Out-Law News 3 min. read
16 Sep 2015, 4:39 pm
The government announced that it is working on a new 'Trust Framework' for the commercial use of personal data in a response it published to a report the Science and Technology Committee in the UK parliament had issued on uses of biometric data and technologies earlier this year.
"The government is working with the Digital Catapult and the British Standards Institution, along with businesses and consumer representative bodies, to develop a ‘Trust Framework’ for commercial use of personal data," the government said (13-page / 168KB PDF). "The Framework is being designed to give consumers more clarity and a greater level of control on how their data is collected, stored and used by companies. The Digital Catapult is looking to run a number of pilot projects over 2015, with the aim of completing the initial stages of the Framework by March 2016."
In a blog published in July, Digital Catapult chief commercial officer Andrew Carr said the development of new products and services will be accelerated where data is used in "a consented, trusted and transparent way".
In its March 2015 report, the Science and Technology Committee at the House of Commons criticised the government for its delay in publishing a "comprehensive" strategy on how it intends to use biometrics as a means of enabling access to government services and what conclusions it has reached on the "associated ethical and legal implications" of doing so.
In its response, the government said that it intends to publish separate forensic and biometric strategies before the end of this year.
"The government recognises the need to develop a strategic approach to the use and retention of biometrics," it said. "This approach should recognise that biometrics is fast-changing and provides opportunities for better secure identity verification, better public services, improved public protection and the ability to identify and stop criminals. This should be balanced against safeguarding the rights of the individual from unnecessary intrusion. The government’s biometric strategy and associated policy framework will support an aligned approach on the use and retention of biometrics and how its implementation is governed."
The government also responded to a recommendation from the Science and Technology Committee that its biometric strategy should address "public concerns about the security of personal data and the potential for its use and misuse". The Committee had said that "high profile cyber-attacks and data loss incidents have undermined the public's confidence in the ability of both government and industry to store their data securely". It said that data security should not be "an optional extra".
The government said that Home Office systems that hold biometric data deploy "defence in depth measures" to protect that data from being accessed by unauthorised individuals. It said the measures are "subject to regular effectiveness reporting and are subject to third-party assurance and annual assessment to ensure their fitness for purpose". It also said that a 'secure by design' philosophy is adopted at the beginning of projects that will concern the use of biometrics data.
The government's response to the Science and Technology Committee comes just days after privacy watchdog the European Data Protection Supervisor said that ethical use of data (21-page / 1.28MB PDF) must be accounted for in EU policy making.
"Policy makers, technology developers, business developers and all of us must seriously consider if and how we want to influence the development of technology and its application," Giovanni Buttarelli said. "But equally important is that the EU consider urgently the ethics and the place for human dignity in the technologies of the future."
"Data protection principles have proven capable of safeguarding individuals and their privacy from the risks of irresponsible data processing. But today's trends may require a completely fresh approach. So we are opening a new debate to what extent the application of the principles such as fairness and legitimacy is sufficient. The data protection community can play a new role using existing tools like prior checks and authorisations - because no other bodies are equipped to scrutinise such data processing," he said.
"With technology, global innovation and human connectedness developing at breakneck speed, we have an opportunity to attract attention, to trigger interest and to build a consensus," Buttarelli said.