General Data Protection Regulation (GDPR): what the public sector needs to consider

Graphic design image: three padlocks in front of a futuristic city.

By Steven McGinty

In March, the Information Commissioner’s Office (ICO) published the results of a survey into local government information governance as part of their preparations for the General Data Protection Regulation (GDPR), which comes into force on 25 May 2018.

Although the ICO notes that many local authorities have good data protection policies, there are still councils where work needs to be done. The survey findings include:

  • A third of councils do not undertake Privacy Impact Assessments (PIAs)
  • 26% of councils do not have a data protection officer
  • 50% do not require data protection training before accessing systems

Under the new GDPR the above findings could constitute a breach, and result in the ICO taking action against the offending council. Recently, the ICO fined Norfolk County Council £60,000 (under the Data Protection Act) for failing to dispose of social work case files appropriately.

What impact will Brexit have on the GDPR?

The UK Government has finally triggered article 50 of the Lisbon Treaty, starting the process for leaving the European Union (EU). However, this does not mean that the UK will escape the European Commission’s GDPR. Digital minister, Matt Hancock, has confirmed that it is in the UK’s best interests to ensure the ‘uninterrupted and unhindered flow of data’, stating that the GDPR would be fully implemented into UK law, even after we leave the EU.

Is the public sector exempt from the GDPR?

There have been reports that some public sector bodies believe that they are exempt from the GDPR. This assumption is based on the regulation’s special conditions and derogations, which allow member states to restrict the GDPR’s scope to safeguard the public interest (some countries, such as Denmark, already have exemptions for public sector bodies). Additionally, fining a public sector body has also been viewed as making little sense – taking from one public sector budget and placing it in another.

However, both of these assumptions are flawed. As the GDPR has been designed to enhance the rights of EU citizens, it would be against the spirit of the regulation to introduce blanket exemptions for the public sector. And it is certainly not unheard of for regulators to fine public bodies, such as the recent Norfolk County Council case, or the Hampshire County Council case in August 2016, where the council was fined £100,000 by the ICO for leaving social care case files in a disused building.

How does the GDPR differ from the Data Protection Act?

The GDPR has been described ‘as the most important change in data privacy regulation in 20 years’, providing greater rights to citizens and harmonising data privacy laws across Europe. However, to achieve this, new requirements have been placed on organisations. These include:

  • Personal dataArticle 4(1) of the GDPR includes a broader definition of ‘personal data’ than previous legislation. It states that any information relating to an individual which can be directly or indirectly used to identify them is personal data. Specifically, it refers to ‘online identifiers’, which suggests that IP addresses and cookies may be considered personal data if they can be easily linked back to the person.
  • Privacy by designThe concept of ‘privacy by design’ is not new, but Article 23 of the GDPR makes this a legal requirement. In essence, it means that public sector bodies will have to consider data protection at the initial design stage of product development. This could involve adopting technical measures such as pseudonymisation – the technique of processing personal data in such a way that it can no longer identify a particular person.
  • Data Protection Impact Assessments (DPIAs) – As the ICO’s research highlights, a third of councils do not undertake any form of privacy impact assessment. From May 2018, public sector organisations will have to carry out DPIA’s for certain activities such as introducing new technologies and when processing presents a high risk to the rights and freedoms of individuals. In the latter case, organisations will need to consult the ICO to confirm they comply with the GDPR.
  • Appointment of a Data Protection Officer (DPO)Article 35 of the GDPR states that public bodies must have a designated Data Protection Officer. This can be an existing employee, as long as there is no conflict of interest, or a single DPO can represent a group of public sector bodies. As the ICO research suggests (26% of councils do not have a DPO), this is one of the main areas where councils need to improve.
  • Data portability– Public sector organisations must ensure that personal data is stored in a ‘structured, commonly used and machine readable form’, so that individuals can transfer data easily to other organisations. For instance, suitable formats would include CSV files.
  • Strengthening subject access rights– Individuals can now request access to their data for no cost and must be responded to within 30 days (this is a change from the Data Protection Act which requires a £10 fee and there is 40 days to respond). For complex cases, this can be extended by two months. However, individuals must be notified within one month and be provided with an explanation. These requests could prove time consuming and costly for public sector bodies, and as such, supports the case for introducing digital services that allow individuals access to their data.
  • Right to be forgotten – The right to erasure (its official name) allows individuals to ask an organisation to delete all the information held on them – although this would not apply if there was a valid reason to hold that data. This principle was established in the high profile case involving technology giant Google.
  • Failing to comply and breaching the GDPR – When there is a breach, public sector bodies will have an obligation to inform their national regulator (the ICO in England) “without undue delay and, where feasible, not later than 72 hours after having become aware of it.” These requirements could present challenges for public sector bodies, who are often engaged in providing vital public services with limited resources. However, policies will have to be introduced to ensure breaches can be reported promptly, particularly as the new penalties for data breaches are significant, with public sector bodies liable for fines of up to €10,000,000. In addition, individuals also have the right of redress and may seek compensation if they feel their rights have been breached.

What should public sector bodies be focusing on?

Although May 2018 may seem a long time away, the ICO research suggests some local councils (and the wider public sector) need to make several changes to ensure compliance with the GDPR.

Most importantly, organisations need to start reviewing the new regulation and considering how it applies to them. Evidence of a clear strategy – including the appointment of a Data Protection Officer, the use of privacy impact assessments, and staff training – will go a long way towards demonstrating an organisation’s intent to comply with the GDPR.


Follow us on Twitter to see what developments in public and social policy are interesting our research team. If you enjoyed this article, you may also be interested in: 

Smart Chicago: how smart city initiatives are helping meet urban challenges

Outside a Chicago theatre, with a huge 'Chicago' sign outside

By Steven McGinty

Home to former President Barack Obama, sporting giants the Chicago Bulls, and the culinary delicacy deep dish pizza, Chicago is one of the most famous cities in the world. Less well known is Chicago’s ambition to become the most data-driven city in the world.

A late convert to the smart city agenda, Chicago was lagging behind local rivals New York and Boston, and international leaders Barcelona, Amsterdam, and Singapore.

But in 2011, Chicago’s new Mayor Rahm Emanuel outlined the important role technology needed to play, if the city was to address its main challenges.

Laying the groundwork – open data and tech plan

In 2012, Mayor Rahm Emanuel issued an executive order establishing the city’s open data policy. The order was designed to increase transparency and accountability in the city, and to empower citizens to participate in government, solve social problems, and promote economic growth. It required that every city agency would contribute data to it and established reporting requirements to ensure agencies were held accountable.

Chicago’s open data portal has nearly 600 datasets, which is more than double the number in 2011. The city works closely with civic hacker group Open Chicago, an organisation which runs hackathons (collaborations between developers and businesses using open data to find solutions to city problems).

In 2013, the City of Chicago Technology Plan was released. This brought together 28 of the city’s technology initiatives into one policy roadmap, setting them out within five broad strategic areas:

  • Establishing next-generation infrastructure
  • Creating smart communities
  • Ensuring efficient, effective, and open government
  • Working with innovators to develop solutions to city challenges
  • Encouraging Chicago’s technology sector

 Array of Things

The Array of Things is an ambitious programme to install 500 sensors throughout the city of Chicago. Described by the project team as a ‘fitness tracker for the city’, the sensors will collect real-time data on air quality, noise levels, temperature, light, pedestrian and vehicle traffic, and the water levels on streets and gutters. The data gathered will be made publicly available via the city’s website, and will provide a vital resource for the researchers, developers, policymakers, and citizens trying to address city challenges.

This new initiative is a major project for the city, but as Brenna Berman, Chicago’s chief information officer, explains:

If we’re successful, this data and the applications and tools that will grow out of it will be embedded in the lives of residents, and the way the city builds new services and policies

Potential applications for the city’s data could include providing citizens with information on the healthiest and unhealthiest walking times and routes through the city, as well as the areas likely to be impacted by urban flooding.

The project is led by the Urban Center for Computation and Data of the Computation Institute  a joint initiative of Argonne National Laboratory and the University of Chicago. However, a range of partners are involved in the project, including several universities, the City of Chicago who provide an important governance role and technology firms, such as Product Development Technologies, the company who built the ‘enclosures’ which protect the sensors from environmental conditions.

A series of community meetings was held to introduce the Array of Things concept to the community and to consult on the city’s governance and privacy policy. This engagement ranged from holding public meetings in community libraries to providing online forms, where citizens could provide feedback anonymously.

In addition, the Urban Center for Computation and Data and the School of the Art Institute of Chicago ran a workshop entitled the “Lane of Things”, which introduced high school students to sensor technology. The workshop is part of the Array of Things education programme, which aims to use sensor technology to teach students about subjects such as programming and data science. For eight weeks, the students were given the opportunity to design and build their own sensing devices and implement them in the school environment, collecting information such as dust levels from nearby construction and the dynamics of hallway traffic.

The Array of Things project is funded by a $3.1 million National Science Foundation grant and is expected to be complete by 2018.

Mapping Subterranean Chicago

The City of Chicago is working with local technology firm, City Digital, to produce a 3D map of the underground infrastructure, such as water pipes, fibre optic lines, and gas pipes. The project will involve engineering and utility workers taking digital pictures as they open up the streets and sidewalks of Chicago. These images will then be scanned into City Digital’s underground infrastructure mapping (UIM) platform, and key data points will be extracted from the image, such as width and height of pipes, with the data being layered on a digital map of Chicago.

According to Brenna Berman:

By improving the accuracy of underground infrastructure information, the platform will prevent inefficient and delayed construction projects, accidents, and interruptions of services to citizens.

Although still at the pilot stage, the technology has been used on one construction site and an updated version is expected to be used on a larger site in Chicago’s River North neighbourhood. Once proven, the city plans to charge local construction and utility firms to access the data, generating income whilst reducing the costs of construction and improving worker safety.

ShotSpotter

In January, Mayor Rahm Emanuel and Chicago Police Department commanders announced the expansion of ShotSpotter – a system which uses sensors to capture audio of gunfire and alert police officers to its exact location. The expansion will take place in the Englewood and Harrison neighbourhoods, two of the city’s highest crime areas, and should allow police officers to respond to incidents more rapidly.

Chicago Police Superintendent Eddie Johnson highlights that although crime and violence presents a complex problem for the city, the technology has resulted in Englewood going “eight straight days without a shooting incident”, the longest period in three years.

ShotSpotter will also be integrated into the city’s predictive analytics tools, which are used to assess how likely individuals are to become victims of gun crime, based on factors such as the number of times they have been arrested with individuals who have become gun crime victims.

Final thoughts

Since 2011, Chicago has been attempting to transform itself into a leading smart city. Although it’s difficult to compare Chicago with early adopters such as Barcelona, the city has clearly introduced a number of innovative projects and is making progress on their smart cities journey.

In particular, the ambitious Array of Things project will have many cities watching to see if understanding the dynamics of city life can help to solve urban challenges.


Follow us on Twitter to see what developments in public and social policy are interesting our research team.

If you found this article interesting, you may also like to read our other smart cities articles:

The 5G arms race: the UK’s strategy to become a global leader in 5G technology

By Steven McGinty

On 8 March, the UK Government published their strategy for developing 5G – the next generation of wireless communication technologies.

Released on the same day as the Spring Budget, the strategy builds on the government’s Digital Strategy and Industrial Strategy, and sets out the government’s ambition to become a global leader in 5G.

Accelerating the deployment of 5G networks, maximising the productivity and efficiency benefits to the UK from 5G, creating new opportunities for UK businesses, and encouraging inward investment, are the strategy’s main objectives.

If the UK makes progress in these areas, the strategy argues, 5G infrastructure has the potential to become an enabler of smart city technologies, such as autonomous vehicles and advanced manufacturing, and to support the expansion of the Internet of Things – the interconnection of people, places, and everyday objects.

5G Innovation Network

Although the strategy highlights the enormous potential of 5G, it makes clear that 5G technologies are still in development, and that the majority of funding will need to come from the private sector.

To support the growth of a commercial market, the strategy explains, a new 5G trials and testbed programme will be introduced – through a national 5G Innovation Network – to coordinate the development of 5G services and applications. This programme will help government and private sector partners understand the economics of deploying 5G networks, ensuring that technologies can he delivered in a cost-effective way, and enabling best practice to be captured and knowledge disseminated.

The government is investing an initial £16m into the programme (involving partners such as UK Research and Innovation and the Government Digital Service), and has targeted a trial of end-to-end 5G (high speed connectivity without the need for intermediary services) by 2018. In February, Ericsson announced that they had a successful end-to-end 5G trial in Sweden, alongside partners SK Telecom Korea.

Improving regulations

To support the development of 5G, the strategy suggests that there may need to be regulatory changes, particularly in the planning system. As such, the government has committed to reviewing current regulations before the end of 2017, and then to conduct regular reviews, as partners learn more from their 5G trials.

Local connectivity plans

The strategy highlights the important role local regions play in the deployment of mobile technologies, and explains that the government will be consulting with councils on how planning policies can be used to provide high quality digital infrastructure.

However, it also suggests that there may be a case for introducing ‘local connectivity plans’, which would outline how local areas intend to meet their digital connectivity needs. Interestingly, the strategy highlights that evidence, such as local plans, may be taken into account when the government is making funding decisions for local infrastructure projects.

Coverage and capacity, infrastructure sharing, and spectrum

The strategy accepts that the move towards 5G won’t be as straightforward as the move from 3G to 4G. Instead, 5G technology will be developed alongside the expansion of the 4G network.

In addition, the government has accepted the recommendations of the National Infrastructure Commission (NIC)’s ‘Connected Future’ report, which states that unnecessary barriers to infrastructure sharing between telecommunications companies must be tackled. The strategy states that it will explore options for providing a clearer and more robust framework for sharing.

Increasing the available radio spectrum was also highlighted as key to developing 5G technology. The strategy notes that the government will work with Ofcom to review the spectrum licensing regime to help facilitate the development of 4G and 5G networks.

5G strategy’s reception

Natalie Trainor, technology projects expert at law firm Pinsent Masons, has welcomed the new 5G strategy, explaining that:

“…technology and major infrastructure projects will become much more interlinked in future and that the plans outlined can help the UK take forward the opportunities this will present.”

In particular, Ms Trainor sees the establishment of the Digital Infrastructure Officials Group – which will bring together senior staff from across departments – as a way of providing greater awareness and co-ordination of major public projects that involve digital infrastructure. Ms Trainor also hopes that the new group will encourage the Department for Transport and the Department for Culture, Media & Sport (DCMS) to work with industry to develop digital connectivity on the UK’s road and rail networks.

Professor Will Stewart, Vice President of the Institution of Engineering and Technology, similarly welcomes the new strategy but highlights that the funding announced will ‘not come anywhere close’ to the investment required to deliver 5G across the UK. In addition, he also makes it clear that coverage and regulatory change will be vital, stating that:

The biggest challenge for government will be improving coverage for all, as 5G cannot transform what it doesn’t cover. And achieving universal coverage for the UK, outside high-capacity urban areas, will not be affordable or achievable without regulatory change.”

Former Ofcom director and author of The 5G Myth, Professor William Webb, has also applauded the government’s plans, even though he is an outspoken critic of the 5G industry. For Professor Webb, the strategy recognises that we are in the early stages of 5G technology, and that there is still a need to develop 4G networks.

Final thoughts

5G technology provides the UK with the opportunity to become a genuinely smart society. Yet, as the strategy acknowledges, 5G is still in its infancy and the idea of a 5G network across the UK is a long way down the road.

The new 5G strategy includes a number of positive steps, such as listening to the recommendations of the NIC report, and exploring the realities of deploying 5G networks. This cautious approach is unlikely to show any significant progress in the short term, but does provide a focal point for academia, government, and industry to rally around.


Follow us on Twitter to see what developments in public and social policy are interesting our research team. If you found this article interesting, you may also like to read our other smart city articles.

Smarter tourism: solving the data problem to boost tourism and create better cities

By Steven McGinty

On 22 March, I attended ‘Smarter Tourism: Shaping Glasgow’s Data Plan’, an event held as part of DataFest 2017, a week-long festival of data innovation with events hosted across Scotland.

Daniel MacIntyre, from Glasgow City Marketing Bureau (the city’s official marketing organisation), opened the event by highlighting Glasgow’s ambitious target of increasing visitor numbers from two million to three million by 2023.

To achieve this goal, Mr MacIntyre explained that the city would be looking to develop a city data plan, which would outline how the city should use data to solve its challenges and to provide a better experience for tourists.

In many ways, Glasgow’s tourism goal set the context for the presentations that followed, providing the attendees – who included professionals from the technology and tourism sectors, as well as academia and local government – with an understanding of the city’s data needs and how it could be used.

Identifying the problem

From very early on, there was a consensus in the room that tourism bodies have to identify their problems before seeking out data.

A key challenge for Glasgow, Mr MacIntyre explained, was a lack of real time data. Much of the data available to the city’s marketing bureau was historic (sometimes three years old), and gathered through passenger or visitor experience surveys. It was clear that Mr MacIntrye felt that this approach was rather limiting in the 21st century, highlighting that businesses, including restaurants, attractions, and transport providers were all collecting data, and if marketing authorities could work in collaboration and share this data, it could bring a number of benefits.

In essence, Mr MacIntyre saw Glasgow using data in two ways. Firstly, to provide a range of insights, which could support decision making in destination monitoring, development, and marketing. For instance, having data on refuse collection could help ensure timely collections and cleaner streets. A greater understanding of restaurant, bar, and event attendances could help develop Glasgow’s £5.4 million a year night time economy by producing more informed licensing policies. And the effectiveness of the city’s marketing could be improved by capturing insights from social media data, creating more targeted campaigns.

Secondly, data could be used to monitor or evaluate events. For example, the impact of sporting events such as Champions League matches – which increase visitor numbers to Glasgow and provide an economic boost to the city – could be far better understood.

Urban Big Data Centre (UBDC)

One potential solution to Glasgow City Marketing Bureau’s need for data may be organisations such as the Urban Big Data Centre.

Keith Dingwall, Senior Business Manager for the UBDC, explained that the centre supports researchers, policymakers, businesses, third sector organisations, and citizens by providing access to a wide variety of urban data. Example datasets include: housing; health and social care data; transport data; geospatial data; and physical data.

The UBCD is also involved in a number of projects, including the integrated Multimedia City Data (iMCD) project. One interesting aspect of this work involved the extraction of Glasgow-related data streams from multiple online sources, particularly Twitter. The data covers a one year period (1 Dec 2015 – 30 Nov 2015) and could provide insights into the behaviour of citizens or their reaction to particular events; all of which, could be potentially useful for tourism bodies.

Predictive analytics

Predictive analytics, i.e. the combination of data and statistical techniques to make predictions about future events, was a major theme of the day.

Faical Allou, Business Development Manager at Skyscanner, and Dr John Wilson, Senior Lecturer at the University of Strathclyde, presented their Predictive Analytics for Tourism project, which attempted to predict future hotel occupancy rates for Glasgow using travel data from Glasgow and Edinburgh airport.

Glasgow City Marketing Bureau also collaborated on the project – which is not too surprising as there a number of useful applications for travel data, including helping businesses respond better to changing events, understanding the travel patterns of visitors to Glasgow, and recommending personalised products and services that enhance the traveller’s experience (increasing visitor spending in the city).

However, Dr Wilson advised caution, explaining that although patterns could be identified from the data (including spikes in occupancy rates), there were limitations due to the low number of datasets available. In addition, one delegate, highlighted a ‘data gap’, suggesting that the data didn’t cover travellers who flew into Glasgow or Edinburgh but then made onward journeys to other cities.

Uber

Technology-enabled transport company, Uber, has been very successful at using data to provide a more customer oriented service. Although much of Uber’s growth has come from its core app – which allows users to hire a taxi service – they are also introducing innovative new services and integrating their app into platforms such as Google Maps, making it easier for customers to request taxi services.

And in some locations, whilst Uber users are travelling, they will receive local maps, as well as information on nearby eateries through their UberEATS app.

Uber Movement, an initiative which provides access to the anonymised data of over two billion urban trips, has the potential to improve urban planning in cities. It includes data which helps tourism officials, city planners, policymakers and citizens understand the impact of rush hours, events, and road closures in their city.

Chris Yiu, General Manager at Uber, highlighted that people lose weeks of their lives waiting in traffic jams. He suggested that the future of urban travel will involve a combination of good public transport services and car sharing services, such as uberPOOL (an app which allows the user to find local people who are going in their direction), providing the first and last mile of journeys.

Final thoughts

The event was a great opportunity to find out about the data challenges for tourism bodies, as well as initiatives that could potentially provide solutions.

Although a number of interesting issues were raised throughout the day, two key points kept coming to the forefront. These were:

  1. The need to clarify problems and outcomes – Many felt it was important that cities identified the challenges they were looking to address. This could be looked at in many ways, from addressing the need for more real-time data, to a more outcome-based approach, such as the need to achieve a 20% reduction in traffic congestion.
  2. Industry collaboration – Much of a city’s valuable data is held by private sector organisations. It’s therefore important that cities (and their tourism bodies) encourage collaboration for the mutual benefit of all partners involved. Achieving a proposition that provides value to industry will be key to achieving smarter tourism for cities.

Follow us on Twitter to see what developments in public and social policy are interesting our research team. If you enjoyed this article, you may also be interested in: 

Denmark’s digital ambassador: should the UK be following suit?

 

By Steven McGinty

On 26 January, the Danish Ministry of Foreign Affairs announced that they would be appointing the world’s first ‘digital ambassador’ to act as the nation’s representative to major technology companies, such as Google, Apple, Facebook and Amazon.

At a conference on the future of the Foreign Service, the Foreign Minister, Anders Samuelsen, explained that:

Denmark must be at the forefront of technological development. Technological advances are making such a great impact on our society that it has become a matter of foreign policy. I have therefore decided to announce the appointment of a digitisation ambassador.

In a follow up interview with Danish newspaper Politken, Mr Samuelsen expressed his belief that multinational technology giants “affect Denmark just as much as entire countries”. He highlighted the examples of Apple and Google whose market values are so large that if they were countries they would only narrowly miss out from inclusion in the G20 – the global forum for cooperation between the world’s 20 major economies.

As a result of this economic strength, together with tech firms’ impact on the everyday lives of citizens, Mr Samuelsen argues that the technology sector should be treated as a form of ‘new nation’, which Denmark must develop closer relationships with.

Cooperation between nation states and the technology sector

Technology companies are becoming involved in activities that were once reserved for nation states. For example, Mr Samuelsen’s Liberal party accepts donations in Bitcoin – an online currency which challenges the state’s role as the only issuer of legal tender. And Microsoft have signed a partnership agreement with the French Ministry of Education to provide teacher training, in order to prepare teachers for running special coding classes.

The technology industry argues that it is better placed than national governments to provide effective digital services, at cheaper prices. In terms of national security, computer engineering expert and academic, Jean-Gabriel Ganascia, argues that this is probably the case. Mr Ganascia highlights that Google and Facebook have vast image databases that enable them to use facial recognition software far better than any national security service. Therefore, countries have started working with technology companies on a variety of crime and public safety issues.

Citizens are also spending greater amounts of time on social media platforms. In an interview with The Washington Post, Mr Samuelsen stated that more than half of the world’s data has been created in the past two years (much of this from major platforms such as Facebook). This trend has implications for the privacy of citizens and the spreading of false information, a phenomena that has been labelled ‘fake news’. These issues are fundamentally important for citizens and nation states, and are likely to increase cooperation between countries and the technology sector.

Australia’s Ambassador for Cyber Affairs

Although Denmark will be the first country to introduce a digital ambassador, another government has made a similar appointment. In January, Dr Tobias Feakin was appointment as Australia’s Ambassador for Cyber Affairs. His role focuses on cyber-security, but also includes issues such as censorship and promoting internet access. At this stage, it’s unclear whether Dr Feakin will have direct contact with technology companies and whether this relationship will involve discussions over economic issues such as taxation.

Is a digital ambassador necessary?

Not everyone, however, is buying into the appointment of a government representative focused solely on digital issues. Technology journalist, Emma Woollacott, believes that it’s a ‘terrible idea’.

According to Ms Woollacott, Denmark already has a good relationship with technology companies, highlighting that Facebook has recently announced plans to build a new data centre in Odense, creating 150 new permanent jobs. These views may have some merit, as Mr Samuelsen has confirmed that the deal between the Foreign Ministry and Facebook was the result of three years of behind-the-scenes work.

Ms Woollacott also argues that Denmark is setting a worrying precedent by equating a private company to a nation state.  In her view, the importance of the technology sector could have been acknowledged through hiring knowledge staff, rather than granting it a ‘unique political status’.

However, Professor Jan Stentoft, who researches the insourcing of technological production to Denmark, believes creating the ambassadorial post is a good idea. He explains:

We have much to offer these companies, but Denmark is a small country, and we obviously need to make ourselves noticed if we are to attract them to the country.

Marianne Dahl Steensen, CEO of Microsoft Denmark, also welcomed the creation of a digital ambassador position, but did acknowledge that the company ‘can hardly be equated with a nation’.

Should the UK introduce a digital ambassador?

By introducing a digital ambassador, Mr Samuelsen is taking a pragmatic approach to ensure Denmark is a key player in the international digital economy, as well as attempting to manage the impacts of an increasingly digital society.

Although appointing an ambassador for the technology sector poses philosophical and ethical questions, the UK should closely monitor how this new role develops and the potential benefits (and challenges) it brings for Denmark. In particular, if the new role is able to improve dialogue between technology companies and the security services on matters such as privacy, or help address the sector’s need for digitally skilled workers, then maybe introducing a digital ambassador is something worth exploring.


Follow us on Twitter to see what developments in public and social policy are interesting our research team. If you found this article interesting, you may also like to read our other digital articles

Making science fun … 12 great STEM apps for primary and secondary pupils

british-science-weekBritish Science Week 2017 is in full swing and the theme this year is change. Whether it’s climate change or the changing seasons, transformative new materials or energy, there are changes happening all around us, all of the time. And British Science Week is also a chance to encourage young people to consider the changes they can enact to have a positive impact on the future. This may include choosing a career in STEM – science, technology, engineering, and maths.

Getting children and young people interested in STEM can be tricky, though. The British Science Week website includes lots of resources, and this year is promoting a citizen science ‘penguin-spotting’ project. Parents can also help, and what better way for kids to learn about STEM than through a fun interactive game on a tablet, phone, or other device?

There are some great examples of apps and computer-based games to help young people explore STEM concepts while experimenting, networking with other students, and sometimes even creating products.

We’ve highlighted some of these below – hopefully teachers, and parents, will have a look, be inspired and think about using them in school or at home.


Note: Many of the apps cover multiple areas of STEM. They are listed in order of recommended age of user from youngest to oldest. The apps are described by age and subject(s): Science, Technology, Engineering, Maths. So (4+) SEM means that the app is suitable for ages four and up, and students will learn about science, engineering, and maths.

  • Simple Machines by Tinybop
    (4+) SEM
    Students discover how simple machines work by conducting their own experiments and investigating invisible forces. Available in 40+ languages.
  • Endless Numbers by Originator Inc.
    (-5) M
    For children up to the age of five – this app is designed to set the stage for early numeracy learning. Although it is technically for kids below primary school age, it can be used to help older pupils who struggle with numeracy.
  • Blokify by Noquo Inc.
    (6+) SEM
    3D modeling software. Children can create toys that they can play with virtually, or physically via 3D printing.
  • Toca Lab by Toca Boca
    (6+) S
    Children explore the ‘colourful and electrifying world of science’ and interact with all 118 elements from the periodic table.
  • DoodleMaths by EZ Education
    (7+) M
    This app is designed to be used for only a few minutes daily. It identifies a child’s maths level and allows them to progress at their own pace. Teachers and parents can quickly and easily monitor a child’s progress. It’s also aligned to KS1 and KS2 National Curriculum for England and Wales.
  • Tynker for Schools by Neuron Fuel
    (9+) TE
    Kids learn to program and can build games, control drones, create apps, and more.
  • Learn Python by SoloLearn
    (9+) T
    A social and fun way for kids (and even adults!) to learn how to write Python code.
  • Tinkercad by Autodesk (Browser-based)
    (12+) SEM
    Pupils create 3D digital designs of toys, prototypes, home décor, jewellery and more.
  • 3D Brain by Cold Springs Harbor Laboratories
    (12+) S
    Pupils discover how the brain works using a 3D brain structure. They can also learn through interactive case studies about how brain damage, mental disorders and mental illness impact the physical structure of the brain.
  • Dragonbox Algebra 12+ by WeWantToKnow AS
    (12+) M
    A maths game that “levels up” based on pupil’s mastery of each concept or skill. Provides a balance between challenging children to advance their knowledge and understanding and allowing them to master concepts at their own pace.
  • Molecules by Theodore Gray by Touchpress Ltd
    (12+) S
    Students explore molecular dynamics. Also includes the full text of the book Molecules by Theodore Gray.
  • Ozobot
    (14+) T
    The app is used in conjunction with corresponding robots. Students learn to program an actual, tangible robot that they can control and then reprogram using the app.

The research for this blog was originally done by April Bowman, who joined us in July 2016 for a voluntary work experience placement, while studying for a Master’s in Public Policy at the University of Stirling, where her policy specialism was education policy and teaching practice.

Read some of our other blogs on education:

Follow us on Twitter to see what developments in public and social policy are interesting our research team.

Government Transformation Strategy 2017 to 2020: has it been worth the wait?

Whitehall, London

By Steven McGinty

On 9 Feb 2017, and after over a year of delays, the UK Government finally published the Government Transformation Strategy 2017 to 2020.

It’s been a long time since the Government Digital Strategy was published in 2012. Therefore, it’s understandable that politicians, industry leaders and media commentators have been frustrated by the lack of a new strategy in 2016.

In January 2017, Iain Wright MP, chairman of the Business, Energy and Industrial Strategy Committee (BEIS) warned that the UK risked being left behind and losing its competitive advantage in the digital economy because of its ‘absence of clarity and strategic focus’.

Similarly, Stephen Metcalfe, chairman of the Science and Technology Committee, wrote a letter to digital minister Matt Hancock highlighting his disappointment at the lack of a government digital strategy.

However, now that the Government Transformation Strategy is here, what does it say and will it have a lasting impact?

A brief overview

According to Ben Gummer, Minister for the Cabinet Office and Paymaster General, the Government Transformation Strategy is:

“The most ambitious programme of change of any government anywhere in the world, by a government that has already done more to transform itself than any other.”

It sets out the government’s aim to build on the success of the 2012 strategy, and to not only focus on improving the citizen experience but to change the way services are delivered. The strategy states that the government will achieve this by transforming:

  • Whole citizen-facing services – ensuring an improved experience for citizens, businesses and users within the public sector
  • Full government departments – enabling organisations to deliver policy objectives more flexibly, improving citizen experience, and working more efficiently
  • Internal government – supporting the collaboration of government departments and delivering digitally-enabled change more effectively

However, the majority of the strategy is structured around five main objectives:

Business transformation

Government departments have made significant progress over recent years.  The strategy explains that lessons have been learned through this service transformation process, and that there is now cross-government agreement on the key areas that transformation must focus on. These include bringing policy development and service design closer together and recognising that government services are delivered through a variety of channels (online, telephone and face-to-face).

Grow the right people, skills and culture

Since 2012, government departments have been recruiting digital, data and technology specialists to improve their digital capability. However, the strategy accepts that the public sector is working in a competitive market and that recruiting and retaining staff is likely to remain a challenge. Embedding a new culture is also identified as an important enabler of change, with several goals highlighted, including increasing civil servants’ knowledge of digital and improving digital experts’ understanding of government.

The Digital Academy, which was formed in 2014 by the Department for Work and Pensions (DWP), will be transferred (by the end of 2017) to the Government Digital Service (GDS) to create nationwide training opportunities for civil servants.

Build better tools, processes and governance for civil servants

Civil servants vary widely in how they work, including the digital technologies they use and their approach to policy development. The new strategy explains that the government will create a better working environment by developing common and interoperable technologies that can be shared across government and adopt a more agile working environment.

Make better use of data

Data is vital for providing services that meet the needs of citizens. However, the strategy emphasises that the government must earn the public’s trust in managing data safely, securely, and ethically.

Create shared platforms, components and reusable business capabilities

The government has already had some success in introducing shared platforms, such as GOV.UK – a publishing platform which brought together over 300 government agencies’ and arm’s length bodies’ websites within 15 months. The strategy outlines the steps to be taken to encourage the development of new technologies, including leaving large single contracts with IT firms – a practice which is deemed a barrier to providing better technologies for civil servants – and purchasing from a wider variety of suppliers, such as SMEs.

From digital to transformation

It’s important to note that the strategy’s title has changed: from a digital strategy to a transformation strategy.

Jane Roberts, strategy director at Kable, suggests that this reflects the government’s realisation that digitisation is not a process with a defined end date, but a ‘constant dynamic ongoing process.’ Government, says Roberts, now understands that digitisation involves more than just moving services online, and that whole scale change is needed, from encouraging civil servants to work more collaboratively (including sharing cross-governmental data), to digitising back office processes.

In addition, Roberts also highlights the need for digital services to be designed to cope with this dynamic process. This includes supporting the integration of new technologies – particularly those related to the Internet of Things (the use of internet technology to connect everyday items) – and responding to increased citizen demand for greater control over their personal data.

What does it mean for local government?

The Government Transformation Strategy makes no comment on the challenges facing local government. However, London Borough of Camden councillor, Theo Blackwell, suggests that the strategy leaves scope for a ‘digital settlement’ to be developed between central and local government. He observes that the strategy:

leaves the door open for this discussion to be starting and concluded in short order, kickstarted by elected mayors and combined authorities in May 2017, and building on the groundwork of the last two years”.

Mr Blackwell also sets out what needs to be done to achieve this digital settlement:

  • Support the ‘coalition of the willing’, as well as improvement – encouraging local councils who have already made progress with digital transformation to work together, as well as helping struggling councils to improve;
  • Open platforms and a new market for start-ups – enabling the development of platforms and smaller start-up companies;
  • Shared Resource – developing partnerships between local councils and central government, which fund digital initiatives jointly.

Missed opportunity

The strategy has also received a significant amount of criticism for its lack of detail and limited commitments. Independent digital analyst, Jos Creese, has described the strategy as:

“…a mix of re-packaged principles and refreshed ‘transformational government’ themes, coupled with some new but not revolutionary ideas.

Creese argues that there is a general lack of pace with government programmes, such as with GOV.UK Verify – an identity assurance platform that allows people to prove who they are when using government services. And – unlike Theo Blackwell – Creese believes that the lack of collaboration between central government and the wider public sector is a missed opportunity (particularly as 80% of public services are outside central government). In his view, the strategy should have addressed some of the fundamental challenges facing local services, such as healthcare and crime prevention.

Final thoughts

Although the Government Transformation Strategy has received a mixed response since it was first published, there are certainly positives which provide hope for the future. Firstly, it was important that the strategy was finally published to provide a clearer indication of the government’s future direction.  Secondly, in the coming months, the government will have the opportunity to provide greater clarity, and set out how they intend to achieve the praiseworthy objectives of the strategy and realise the full potential of digital transformation.


Follow us on Twitter to see what developments in public and social policy are interesting our research team. If you found this article interesting, you may also like to read our other digital articles

General Data Protection Regulation (GDPR): 10 things business needs to know

 

European Union flag with a padlock in the centre.

By Steven McGinty

On 25 May 2018, the data protection landscape will experience its biggest change in over 20 years.  This is because the European Union’s (EU) General Data Protection Regulation (GDPR) will come into effect for all member states. The regulation, which has been described as ‘ambitious’ and ‘wide-ranging’, introduces a number of new concepts, including the high profile ‘right to be forgotten’ – a principle established in a case involving technology giant Google.

Below we’ve highlighted ten of the most important points for business.

Directly effective

The GDPR is ‘directly effective’, which means that the regulation becomes law without the need for additional domestic legislation (replacing the Data Protection Act 1998). However, member states have also been given scope to introduce their own legislation on matters such as the processing of personal data. This may result in some EU states having more stringent rules than others.

Sharing data and monitoring

It also seeks to increase the reach of EU data protection law. Not only will EU-based data controllers and processors fall under the scope of the GDPR, but its authority will also extend to any business which either processes personal data or monitors the behaviour of individuals within the EU.

This will impact businesses who transfer data outside the European Economic Area (EEA). It will be their responsibility to ensure that the country the data is being transferred to has adequate levels of data protection. The most prominent example of this issue was the US Safe Harbour scheme, which was intended to protect European individuals whose personal data is transferred between the EEA and the USA. In 2015, the European Court of Justice ruled that this scheme had ceased to provide a valid legal basis for EEA-US transfers of all types of personal data. It has now been replaced by the Privacy Shield.

Transparency and consent

Greater obligations have been placed on business with regard both to seeking consent for use of personal data and providing detailed information to individuals on how their personal data is being used. The GDPR requires that consent notices are ‘unambiguous’ – not assumed from a person’s failure to respond – and that consent is sought for different processing activities. Law firm, Allen and Overy recommends that businesses review their notices to ensure they are fit for purpose.

Personal data/ sensitive data

Article 4(1) of the GDPR includes a broader definition of ‘personal data’ than previous legislation. It states that any information relating to an individual which can be directly or indirectly used to identify them is personal data. Specifically, it refers to ‘online identifiers’, which suggests that IP addresses and cookies may be considered personal data if they can be easily linked back to the person.

Enhanced rights

New rights and the enhancement of existing rights will require some businesses to improve the way their data is stored and managed. These rights include:

  • Data portability – Business must ensure that individuals can have easy access to their personal data in case they want to transfer their data to other systems.
  • Strengthening subject access rights – Individuals can now request access to their data for no cost and it must be responded to within 30 days (this is a change from the current legislation which requires a £10 fee and there is 40 days to respond).
  • Right to be forgotten – Individuals can request that an organisation delete all the information they hold on them (although this would not apply if there was a valid reason to hold that data).
  • Right to object to processing – Individuals have the right to object to the way an organisation is processing their data.
  • Right to restrict processing – Individuals have the right to request that the processing of personal data is temporarily stopped. This may be invoked whilst a right to object request is being investigated.

Personal data breach

Businesses have an obligation to report breaches to their national regulator, such as the Information Commissioners Office (ICO) in England.  The GDPR requires that notice must be provided “without undue delay and, where feasible, not later than 72 hours after having become aware of it.” This may be challenging for some businesses, particularly if the incident is discovered at the end of the working week.

Failure to comply with GDPR

The regulation introduces two levels of fines. Less serious offences under the regulation will be liable for a fine of up to €10,000,000 or 2% of global turnover – depending on which is highest. However, for more serious breaches, such as a breach of an individual’s rights or a breach during international transfers, a business may be held liable for up to €20,000,000 or 4% of global turnover.

In addition, individuals are also given the right of redress, and those who have had their rights violated may seek to receive compensation. This has led digital marketers to suggest that GDPR could be the next PPI – a practice where insurance was mis-sold to customers, which resulted in a large number of successful claims against financial institutions.

Privacy by design

Technology businesses should also consider data protection at the initial design stage of product development. This could involve adopting technical measures such as pseudonymisation – the technique of processing personal data in such a way that it can no longer identify a particular person. Additional measures, such as policies and programmes, would also show a national regulator’s commitment to compliance with the GDPR.

European Data Protection Board (EDPB)

A new body has been created to issue opinions and to arbitrate between disputes that arise with national regulators.  The board will be made up of heads of national regulatory bodies (or their representatives) and the European Data Protection Supervisor (EDPS), who govern the data processing activities of EU institutions. The opinions expressed by this board may have important implications for data protection legislation.

Impact of Brexit

Evidence suggests some businesses may be delaying taking action until they see the results of the Brexit negotiations. This possibly explains the research by cloud security firm, Netskope, which found that 63% of UK workers have never heard of the GDPR. Similarly, research by Veritas Technologies, a leading information management firm, has found that 54% of organisations have not ensured they will comply with the new GDPR.

However, it would be very surprising if the UK did not ‘mirror’ the protections offered by the regulation, particularly considering the UK’s significant input to the new legislation. Digital minister Matt Hancock has also confirmed that the UK government intends to fully implement the GDPR.

Final thoughts

If businesses already have policy and procedures in place to meet the requirements of the Data Protection Act, then they should have a solid foundation to comply with the GDPR. In many ways, the new regulation simply provides a clear framework for delivering good practice in data protection.

However, all businesses will need to take action to ensure compliance with the GDPR. Otherwise, the financial penalties (as well as reputational damage) of a breach could have serious consequences for their business. And this is not just an IT issue. The whole organisation, starting from board level, must show a willingness to understand the legislation and implement procedures that protect the fundamental rights of individuals.


Follow us on Twitter to see what developments in public and social policy are interesting our research team. If you found this article interesting, you may also like to read our other data-related articles

Reimagining travel: how can data technologies create better journeys?

Light-streamed highways heading towards the city

By Steven McGinty

From steam trains to electric trains, bicycles to Segways, the transport sector is constantly innovating. Although much of the excitement revolves around high profile developments in self-driving vehicles and private space travel, there are many up-and-coming technologies that could make a great deal of difference to both transport professionals and the average traveller.

The driving force behind these innovations is data.  By gathering, analysing, processing and disseminating travel information, we can make better use of the transport infrastructure we have around us. Developing new technologies and business models that use transport data in innovative ways will be key to improving journeys and creating real benefits.

Managed Service Providers (MSPs)

Many companies – such as Masabi and Whim – currently offer ‘mobility-as-a-service’ apps that allow travellers to compare journeys on different modes of transport. Travel agents purchase tickets in bulk and monitor real time travel data from airports and other transport operators. And travellers can use ‘digital wallet’ services such as Google Wallet to store their tickets in their smartphones. However, these services can be complex to navigate, and don’t always offer travellers the option to update or change their tickets in real time. The MSP concept involves utilising the transport infrastructure that’s currently in place, but also providing travellers with the flexibility to change their planned journey if conditions change e.g. cancellation of a service.

There is also the potential for ‘insured travel’, where MSPs could guarantee that a traveller reaches their destination by a specific time. This, according to professional services firm KPMG, would be more complex, as it would require using big data analytics to estimate the risk of delay and pricing the journey accordingly. In Holland, travellers are already able to purchase insurance along with their railway ticket to Schiphol Airport. If a train is delayed – resulting in a traveller missing their flight – the rail operator will book them onto the next available flight.

Data and traffic management

The development of ‘connected cars’, which transmit real time location data, and greater coordination between smartphone and satnav providers, will mean that transport professionals will increasingly have access to a wide variety of travel information. As a result, a more ‘holistic approach’ can be taken to traffic management. For instance, public sector road managers could group drivers by certain routes, in order to avoid or worsen traffic congestion problems.

Cloud Amber is one of the most innovative companies working in this area. For example, their Icarus passenger information and fleet management solutions enable professionals to view real time locations of all vehicles within their fleet, integrate traffic congestion into predicting vehicle arrival times, and create reports replaying vehicle journeys.

Flexible resourcing at airport security

Gatwick Airport has been involved in trials which monitor data and gather intelligence on the traffic conditions which may affect passenger arrivals. KPMG have suggested that combining data on current travel conditions with historic data could lead to airports becoming better at predicting the demand at the arrival gates. Having this knowledge would support airports in providing appropriate staffing levels at arrival gates, which means fewer queues, and a better experience for travellers.

Public / private collaboration

Sir Nic Cary, head of digital transformation at the Department for Transport (DfT), has highlighted the need for the public sector to embrace new ways of working or ‘risk being led by Californian-based software companies.’

In his keynote speech at a recent infrastructure conference, he explained that the public sector needs to get more involved in digital transformation and to have a greater focus on user needs and working collaboratively.

As a good example of this, Cornwall Council recently engaged Idox’s digital agency Reading Room to look at how digital services could encourage existing car drivers to use public transport in a sustainable way. There was a particular interest in engaging with 18-25 year olds.

Cornwall is a county where over 78% of all journeys are taken by car – with only 1% of journeys taken by bus and 3% by train. Following Government Digital Services (GDS) guidelines, Reading Room embarked on a series of activities to understand how public transport is perceived by Cornish citizens.

The user research explored barriers discouraging them from using public transport; online/digital tools they may use already to plan journeys; and their experience of public transport. Reading Room also reviewed and made recommendations to the council around the brand proposition for public transport. The user insights are now being taken forward by the council.

Security implications

There is, however, a risk in integrating data technologies into transport systems. For instance, smart ticketing, traffic lights, signage, and automated bus stops, are just some of the technologies which present potential opportunities for malicious hackers, or those looking to commit acts of terrorism.

Last year, San Francisco transport systems suffered a cyber-attack, where hackers demanded the city’s transportation agency pay 100 Bitcoin (about $70,000). The incident had no impact on the transport system, but over 2,000 machines were hacked. As a precaution, the agency shut down the city’s ticketing machines, which led to customers being able to travel for free.

Final thoughts

Improving how people get from A to B is one of the key challenges for cities. If data technologies can play even a small role in creating better experiences for travellers – by providing more reliable and flexible journeys – then the transport sector and the public sector should look to invest and create partnerships which encourage innovation.


Follow us on Twitter to see what developments in public and social policy are interesting our research team. If you found this article interesting, you may also like to read our other smart city articles.