What does the new data protection law say about British politics?

A new fear is quietly stalking the land, haunting administrators of businesses, charities, schools and even political parties. It is called the EU General Data Protection Regulation 2016 (GPDR). It replaces our old friend the Data Protection Act 1998 with a set of regulations that are much more onerous. The usual experts are going back and forth gleefully stoking up fear, no doubt in the hope of consultancy fees and demand for training courses. But even allowing for their exaggerations, the change is significant. The politicians, meanwhile, are nowhere to be seen.

This is information politics in action. Loyal readers of this blog will know that I think that information politics should be, and will be, one of the most critical areas of political engagement, notwithstanding its current neglect. The political issues raised by this legislation illustrate that rather well – and the failure of the British political establishment.

To simplify gloriously, there seem to be three main approaches to data regulation: the American, the European and the Chinese. The Americans are giving general freedom to businesses, leaving privacy largely a matter for civil law to be resolved between businesses and citizens. They do, however, want to place limits on government abuse; many Americans are more worried about Uncle Sam prying on them than Google. The Chinese believe in complete government control, with no right to individual privacy. The Europeans believe in strong privacy rights backed up by criminal sanctions, and severe constraints on government agencies too. The GPDR, as its full title suggests, is very much in the European tradition. The purpose of the the extra regulations is to enhance individual rights to privacy, with rights to rectification, erasure and access. So citizens have a right to know what data is held on them, to correct errors and to be forgotten if they want. That means that the organisations have to know themselves how their data relates to individuals, and to make corrections and deletions accordingly. The new rules are altogether more thorough than their predecessors. They cover all data, not just electronic databases; political parties, which only caught the fringes of previous law, face much more onerous requirements, as do many charities.

What are the implications? It will put a lot stress on small organisations, something the British civil service will shed no tears about; they have always preferred to deal with a small number of big agencies. But some bigger businesses are going to find the going harder too – notably Google and Facebook. Mostly organisations will manage the risk by holding the minimum possible amount of data on their own behalf, digital and otherwise. Ironically this may be no bad thing for efficiency. Efficient people and organisations travel light. It’s an old trick of personal organisation: if you destroy everything, then you don’t waste time looking for things. Clever service businesses should be able to design inexpensive support systems that allow small organisations to comply with the regulations, once they have got into the habit of holding no paper records and regularly purging the digital ones. But until organisations realise that this is the new way, there is going to be a bumpy ride. The law may turn out to be almost impossible to comply with – and feel a bit like one of those Russian laws that are intentionally impossible, to give state agencies more arbitrary power.

But surely Brexit will come to the rescue? If there was an example of onerous European regulation that we can be freed from, then this must surely be it. Why can’t we now move to a more light-touch American regime? Alas no; the British government have made it very plain that this law is built to last after the country leaves the EU. Indeed, I understand, the law has been gold-plated to make it more onerous than the European standard. For what reason I’m not entirely sure; the government just seems to think it is a good idea.

Which it may be. These new rights do empower the citizen. Once explained to the public, they might very well like the new law. They would certainly not think that political parties, for example, should be given a free pass, and the rights to access and rectification look basic. The American way, where big businesses have excessive sway, is not necessarily the best. But it is a political choice, and there has been next to no political debate; if there was any, I missed it. This says a lot about how British politics works. A European regulatory proposal comes along; British officials decide whether they like the idea or not, and negotiate with other EU interests accordingly. They then present it to the British parliament as a fait-accompli, and promptly embellish it. And then it gets dumped on the British public with a shrug. It is no wonder that so many intelligent people became fed up with the EU. The British political establishment is using it as a way to bypass awkward political discussion; no doubt this happens in other European countries too. It is a colossal failure of the political class, but in a long British tradition. British institutions have long thought that secrecy over decision-making ensured its integrity.

Why wasn’t there more political debate? This could, or should, have happened at two distinct stages. The first was when the directive was being put together at EU level. The British government clearly had opportunities to intervene if it wanted to – and probably did, but with the minimum of consultation with its own people. And failing that there was the European Parliament. These institutions failed. Brexiteers will suggest that this is an example of arbitrary Brussels lawmaking; Remainers that it is a failure of the British political class to exercise their responsibilities properly. The second possible intervention was when the directive was translated into British law, when Parliament had a chance to scrutinise the proposals. If the directive was indeed gold-plated, then this would have been the appropriate moment to challenge it. But neither the popularly elected commons, nor the supposedly hard-working and expert Lords seem to have done very much.

Behind this there is a deeper failure. Who are the advocates of a different approach, easier for small organisations, profit or non-profit, to manage? Labour aren’t instinctively for enhancing individual rights, they aren’t very interested in making life easier for businesses either. Some on the left probably hanker after a more Chinese model of data regulation – but that is only hinted at in some dark statements on cracking down on tax evasion. The Lib Dems are not inclined to challenge European integration, which GPDR is part of, and anyway probably quite like the enhanced individual rights, in principle anyway. But you would have expected some resistance coming from the Conservative Party.

Alas no. The radical Brexiteers aren’t interested in detail. To them deregulation is a theoretical idea where somebody else has to do all the hard work subject to their backseat driving. The pragmatists are happy enough to go along with European integration. I have heard a bit of talk that there is fresh new thinking in the party, led by a crop of bright new MPs recruited in David Cameron’s tenure. If so you might expect that somebody would make the running and present a vocal challenge to the new regulations, and an alternative vision on how data regulation should work. But so far there is silence.

The truth seems to be that few British politicians have thought deeply about how me manage privacy and data, and therefore recognise the nature of the choices they are making. That is very disappointing.


Information technology is enslaving us: we must learn to master it

I have a new hobby horse: the politics of information. The development of information technology is transforming our lives, but the politicians are being left behind. This is becoming at least as important as economics and finance to the way we live our lives.

But we amateurs face a problem. The IT industry obfuscates everything in jargon and tech-speak. It is easy to get intimidated. In the FT Gillian Tett draws a parallel with the finance industry before the great financial crisis of 2007-08. It is liable to end just as badly. We really must try to hack back the thicket.

I’ve been here before. Back in the 1990s I was appointed Director of Information Systems by my firm, in spite of having no direct IT background. I was nearly suffocated by the jargon and tech-speak. But gradually I came to realise that IT wasn’t as complicated as people were making it out to be. In fact it wasn’t fundamentally more complex than the average office filing system in pre IT days, and it was dealing with much the same issues. If you stuck to firm logical ground, the techies would retreat. I found a world dominated by bluff and which reasoned in a series of attractive sounding non-sequiturs. People were watching each other and saying whatever they had to to fit in. With just a little clarity of thought you could get a long way.

So I will take a deep breath and start to think about the world of information systems and technology, even though it is a very different one from where I left it in the 1990s, or even in 2005, when I stopped working with information systems professionally as a user.

And so to the basics. How do we, as people, manage information? We do two basic things. The first is to gather data from the world around us. The second is to process that data into information that we can use to achieve goals both passive (looking out for danger) and active (finding food, say). All this requires us to be both aware and focused – two things that tend to be mutually exclusive. How humans (and other animals) do this is a very complex process that is only very loosely understood by scientists. The interesting thing is that at its core is a duality – the outwardly referenced right brain, and the inwardly focused left brain. I am currently reading Iain McGilchrist’s The Master and his Emissary¬†which builds a substantial intellectual critique of the modern world from a right-brain left-brain duality. At this stage, though, all I want to say is that the outward/inward duality is central to the understanding of how we deal with information.

This duality is recognisable in the way modern technology works. Here I think it is useful to distinguish between what I would call “big data” and “useful data”. Big data is the amassing of data from many sources. In the modern age this is often from such things as video footage, photographs and sound recordings. But big data is not directly usable to achieve anything. To do that it has to be reduced to patterns and digits that are useful data. The big modern development is the use of artificial intelligence (AI) to achieve this. Previously, useful data was mainly gathered through human input.

There is one key point that needs to be understood about the useful data sitting in computer databases. It works on the principle of distillation. It is an infinitesimal subset of the real world, and even that is before you deal with problems of reflecting time. To move from the real world to this data requires a series of simplifying judgements.In practice this means that data does not multi-task well. To be efficient the data has to be referenced to a particular need, and it will serve other needs less well. And yet the pressure to make such data multi-task is enormous. And this leads to widespread problems.

Lets take an example. One commonly used bit of data is the British postcode. It is designed to delineate postman’s walks to organise mail delivery. It is not designed to reflect insurance risks, for example – but it is often used for just that purpose. As an example I was told by an eminent geologist about how he was asked to assess landslip risks in a town’s postcodes. He found one code which consisted of a valley with no homes in it, with the edge of the town where people actually lived. The landslip risk in the valley was high, but in the town it was negligible. So how to rate the risk for that postcode? According to the rules he was being asked to abide by, he should rate it as high. And yet that would mean that the homes in that code would be overcharged for their insurance. He refused to do it; but doubtless the insurance company found somebody more compliant. Why should they care about a bit of collateral damage? That kind of problem¬† predates modern IT, but technology allows it to proliferate in multiple hidden ways.

That perhaps illustrates the scale of the challenge that IT presents to liberal values. We as individuals are being made to conform to a world of arbitrary categories, because that is more convenient for systems builders. Instead of technology giving us more control over our lives, it is forcing us to conform to somebody else’s will.

But humans can be masters of technology, rather than being slaves to it. That is the liberal challenge.