10 months, the focus is now on working with sector bodies, trade bodies and expert organisations to create a layer of guidance.
He made it clear that the problem of the lack of trust among the public in the handling of their data is a global not a national one, as other data protection regulator counterparts around the world have said that they face common issues. Wood also said that there are many different players in the data ecosystem, including data brokers, analytics companies and researchers. Perhaps consulting with these players with help with the creation of the guidance.
"A certification scheme will show organisations what good looks like."
Wood also said that the ICO will undertake the development of a certification scheme so that organisations can see what good looks like.
One of the pieces of research that Wood discussed was recently launched. On 18th February the ICO announced that it joined forces with the Greater Manchester Patient Safety Translational Research Centre to commission the Citizens Jury. It is a two-week research session set up to gauge public opinion of artificial intelligence. In particular it will look at whether they think people should always get an explanation for an AI-generated decision and under which circumstances they think explanations are most important.
The results of this research will go into guidance being produced jointly with the Alan Turing Institute. Wood also mentioned that through an AI fellowship, academics will work with the ICO on the topic of ‘explainability’ as well as creating an auditing framework for ICO investigators.
Overall, he said there has to be a two-pronged approach to increasing trust in data handling. “It has got to be a combination of empowering the individual and strong regulation. When those two work together effectively then we’ll really start to get somewhere.”
Steve Wood was speaking at the Open Data Institute Summit.