How do we create conditions for getting the best value out of data while protecting the interests of...

20 December 2019


Reported by: Alex Kell EPSRC-funded Policy Intern (September – December 2019)

Academics, policymakers and industry leaders gathered for a meeting of CSaP's Continuing Policy Fellows at the Royal Society to explore how the UK might develop appropriate frameworks for data governance in the 21st century.

In a discussion led by Dr Natasha McCarty, Head of Policy at the Royal Society, and Professor Anthony Finkelstein, Chief Scientific Adviser for National Security, participants discussed privacy enhancing technologies; opportunities and barriers to technology implementation over the coming decade; and the potential for privacy enhancing technologies to allow for the analysis of diverse datasets while maintaining privacy.

Throughout the discussion, Dr McCarthy introduced the potential of privacy enhancing technologies as a means to strike an appropriate balance between protecting individuals’ privacy and the social benefits of using personal data. She challenged participants to consider whether there are cases, particularly where client protection is provided, where socially valuable datasets should be accessed and used for society’s benefit. For example, secure multiparty computation allows for the computation of a function without collecting all of the datapoints in the set in a single place. This technology could be used to generate a clearer picture of the cross-sector gender pay gap, without requiring companies to collate salary data in a single place.

Meanwhile, Professor Finkelstein’s contributions focused on technological innovations which could further enhance data privacy. This included homomorphic encryption, a technology which allows computation on encrypted data; privacy calculus to assess proportionality; and searchable encryption - which allows individuals to outsource encrypted data to the cloud while maintaining the ability to search the data remotely. Other potentially useful technologies include private information retrieval, which allows for the query of a database without revealing the nature of the query; zero knowledge proof – which proves that an entity knows something without revealing details of how that entity knows it; and computational smart contracts utilising blockchain.

Prof Finkelstein further explained how personal data could be trusted to third parties to monetise and manage data on our behalf through the personal cloud or through data co-ops. Here, personal clouds allow members of the public to provide data in exchange for micro-payments, while data co-ops rely on individuals’ trust in the co-ops to hold and manage data on the public’s behalf.

In addition to discussing the technical feasibility of these technological approaches to data management, event participants examined the feasibility of implementation from the perspective of public acceptance and governance structures. While some questioned how the public would react to these data management techniques, Professor Finkelstein suggested that the public is remarkably accepting of complex algorithms whose consequences may not be broadly understood. Furthermore, he pointed out that some of these data management approaches are already fully functioning and are in use by government entities such as the NHS.

In implementing these technologies, Dr McCarthy emphasised the need to have a good governance structure to protect the privacy of data. If good governance structures are built, she suggested that the potential benefits of analysing diverse datasets could be transformative in both industry and in the policy domain. These technologies and datasets may then be of use banks with datasets in multiple jurisdictions, supply chain monitoring, reducing the spread of fake news, and increasing transparency in markets.

Photo credit: Quinn Dombrowski -