Written evidence submitted by techUK (DDA0017)


About techUK 


techUK is a membership organisation launched in 2013 to champion the technology sector and prepare and empower the UK for what comes next, delivering a better future for people, society, the economy, and the planet. 


It is the UK’s leading technology membership organisation, with more than 850 members spread across the UK. We are a network that enables our members to learn from each other and grow in a way which contributes to the country both socially and economically. 


By working collaboratively with government and others, we provide expert guidance and insight for our members and stakeholders about how to prepare for the future, anticipate change and realise the positive potential of technology in a fast-moving world. 








































techUK welcomes the opportunity to respond to the House of Commons, Science and Technology Select Committee’s Call for Evidence on the effective and ethical use of data and data sharing.


Data is foundational to the UK’s digital economy with an analysis suggesting it may have added as much as £241 billion in value to the UK economy between 2015 and 2020[1]. Successfully unlocking the power of data will create significant opportunities for Government, the public sector, industry, and citizens to benefit from greater use of data-led insights and data driven services. It will also enable other sectors, such as healthcare, to address its long-standing challenges in trying to deliver a preventative and population-based approach to health.


While the UK’s National Data Strategy (NDS) rightly identifies the need to build a pro-innovation regulatory environment, its success will depend on a strong foundation of data transparency and trust, that will afford citizens a suitable level of privacy and the confidence to use digital products and services. Taken together, the NDS, the consultation Data: a new direction, and the NHSX’s draft strategy, Data saves lives: reshaping health and social care with data have been welcomed by techUK in setting a bold vision for the UK’s data-driven future and starting the UK’s journey to achieving the ambitious goals of the NDS.


As we set out in our response[2] to Data: a new direction, reform to the UK GDPR will play a part in driving the UK’s data strategy, and techUK members support the Government’s intention to assert the importance of privacy through its data protection regime by addressing the potential harms of personal data use to citizens, while facilitating a more tailored and effective approach to data protection. Finding this balance will be vital to maintaining the trust of the public to use digital services, enabling innovation, and ensuring the UK upholds its adequacy decision with the European Union (EU), which could cost UK business up to £1.6 billion if lost[3].


However, when developing thinking on data, it is important Government considers that not all data is personal, and there is a role for other types of data (including operational, analytical, networks) and datasets (including structured, unstructured industrial, non-personal data, meta data) to be shared in ways that can benefit citizens and the economy.


To ensure this, engagement at all levels of Government and the public sector is necessary, and the NDS must outline clear plans on how it will coordinate projects with other Government data initiatives and develop strong leadership across all departments and bodies on data issues. Beyond this, regular cross-sector engagement and collaboration is needed to enable UK business to contribute meaningfully to the NDS and support Government and the public sector in understanding challenges to data sharing which extend beyond privacy, such as lack of common data standards, data access and interoperability between systems.


The NDS Forum, which techUK co-chairs, has been a welcomed and effective space for Government and industry to have these conversations, and we encourage Government to continue to facilitate such opportunities.


Below, we set out ways in which we see the two data consultations contributing to the delivery of the NDS, the role of privacy in developing public trust as well as potential gaps that require more thinking and targeted intervention by Government on data challenges. We explore these points by focusing on how the UK can:



For the UK to get its Data Strategy right, privacy and ethics must be considered at the start to inform how Government, the public sector, industry, civil organisations, and citizens can work together to tackle shared data challenges and unlock the value of data across the entire economy and society.


techUK’s full response to Data: a new direction can be found here[4] and the NHSX’s draft strategy, Data saves lives: reshaping health and social care with data, here[5].



Securing the right conditions for a trusted data protection regime


For there to be a strong sense of trust amongst the public, their privacy must be respected, and citizens must have confidence that their personal data is being shared and used in trustworthy and responsible ways. While techUK has welcomed the Government’s intention to revisit the data protection regime, reforms should ensure individuals continue to have suitable tools and mechanisms to make decisions about how their data is being used and access to avenues for redress, backed by an independent regulator. Preserving the data rights of individuals will also be key in maintaining the EU’s positive adequacy decision, which is seen as a symbolic standard for the UK’s high level of data protection.


While many of the reforms outlined in the consultation have been supported by techUK, there are proposals which may threaten the individual’s right to transparency by challenging existing mechanisms for redress. techUK advises that Government reconsiders the following proposals:


  1. Preserving Article 22 of the GDPR, which empowers citizens to clarify with organisations how their personal data is being processed in the context of automated decision making. Instead of its removal, techUK supports the proposal to amend Article 22 which would adjust the threshold for challenging automated decisions with significant legal effects, e.g., approval of mortgages.


  1. Rejecting the reintroduction of the nominal fee for Subject Access Requests (SARs). We believe the reintroduction of this fee would disincentivise and deter individuals from pursuing requests.


While the UK GDPR provides robust legal mechanisms to improve the privacy of individuals, there is still an important role for the Centre for Data, Ethics, and Innovation (CDEI) to play in providing expert advice to help guide industry and the public sector in its data-driven innovation.



Setting the direction on ethical data use


Ethical considerations should underpin the use of all data, especially in circumstances where risks to privacy or other fundamental rights are identified. The Data: A new direction consultation reflects the importance of ethics through its emphasis on combating bias and discrimination, and the necessity to use data for public good. It also raises some ethical concerns, specifically around changes to transparency mechanisms, as outlined above.

Data: a new direction, is a timely inquiry about the ethics underpinning the use and sharing of data in health and care contexts, as the UK responds to the impact of COVID-19. Responses to the pandemic have demonstrated the value of data-driven collaboration in health and care, where many innovative projects have applied the highest privacy standards. To ensure this remains the rule, ethics must play a role and techUK encourages that Government considers the following principles which should apply to all forms of personal data use:

  1. Making sure the purpose of collecting, using, and sharing data is clear at all times. Although the purpose may expand or change over time, the gathering, sharing, and processing of personal information must always fall under a legal base offered by the UK GDPR.


  1. Ensuring data is used in ways to support fair and ethical outcomes. Data can be immensely powerful in highlighting injustice and inequality, but it can also reinforce said inequality – for example in healthcare, where it can embed lower expectations for health outcomes for some demographic groups. Whether the data in question is used for quite simple statistics or complex AI systems, its impact should be closely monitored to enhance rather than diminish fairness.



Below, we explore the importance of governance mechanisms in helping to facilitate ethical data use and data sharing, as well as techUK’s understanding of how these responsibilities are spread across the data ecosystem. However, it is important to note that while ethical data use is about complying with legal requirements, it is also about actively investigating where we should go beyond these. This can be done through the development and deployment of ethical principles, codes, frameworks, advisory boards, and research projects. World-leading digital ethics institutions in the UK, such as the Ada Lovelace Institute and the CDEI, are paving the way in unpacking these ethical considerations.


techUK recognises and supports the CDEI’s role in being a government expert body, aimed at enabling the trustworthy use of data and AI, and providing useful guidance and cross-sector projects. However, it is important that the CDEI’s role is not conflated with one of governance, and to distinguish between the different mechanisms in place – from regulation and governance to guidance and consulting – to achieve the best outcomes from data use and sharing.


Governance arrangements for data-sharing in the public sector vary depending on the legal frameworks within each specific sector[6], and their effectiveness depends on the bodies overseeing each of those legal and regulatory frameworks. For more effective regulation, initiatives such as the Digital Regulation Cooperation Forum (DRCF), which facilitate more collaborative approaches between regulators, have been welcomed by techUK. For data governance within and across Government, techUK recognises the Cabinet Office’s Central Digital and Data Office (CDDO) as the lynchpin that ensures cross-departmental engagement and coordination on data initiatives and approaches to shared data challenges.


In the context of the data protection regime, techUK sees the ICO as providing UK business with pragmatic and proportionate guidance on its implementation. techUK has welcomed the Government’s consideration on expanding the ICO’s responsibilities and broadly supports proposals in Data: a new direction to bring it in line with other similar regulators, such as Ofcom. However, the effectiveness of the ICO is underscored by its independence, and we caution the Government against proposals that would allow Government and the Secretary of State to approve codes of practice or complex and novel guidance. This could create a conflict of interest between the Government and the regulator, putting the UK’s data protection regime out of step with international standards and challenging the EU’s positive adequacy decision.


With proposals in Data: a new direction and the CDEI helping to set the foundations for responsible and ethical data use and sharing, reform to the data protection regime could support in offering a pro-innovation regulatory environment that can help place the UK at the forefront of cutting-edge technologies.



Enabling responsible research and innovation


A thriving innovation-led market will be the bedrock for the UK to keep at pace with developments in emerging technologies such as the growth of AI, IoT, VR/AR and 5G, allow home-grown businesses to remain competitive internationally and help drive the UK’s ambition of being a global digital leader. Research and development is a major contributor to innovation, and also vital in helping to tackle pressing societal and economic issues, such as recovery from the pandemic, climate change and social inequalities. In the context of healthcare, data is being shared to enable R&D for disease prevention, diagnosis, and treatments, and could be more effectively shared across Government and public authorities to speed up the approval of new treatments and medication and pass supportive legislation to advance medical research based on real-time data.


However, feedback from techUK members suggests there are several regulatory barriers that are preventing organisations from pursuing such research projects, e.g., concern of falling afoul of the UK GDPR or being unable to the absorb administrative burdens that come with compliance. Data: a new direction proposes a set of pragmatic and common-sense reforms which techUK and members agree could help tackle some of these barriers, without undermining the privacy of the individuals concerned. Areas where the proposals could support include:


  1. Improving legal clarity and certainty on definitions and legal bases for data processing activities related to research. techUK is supportive of the Government’s proposals for a statutory definition of scientific research (which should capture commercial R&D) for data processing and seeking to clarify the research specific provisions within the UK GDPR.


  1. Removing limitations on the re-use of data for research purposes, by clarifying the legal bases for the (re)processing of personal data beyond consent, when thresholds are met and with suitable safeguards. This will better accommodate the serendipitous nature of research.


  1. Providing access to more data sets for the responsible, ethical development and training of AI systems. We support the research provisions outlined above which will provide organisations developing AI technologies more legal clarity and flexibility when processing personal data.


  1. Considering suitable safeguards to protect individuals from potential misuse or unlawful use of their personal data in the form of further guidance from the regulator (e.g., proportionate obligations to inform individuals on how their data is being (re)used in the context of research).


Additionally, members have supported the proposal in Data: a new direction, to clarify ways organisations can lawfully share data with Government agencies which could encourage greater collaboration between the public and private sector. However, Government and the public sector also holds a significant amount of valuable data that could support businesses in driving research and innovation. There is a clear gap in the NDS where focus should be placed on the opening up of Government and public sector datasets to support private and third sector development of innovative digital solutions such as digital identity. This includes the health and care sector, and techUK welcomes the NHSX’s detailed exploration of how a targeted data strategy can help to unlock the value of data within a specific sector.



Unlocking the power of data in health and care


As healthcare data is likely to be captured by the sensitive personal data category in the UK GDPR, individuals should always have full control and transparency over how their health data is being used and given the right tools, skills, and knowledge to manage it. The NHSX’s draft strategy, Data saves lives: reshaping health, sets out bold aspirations to transform the delivery and use of health and care services, as well as outcomes for patients, through the power of data and digital technology.


In techUK’s response to the NHSX’s draft data strategy[7], we have assessed its effectiveness, and have identified key areas that must be prioritised to drive its implementation:


  1. Building trust by having a broader conversation with the public about the use of their data. Government should engage in more meaningful dialogue with the public on how their data is being used and for what purposes, to help build a culture of data confidence amongst the public.


  1. Addressing cultural and organisational challenges, not just technical, regulatory, and legal, and knowledge sharing. Members agree that most challenges they encounter in supporting the NHS and social care to deliver on the commitments made are cultural rather than technical. Building a positive culture of trust and collaboration across and between the system and organisations is essential and can be delivered through the strategy by facilitating a knowledge sharing community.


  1. Putting greater emphasis on improving data quality. Despite progress in offering easy solutions for individuals to view summary care records, accessing records from secondary care and social care, as well as integrating valuable data from connected devices remains difficult, and points to the need for Government to adequately address the challenge of lack of common standards and interoperability in data management across organisations. In the Ten Point Plan for Healthtech[8], techUK called on the Department of Health and Social Care to centrally mandate, assess and enforce the use of interoperability standards through NHSX and NHS Digital.


  1. Having a greater focus on solving high impact problems at pace. Whilst members have welcomed the breadth of topics covered in the strategy, the concern from industry is that it is unclear which ones should initially be prioritised. We suggest that clarity is defined within the final strategy on the order of priorities, and the associated trade-offs. Certain deadlines appear to be in contradiction and therefore, a bigger focus on solving high impact problems first is recommended.


  1. Addressing the need for increased transparency with industry. Members have also called for the strategy to identify mechanisms that can be used to build trust between industry and the system to increase transparency around what is seen within the service as the role of the health tech industry.



Empowering public services through more effective data use


A final point to consider, is that the public sector holds a significant amount of valuable data, but the sheer volume and inconsistency in its collection and storage is overwhelming for public services, including resource-strapped local authorities lacking the appropriate data skills to tackle these challenges. While Missions 1 and 3 of the NDS plans to address some of these technical barriers, there is also a need to build a culture in which public services and Government are empowered to unlock the value of data, led by data champions who can encourage new ways of looking at and using data. For example, local council-led initiative Community Solutions[9] is being used to link datasets to provide insights that are driving targeted interventions to increase financial inclusion for vulnerable individuals. Projects such as these, which help to find solutions to everyday challenges, will be significant in enabling the UK to deliver on the vision set out in the NDS.


techUK welcomes the opportunity to provide more detailed evidence to the Committee on this point.


January 2022




[1] https://www.sas.com/content/dam/SAS/en_gb/doc/analystreport/cebr-value-of-big-data.pdf

[2] techUK response to DCMS consultation 'Data: a new direction'

[3] ucl_nef_data-inadequacy.pdf

[4] techUK response to DCMS consultation 'Data: a new direction'

[5] techUK response to the NHSX draft data strategy for health and social care

[6] E.g., for healthcare it includes the NHS Act 2006, the Health and Social Care Act 2012, the Human Rights Act, and the Data Protection Act, as well as oversight by the regulator.

[7] techUK response to the NHSX draft data strategy for health and social care

[8] techUK publishes Ten Point Plan for Healthtech to accelerate the digitisation of the health and care sector

[9] How can Data and Analytics help Local Authorities improve Financial Inclusion? (techuk.org)