Skills and infrastructure

1.  We have seen repeatedly that the UK is not producing the technically proficient people required to support modern businesses. In our report, Educating Tomorrow's Engineers, we concluded that, despite the Government's recognition of the importance of engineering skills, there is a persistent gap in the numbers of engineers required to achieve economic growth. Data science is yet another skills area that urgently needs to be addressed if the UK is to be able to build an economy that can compete on the global stage. It is essential that the Government ensures that data science skills are promoted in educational institutions and within organisations that are able to provide data skills development. (Paragraph 21)

2.  We repeat our recommendation, from our report, Educating Tomorrow's Engineers, that learned societies, professional institutions and trade bodies put an obligation on their members to systematically engage in promoting data science skills through a structured programme of educational engagement. We request that the Government detail to us, in its response to this report, how it intends to ensure that organisations take part in a national effort to promote data science skills within the current and future UK workforce. (Paragraph 22)

Government use of data

3.  Real buy-in from members of the public for the use of their data is most likely to be achieved by delivering well-run services, which meet the expectations of customers. There are some excellent examples of administrative services that already exist in the UK, which demonstrate exactly what the UK should be aiming for: one shining example is paying your road fund license on the DVLA website, an easy-to-use and efficient service. Services such as these provide benefits to both the service provider and customer, providing a trusted platform for the exchange of data and service. care.data is a clear example where this trusted relationship failed to develop. (Paragraph 28)

4.  Members of the public do not appear to be wholly against the idea of their data being used by Government institutions, but support for data usage is highly dependent upon the context within which the data is collected. The Government should have learned from the experience with care.data and we recommend that the Government develop a privacy impact assessment that should be applied to all policies that collect, retain or process personal data. (Paragraph 29)

Better information for users of online services

5.  We note that a primary concern of the general public is that it is unable to limit the misuse of personal data by large organisations, but we recognise the work of the ICO in addressing some of these issues. We are attracted to the position of the ICO that big data should play by the same rules as every other form of data processing. It is essential that organisations operate in a transparent manner, allowing public confidence to flourish in light of knowledge about the way that their data is used. The UK is already a leading player on the global stage in using social media data and we are keen for this status to be maintained, but only if that can be achieved while ensuring the personal privacy of UK citizens. (Paragraph 35)

6.  We are not convinced that users of online services (such as social media platforms) are able to provide informed consent based simply on the provision of terms and conditions documents. We doubt that most people who agree to terms and conditions understand the access rights of third parties to their personal data. The terms and conditions currently favoured by many organisations are lengthy and filled with jargon. The opaque, literary style of such contracts renders them unsuitable for conveying an organisation's intent for processing personal data to users. These documents are drafted for use in American court rooms, and no reasonable person can be expected to understand a document designed for such a niche use. We commend the Information Commissioner's Office for investigating ways to simplify the contents of terms and conditions contracts and ask the Government, in its response to this report, to detail how the public at large will be involved in arriving at more robust mechanisms for achieving truly informed consent from users of online services. Clear communication with the public has been achieved in the past, for example in the use of graphic health warnings on cigarette packets. Effective communication with the public can be achieved again. (Paragraph 49)

7.  We consider it vital that companies effectively communicate how they intend to use the data of individuals and that if terms and conditions themselves cannot be made easier to understand, then the destination of data should be explained separately. We recommend that the Government drives the development of a set of information standards that companies can sign up to, committing themselves to explain to customers their plans to use personal data, in clear, concise and simple terms. In its response, the Government should outline who will be responsible for this policy and how it plans to assess the clarity with which companies communicate to customers. Whilst we support the Government in encouraging others to meet high standards, we expect it to lead by example. The Government cannot expect to dictate to others, when its own services, like care.data, have been found to be less than adequate. We request that the Government outline how it plans to audit its own services and what actions it plans to take on services that do not meet a satisfactory level of communication with users about the use of their personal data. (Paragraph 54)

Regulating the use of personal data

8.  There is a qualitative difference between requesting personal information when registering for a service and requiring that same information. Companies should have a greater responsibility to explain their need to require (and retain) personal information than when they simply request it. We welcome the work of the Information Economy Council and recommend that the Government use that work to provide companies with guidelines to aid organisations in deciding what information they should require and how that, and the subsequent use of the data, might be managed responsibly. We expect the Government, in its response to this inquiry, to outline a draft timetable for when businesses might expect to receive Government endorsed guidelines in this area. (Paragraph 57)

9.  In our report Malware and cybercrime we noted that the UK Government has a responsibility to protect UK citizens online, in an extension of the protections that are conferred on citizens in the offline world: a responsibility the Government accepted in its written evidence to this inquiry. As the majority of popular social media platforms are head-quartered in the US, we find it essential that the Government revisit all international agreements, including the US-EU safe harbour, to ensure that they protect UK citizens. We ask that, in its response to us, the Government outlines the international agreements that currently exist where it has ensured that the data of UK citizens will be guarded as well as if it were within UK legal jurisdictions. (Paragraph 64)

10.  We consider an internationally recognised kitemark to be the first step in ensuring the responsible use of the data of UK citizens by both social media platforms and other organisations. We are pleased that the Government seems to be working toward this end and recommend that, in its response to this report, it provides a draft timetable for when proposals for a kitemark can be expected. (Paragraph 69)

11.  We have become increasingly concerned that the benefits of data sharing that might be achieved, in both governance and economic growth, are at risk because the public distrusts the technology and some organisations that provide online services. The Government has been working to provide an identity assurance scheme that would give those in receipt of Government benefits an online presence so that individual citizens can manage their personal details in their transactions with the State. This scheme could be the basis for all UK citizens to have a protected, online identity that could be used, if the Government was willing, for both governance and online commercial activities. (Paragraph 70)

Protecting the interests UK citizens online

12.  We have also seen that the Government's approach to online safety has been piecemeal and conducted tactically to meet immediate needs with little evidence of any horizon scanning. The Government should be considering now how it wants UK citizens to engage with both governmental and commercial online services. It should be seeking to provide a platform for UK citizens to engage those services without unnecessarily risking their personal data and enabling its citizens to make informed choices about what data to share, with whom and for what purpose. Future prosperity will be impacted by how well information flows between government, citizens and business. The Government needs to begin work so that all of its citizens have firm and secure foundations from which to build their online functionality. (Paragraph 71)