Daniel - stock.adobe.com

ICO to probe government over Gov.uk data collection plan

The ICO is to look into the government’s leaked data collection plans over fears they may breach the law

The Information Commission’s Office (ICO) has asked the government to provide further details of its leaked plan to lever citizen data from its Gov.uk portal to target communications in the run-up to prime minister Boris Johnson’s “do-or-die” Brexit on 31 October.

In a brief statement on Twitter, the ICO said: “We have contacted government regarding the collection of personal data on Gov.uk to fully understand its approach to compliance with data protection law and whether any further action is necessary.”

The ICO’s action comes after documents and emails from Johnson and his chief advisor, Dominic Cummings, were leaked to Buzzfeed on 10 September.

The cache of documents, which date back to mid-August, revealed that the Cabinet Office has been ordered to transform Gov.uk, the UK’s online government services portal, into a massive data collection platform at the double.

Essentially, such a project would scrape and pool data on citizens accessing Gov.uk’s various services to build up a picture of how people are interacting with the government online. According to rumours, the plan could even help the Government Digital Service (GDS) better establish its troubled digital identity scheme, Verify.

The government’s official line, as given to Buzzfeed, has been that it is entirely normal for organisations to look at how people are using their websites to refine and improve their services.

A Westminster spokesperson said that the various government departments were already collecting anonymised user data when people logged onto Gov.uk, and that GDS was merely “working on a project to bring this anonymous data together to make sure people can access all the services they need as easily as possible”.

They insisted that no personal data was collected during this process, which was “fully compliant” with both legal and ethical obligations.

However, the move has sparked widespread concern, particularly in light of Cummings’ involvement in the collection and misuse of data by the Vote Leave campaign during the EU referendum campaign in 2016, which breached electoral law, and over which Cummings was found in contempt of Parliament after he failed to answer questions on the matter.

Matthew Rice, Scotland director at digital privacy campaign the Open Rights Group, welcomed the ICO taking an active interest in what he termed a “confusing and concerning” situation.

“Public trust is a fragile thing, easily lost and difficult to rebuild. At worst, this could be a cynical grab for personal data of millions of people who rely on government services to micro-target for electioneering. Though it could also be the mundane collection of website usage to improve efficiency in the civil service, which would be difficult to argue is not necessary,” said Rice.

“The thrust of these concerns are not based on the collection of personal data, but the personalities involved, the potential motives behind them, and the lack of transparency. It is vital that whatever the ICO receives is made available to the public to provide clarity on this initiative,” he added.

Read more about data protection

  • Malware and multiple cloud platforms have pushed the importance of SaaS backup and recovery to the top of IT managers’ to-do lists. We explore challenges and how to pick a vendor.
  • More than half of UK businesses do not yet appear to be fully GDPR-compliant, and many have de-prioritised their compliance efforts.
  • Take a look at three backup methods – on premises, cloud to local and cloud to cloud – and find out the pros, cons and cost of each.

Read more on Privacy and data protection