The Open Data Institute commissioned us to explore the role that regulators, industry bodies and professional bodies can play in creating the conditions to share, use and re-use data in a trustworthy way.
The United Kingdom’s exit from the European Union has sparked widespread policy reforms. Data sits at the heart of many of these changes.
In November 2021, the UK Government’s Department of Digital, Culture, Media and Sport published their policy framework for Mission 1 of the government’s National Data Strategy. The framework lays out the steps the government plans to take to “unlock the value of data across the economy.”
In that sense, the UK government aspires to create conditions to make data more available, accessible and usable. At the same time, the framework highlights that the government wants to protect people’s data rights and the intellectual property of private enterprises.
The government hopes these steps will lead to improved productivity, business and job creation, and scientific breakthroughs, while at the same time ensuring the responsible and fair use of data.
Within this policy framework the Open Data Institute’s programme of work on data assurance plays a relevant role. It is intended to ‘explore and develop tools and guidance to help organisations to assess, build and demonstrate the trustworthiness of data and data practices’.
As part of the data assurance programme, the Open Data Institute commissioned us to explore the role of regulators, industry bodies and professional bodies in creating the conditions for sharing, using and reusing data in a trustworthy way.
What is data assurance?
Data, when shared with those who need it, can lead to multiple benefits. It can improve decision making, support the design and implementation of more effective policies, and help lead to innovation. But when used irresponsibly, data and data sharing can cause harm.
The scandal surrounding Cambridge Analytica, the consulting firm that harvested the data of Facebook users without their knowledge and then used that data to target individuals to influence their votes in the 2016 U.S. presidential election, powerfully demonstrates the harm that the untrustworthy use and sharing of data can cause.
Fear of causing harm, however, can lead to organisations avoiding the sharing of data, which limits the potential for beneficial uses of data.
That’s where data assurance comes in. Data assurance, as defined by the Open Data Institute is ‘the process or set of processes that increase confidence that data will meet a specific need, and that organisations collecting, accessing, using and sharing data are doing so in trustworthy ways’.
Organisations that share data need to provide assurance that it is good quality data suitable for others to access, use, and share. Organisations that reuse data need to demonstrate that they are trustworthy in their use of data from third parties, and organisations need to be able to assure themselves that data is suitable for their own use.
Role of regulators, industry bodies and professional bodies
Regulators, industry bodies and professional bodies, our research found, can play an important part in helping to build trust in data and data practices. All three types of organisations have influential roles in the sectors they operate in.
The organisations themselves access, use and share data, and can also influence the data practices of others. These three types of organisations can use the influence that they have to support, encourage and create incentives for data assurance practices.
Our research found that all three types of organisations have opportunities but also face challenges to implementing data assurance.
In the UK’s rapidly changing policy context, data assurance has become an even more valuable tool in maintaining confidence in data practices and supporting the flow of data between organisations, industry and governments.
Regulators, industry bodies and professional bodies can draw on their existing powers to help push for more data assurance activities. Different sectors, however, are at different stages of data and digital maturity, so many organisations may need extra help in designing and adopting data assurance schemes.
Suggestions for regulators, industry bodies and professional bodies
We identified suggestions for regulators, industry bodies and professional bodies, focusing on the steps they can take to help create conditions to share, use and reuse data in a trustworthy way.
All three types of organisations can:
Lead by example by modelling industry-leading practices with the data they collect and hold
Regulators often collect and hold data for their sector, industry bodies often steward data, and professional bodies collect and hold membership and other relevant data. With the data they regularly collect, all three bodies can model best practices for data assurance.
Integrate data assurance into existing initiatives
Data assurance can be built into existing regulatory interventions like food product labelling, or by offering training and professional development programmes which introduce trustworthy data practices.
Share and collaborate with others in their sector and across sectors in order to build trust
All three bodies can collaborate with others to develop standards, guidance or best practice, collaborate with researchers addressing key themes in machine learning datasets, and share successful approaches to introducing new data assurance schemes with each other.
Undertake reviews to determine the best types of data assurance activities to address the specific challenges they face
This will help to understand where trust is lacking and how best to build it.
To read more about our research, see the Open Data Institute’s website.