The Committee is calling on the Government to work with the Information Commissioner to develop a set of information standards that websites and apps can sign up to; committing themselves to explain how they use personal data in clear, concise and simple terms.
Science and Technology Committee Chair, Andrew Miller MP:
"Facebook’s experiment with users emotions highlighted serious concerns about the extent to which, ticking the terms and conditions box, can be said to constitute informed consent when it comes to the varied ways data is now being used by many websites and apps. Let’s face it, most people click yes to terms and conditions contracts without reading them, because they are often laughably long and written in the kind of legalese you need a law degree from the USA to understand. Socially responsible companies wouldn’t want to bamboozle their users, of course, so we are sure most social media developers will be happy to sign up to the new guidelines on clear communication and informed consent that we are asking the Government to draw up."
Apps requiring personal data
The Committee also identify a problem with apps requesting information that they do not obviously need to provide their advertised service. Companies should have a greater responsibility to explain their need to require (and retain) personal information. The report recommends that the Government use its work with the Information Economy Council to provide companies with guidelines on responsible data collection.
Andrew Miller MP added:
"A line also needs to be drawn between the information that apps actually need to provide a service and the kind of personal information they often request when registering new users, information that is becoming increasingly valuable in our networked society. I hope that a voluntary system of guidelines can work, because, if not, legislation might be needed."
Kitemark for the responsible use of data
It is vital that companies effectively communicate how they intend to use personal data collected from users of services and if terms and conditions cannot be made easier to understand then this must be explained separately. The report suggests that an internationally recognised Kitemark could be the first step in ensuring the responsible use of UK citizens’ data by social media platforms and other organisations.
Andrew Miller MP concluded:
"Whilst we expect the Government to encouraging others to meet high standards, we also want to see it lead by example. The Government cannot dictate to others, when its own services, like care.data piloted by the NHS, have been found to be less than adequate. The Government must audit all public sector online services and ensure that they provide easy to understand information about their usage of personal data."
Government use of data
The report points out that Government's approach to online safety has been piecemeal and focused on immediate needs with little horizon scanning.
Data use by public organisations has also been inconsistent across the UK. Some good examples exist of administrative services that demonstrate what the UK should be aiming for, such as paying a road fund licence on the DVLA website - an easy-to-use and efficient service. These bring benefits to both service provider and customer, providing a trusted platform for the exchange of data for service. NHS care.data, on the other hand, is an example where this trusted relationship failed to develop.
The Government must learn lessons from this and develop a privacy impact assessment for policies that collect, retain or process personal data.
The law concerning the rights of individuals in relation to their data was outlined in the EU Data Protection Directive (95/46/EC) and transposed into UK law through the Data Protection Act 1998. The Data Protection Act 1998 requires, for instance, that consent must be obtained from individuals before their data can be used for research purposes. In January 2012, the EU Commission published a draft General Data Protection Regulation for updated data protection legislation.