Unlocking the Value of Public Sector Data for Public Benefit minutes: February 2023

Attendees and apologies

• Angela Daly, University of Dundee (Chair) (AD)
• Ruchir Shah, Open Government and Civil Society Activist
• Annie Sorbie, University of Edinburgh
• Charlie Mayor, NHS Greater Glasgow and Clyde
• Carol Young, Deputy Director of the Coalition for Racial Equality and Rights
• Esperanza Miyake, University of Strathclyde

Demsoc

• Annie Cook and Emonie Ayiwe

Scottish Government Secretariat

• Christopher Bergin (CB), Lucille Brown (LB)

Apologies

• Alexander Weir, Canon Medical Research Europe Ltd
• Sophie Ilson, Scottish Government Secretariat

Non-attendance

• Colin Birchenall, Digital Office, Scottish Local Government
• Ronnie Kelly, Fujitsu UK

Withdrawal from IEG

• James Stevenson, Duo Verre Partnership LLP
• Mahlet Zimeta (‘Milly’), The Open Data Institute

Items and actions

Introduction

The Chair welcomed attendees and introduced Annie Cook and Emonie Ayiwe from Demsoc. 

Update on Demsoc Public Engagement commission:

• Demsoc had delivered two advisory public workshops (one virtual; one in-person) in January, on the draft high-level principles and data scenario-building, respectively
• scenarios focused on public sector personal data use by the private sector in relation to housing and Covid-19
• the feedback from this engagement had been synthesised and reflected in the Demsoc report, which had been circulated to IEG members, prior to the meeting

Feedback from workshops included:

• ownership of data – people would like access to, and control over, their own data
• many participants said they would be willing to give their data to the public sector, but were not willing for the public sector organisation to share this with commercial organisations 
• clear and transparent public information will increase public trust 
• key to building and maintaining public trust is storing people’s data safely and securely; being clear who is using it and for what purpose (using the data for its intended purposes only)
• people felt that building a better-informed consent model in Scotland would be helpful in preparing for the future
• UVOD principles and definitions (of public value, public interest and public trust), ought to be reviewed on an ongoing basis. It was acknowledged that people have different ideas of what is meant by these terms 

Key points raised in IEG discussion:

• the workshop feedback should be treated as an exploratory conversation with a small number of people on a wide-ranging topic (the topic of data ownership, for example, could be a project on its own)
• it was recognised that you get different results based on whether you talk about something generally, or in specific terms. It might be helpful to deal with these things specifically, in order to explore these issues in more detail
• you also need experts in the room to ensure the discussion is well-informed 
• subject to being signed-off, the group agreed it would be appropriate to publish the report, as part of the package of supporting documents / evidence that collectively informs the IEG’s report

The Chair thanked AC and EA for their valued contribution and for delivering the report in difficult circumstances, as Demsoc (their UK-based operations) had been liquidated, in the intervening period. The authors had finished the report in a freelance capacity. Demsoc had delivered the work commissioned by SG, with the exception of a webinar. 

IEG next steps

The Chair said it would be helpful to have clarity on the direction the Unlocking the Value of Data programme is taking, whilst recognising the IEG’s work is a component of a broader programme of work being taken forward by the SG. 

The IEG aim to finalise the report and deliver it to Scottish Ministers in March. The Chair will meet the Minster for Business, Trade, Tourism and Enterprise, to discuss recommendations and key aspects of the report. The Chair had recently met the newly-appointed Chief Data Officer for Scotland.

The Chair invited CB to provide an outline of next steps. 

IEG report publication - next steps:

• once the IEG report is published, it is expected the SG will issue an interim response, pending a more substantive response
• Scottish Ministers will consider the report and its recommendations, along with officials who will provide analysis and advice, from a policy perspective
• SG officials have begun scoping out the next phase of the project, aligning with SG data policy priorities and ethics work
• key aspects of next-phase activity will include close practitioner engagement, and establishing appropriate, strategic oversight and governance 
• post-IEG stakeholder and public engagement will be facilitated by the SG, as part of a coordinated and deliberative process of engagement, with the report functioning as a key reference point in the broader debate
• whilst there is no obligation on part of SG to implement the IEG’s recommendations, the Chair hoped this work would be useful in informing next steps 

Webinar

The Chair turned to the issue and practicalities of holding a future webinar, to discuss the outputs of the IEG. 

Key points raised in discussion:  

• Dundee University Leverhume Research Centre for Forensic Science has the capability to organise / support an engagement event
• this could be an opportunity to talk about the principles and recommendations, but would need to comply with SG guidelines
• CB pointed out that any post-report communications or engagement activity that former IEG members may wish to undertake, would be in a personal capacity only, i.e. not be under the aegis of the IEG, as the IEG will disband upon the report’s publication 
• if a public engagement event went ahead, it would need to be made clear it was independent of SG, and not representative of the views of the SG, so people are clear about the distinction

Action: CB to circulate SG guidelines on protocol for post-publication activity. 

Publication process 

LB updated the group on practicalities regarding the planned publication of the IEG report and the supporting documents (underpinning evidence).

Key points raised in discussion:

• work is underway to ensure the three literature reviews comply with SG publication and accessibility guidelines 
• the three literature reviews will be published at the same time as the IEG report, as standalone publications with ISBN numbers 
• the IEG is currently considering the literature review recommendations, and where they overlap and complement the IEG's draft recommendations. 
• further discussion is required on the creative dimension: visuals, style and format of the final report 
• for the report to be published in March 2023, it would need to be submitted to the publishing contractor by 10 March, as a lead-in time of three weeks is required by the contractor. However, it could be published in April
• the case for simultaneous publication of the final report and the full SG response was considered. It was noted that this approach had been taken for the Policing Emerging Technologies Report (published: 22 February 2023)
• the decision on whether to the Demsoc report at the same time, is still to be made by the SG
• the IEG report is the intellectual property of the SG

Finalisation of IEG Report

The Chair provided an overview of progress.

Key points:

• the Chair and group members have been working on refining the draft report
• the report is consequently longer, but important parts can be foregrounded so as not to be obscured 
• the Chair has focused on refining the Principles - many of the recommendations flow from the principles 
• the (right to) ‘opt-out’ principle had been the subject of much discussion with the practitioner forum
• there was consensus for removing the opt-out principle and not replacing it with a new principle, on the grounds that aspects will be integrated with other principles, or other parts of the narrative 
• need to refocus on how the public/s can help the public sector engage with its data, and how this can be addressed (and the infrastructure required), much earlier in the process
• who owns public sector data? Government or public sector agency owns the IP for databases, but the idea of data ownership is a big topic in data protection academia. The paradigms of property law do not fit with data
• ownership is problematic in the case of tech companies ('black box society' and the impossibility of controlling data once on platforms
• in any interaction with a public body, data is collected about an individual that is proportionate to providing a service, safely and securely, under a public duty
• to be added to the report: Recognition that individuals should have the right to have an interest in what happens to their personal data held by the public sector, and what happens to this data 
• there was consensus that precaution could be merged with other principles, (‘Public Internet and Benefit’ and ‘Do No Harm’), where it would be better expressed. A stand-alone principle potentially muddies the water and could provide justification for not doing anything
• the text, "if something harmful occurs, this should be addressed immediately", will be added to the narrative
• it was acknowledged that you can never bring harm to zero – in some cases, stopping doing something (e.g. vaccination process) would do even more harm 
• the Chair highlighted the need for transparency about the reasons for textual changes, e.g. reflecting input from practitioners, lack of consensus

Any other business 

The Chair summarised the wrap-up process and publication of final IEG Report. She noted her interest in convening an additional, informal meeting or co-writing session.

The Chair thanked IEG members for their participation and important contribution to the work of the IEG since March 2022.