Data Manifest(o)ations

It came as news to us at Panopticon, but apparently there is an election happening. We hadn’t seen anything about it, but obviously our vision, like the election, was not 2020 after all. But not wanting to miss out on the fun (and by fun, we mean limitless repetition of meaningless slogans, the never-ending abuse of BBC reporters for ‘bias’ by everyone, and a slow dawning sense of the end of days not coming soon enough), we thought a quick glance at the main party manifestos would be in order.

First up, because we like a laugh, the Lib Dem manifesto (95pp). It has a surprising black and orange cover, which makes it look like a programme for a Wasps game. On information rights, the Lib Dems promise to “Roll back state surveillance powers by ending the indiscriminate bulk collection of communications data, bulk hacking, and the collection of internet connection records”. Presumably what this means is a repeal, or significant rewriting, of the Investigatory Powers Act 2016. They would also oppose attempts to undermine encryption (although the NHS seems to be doing a pretty good job of that by itself).

The Lib Dems also promise to “Introduce a digital bill of rights that protects people’s powers over their own information, supports individuals over large corporations, and preserves the neutrality of the internet.” What does this mean? In what way is it different from the GDPR? Certainly the first two elements could easily just be code for the GDPR, but it isn’t clear in the manifesto itself. There is also a commitment to remove the Ministerial veto in FOIA and to “reduce the proportion of FOI requests where information is withheld by government departments”, which could mean anything from removing exemptions to changing the test, to encouraging departments to rely on them less. Who knows. The unkind would say we never will.

What then of the main opposition party? Not the SNP, but Labour. Remember them? With an impressively strong contender for ‘most vacuous promise’ in the information rights field, Labour say that “Labour is committed to growing the digital economy and ensuring that trade agreements do not impede cross-border data flows, whilst maintaining strong data protection rules to protect personal privacy.” Presumably what the latter part of this means is: “we will also implement the GDPR”. But that is it, save for a commitment to extend FOIA to private companies who run public services, although that might be unnecessary given the Party’s plan to renationalise everything. Not a compelling information rights menu in a 128pp document, but we can tell you that it has a nice picture of a cute badger in it. (Indeed, almost every page has a picture or a graphic on it.)

In contrast, almost entirely picture free is the Conservative and Unionist Party manifesto, or ‘Theresa May’s Team’, as we must now apparently call them. The sole said picture? Of Theresa herself of course. But although the manifesto is the shortest (88pp), it is very text heavy, and it is the only one to have an entire section (albeit a short section) dedicated to the “digital age”. In the key bullet points of that section, the following are to be found:

“Protections for people’s data online, backed by a new data protection law.” / “Safety for children online, and new rights to require social media companies to delete information about young people as they turn eighteen.” / “New rules for the digital economy, underpinned by domestic regulation and international partnership.”

What, then, do these mean? Well, the Conservatives also promise a “Digital Charter”, which appears in large part to be a digital industrial strategy, with associated technological commitments not of concern here. But it also appears to include an intention for substantial increases in internet regulation, with the intention (voluntary or compulsory is unclear) to “push” the internet industry to do more to protect users from harmful content. The flaunting of a right of deletion from social media platforms of data about you as a child reflects moves in the GDPR. And speaking of the GDPR, behold the following: “we will bring forward a new data protection law, fit for our new data age, to ensure the very best standards for the safe, flexible and dynamic use of data and enshrining our global leadership in the ethical and proportionate regulation of data”. Some resemblance to the mandatory measure which DCMS is currently taking views on anyway? One might think so. But many will be pleased to see a full-throated support of it. It is probably just as well, given the manifesto also commits to more release of open data and much more digital government.

Whether the following promise to regulate the digital economy is simply the GDPR renamed is less clear: “we will establish a regulatory framework in law to underpin our digital charter and to ensure that digital companies, social media platforms and content providers abide by these principles. We will introduce a sanctions regime to ensure compliance, giving regulators the ability to fine or prosecute those companies that fail in their legal duties, and to order the removal of content where it clearly breaches UK law”. The latter part certainly sounds a lot like the GDPR, which is also a regulatory framework. Does it achieve all the things the manifesto wants to though? Probably not, which suggests a possible much more wide-ranging proposal for data and internet regulation. The scope of that will require a lot of work. There is nothing in the manifesto on FOIA, which is probably a relief to many.

Perhaps more surprising is the promised desire to create two new bodies which overlap substantially with the ICO. One, the National Data Guardian for Health and Social Care, already exists but is to be put on a statutory footing. Doubtless it is rather busy at the moment, but it is only a guidance-giving body rather than a regulator. The other is new: “an expert Data Use and Ethics Commission to advise regulators and parliament on the nature of data use and how best to prevent its abuse”. Quite what this is going to add is unclear. Nor is it clear why this task will fall under the remit of the ICO under article 57 of the GDPR anyway.

So, in terms of detailed substance, the Conservative manifesto is the clear winner in the information rights field. We might not know what it all means, but there is a lot more in it than Labour or the Lib Dems managed. Labour’s sole commitment is basically to implement the GDPR, which it would have to do anyway, and it is fair to say that much of the points in the Conservative manifesto are really GDPR implementation measures too. But the latter seem to go further, including the reference to greater regulation of the internet. Whether those further steps are achievable or wise is another matter. Doubtless we shall see as someone (who could it be?) forms the next Government.

(Other parties are, apparently, available. But I’m not putting myself through looking at the UKIP manifesto. Feel free.)

Christopher Knight, News at Ten