Royal Society – Supplementary written evidence (LSI0126)

A letter sent by Professor Ottoline Leyser CBE FRS, Chair, Royal Society Science Policy Advisory Group and Co-Chair, Data management and use: Governance in the 21st century following an evidence session on Tuesday 21 November 2017.

Thank you again for the opportunity to come and speak with your Committee. I am writing to clarify a couple of issues that were raised during the session relating to the Data Protection Bill and the creation of a stewardship body, as recommended by our report Data management and use: Government in the 21st Century.

In the 2017 Budget that took place the day after we spoke, the Chancellor outlined the government’s plans to establish a new Centre for Data Ethics and Innovation. I understand that the body will initially be established on an interim basis and is intended to help the UK set world-leading standards in areas like liability, explainability, IP, and frameworks for data sharing such as “data trusts”. We are encouraged that the Government is investing in such a body, which reflects our recommendations. This body should have a firm focus on the future challenges that new technologies present, and we look forward to working with Government to shape it and hope that parliament will play a robust role in scrutinising this.

We are also supportive of the Nuffield Foundation’s planned Independent Convention to tackle the ethical and social issues arising from data use, artificial intelligence and associated technologies. The Foundation is working closely with a number of organisations, including the Alan Turing Institute, Royal Society, British Academy, Royal Statistical Society, Omidyar Network, TechUK and the Wellcome Trust and the intention is to have established this body in 2018. These two bodies will undertake different, complementary roles in what is a complex landscape where a number of governance functions need to be fulfilled. The Convention can take a long-term view on fundamental issues and questions across the landscape that emerge on the horizon, while the Centre for Data Ethics and Innovation is well-placed to focus on more near term issues and needs, linked to government functions and able to advise on legislation and regulatory frameworks, alongside other aspects of governance.

The Industrial Strategy published on 27 November includes plans for an AI Council, supported by a new government Office for AI. In order to support rapid adoption of AI technologies at scale with public confidence, it will be important for these to work closely with the Centre for Data Ethics and Innovation.

The Data Protection Bill, which has just completed Committee stage in the Lords, focuses on the processing of personal data. It is important to ensure that the provisions within the Bill strike a sensible balance between enabling research that accesses personal data to be undertaken safely and securely, while also protecting individual rights. The Society has been working closely with the Wellcome Trust to ensure that the Bill does so, recognising that definitions within the Bill need to be carefully designed to enable such research across different sectors as personal data is important to many sectors. Ministers have now provided assurance that ‘public interests’ can be used as a legal basis for research in universities and other public bodies. However, this must now be made clear in associated guidance to provide legal certainty for organisations.

However, due to its focus on personal data (a definition that is itself under unprecedented strain in the face of new big data technologies that render ever more information personally identifiable), while it is important to ensure that the Bill does not create unnecessary barriers to unlocking the benefits that uses of data-enabled technologies promise, the Bill alone is not the vehicle to provide a new governance framework for the 21st century. Data protection law is only a small portion of the relevant legal landscape for data-enabled technologies. The broader relevant governance landscape includes regulators with mandates touching on aspects of data governance, such as the Competition and Markets Authority, Ofgem, Ofcom and the Financial Conduct Authority (FCA).

Many of the benefits of new data-enabled technologies may come from finding ways to link personal data, covered by the Data Protection Bill, with data that falls outside this definition, and the aggregation of data sets from different sectors. These technologies are developing faster than the law, and the pace of change can create uncertainty within which organisations have to operate and can also erode public confidence.  Regulatory regimes lack the agility required in a rapidly changing world. Current systems appear to require individual grievances about new technologies to reach a critical point before uncertainty can be addressed and clarification sought. Without agile governance frameworks, in addition to legislation, that can give researchers, entrepreneurs and decision-makers sufficient confidence about acceptable uses of data (in the eyes of the law and the public), applications that would have been widely welcomed may be missed.

That is why we recommend a set of high-level principles and a body to steward the evolution of the governance landscape as a whole. We have also clearly made the case that effective governance should focus on the uses of data driven technologies, not the technologies themselves.

The government’s announcement of a Centre for Data Ethics and Innovation is a helpful step. However, given the need for agile and evolving models to match the evolving challenges that data-enabled technologies will pose, it is important to recognise that much work will be needed to ensure that the Centre works effectively. As we outlined in our report, the exact form and functions of the Centre should be subject to political and public debate to ensure that the body earns public trust and enables the wide-spread take up of data-enabled technologies for the benefit of all.

29 November 2017