Public Services

PCAG expected to consider departed co-chair's data & ID concerns

Neil Merrett Published 12 May 2017

Dr Jerry Fishenden's criticisms of present government's data sharing and privacy commitments anticipated to form part of independent group's discussions after election


The recent resignation of the independent Privacy and Consumer Advisory Group (PCAG) co-chair Jerry Fishenden over concerns about government commitments to its work and guidance on privacy and identity is not expected to set back the organisation's future meetings, it is understood.

Sources with knowledge of the review body, managed on behalf of the Government Digital Service (GDS) to provide expert analysis and guidance on all Whitehall data and privacy initiatives, expects the group's work to continue on once the General Election purdah period is over next month. A replacement co-chair is also likely to be sought to share the overall workload from the group.

However, the issues and concerns publicly raised by Fishenden after he stood down last week are expected to be part of PCAG's future discussions, at least at the first formal meeting scheduled for after next month's election.

The former co-chair has accused the government of showing dwindling ministerial support for its advice since the 2015 General Election, as well raising concerns that PCAG had been misled around provisions about data privacy commitments within the recently passed Digital Economy Act.

The act was squeezed through parliament before the upcoming General Election and Fishenden was critical of a failure to address concerns about data sharing within it. Outlined in Part Five of the new act, he warned that the group's advice and offers of support to shape data sharing of citizen information in a more accountable way had been ignored by officials.

"Worse, in the case of Part Five, the group was repeatedly misled and misinformed by the team that drafted the core of the proposals and the related 'codes of practice'. Once again it was ministers and parliament left to deal with the consequences," he said at the time.

Identity service

As well as giving his thoughts on the legislation, Fishenden was also critical of GDS' work on the GOV.UK Verify identity assurance platform, calling for a "reset" of thinking around the solution, which is intended by government to support 25m users by 2020.

At present, there are 1.23m registered accounts with the platform. However, it is understood that these accounts do not necessarily represent individual user numbers, with citizens able to have multiple accounts with different ID providers that support the platform.

Moving forward, efforts are underway to expand the service into local government use or potential private sector implementation. An additional hub linking Verify with the finance and retail sectors is also under consideration and testing.

However, Fishenden has now urged a new approach to online identity services in Whitehall, arguing that significant funding, resources and time put into projects such as Verify are not delivering the required level of results or service benefits intended.

"It's time that the Verify platform, other 'competing' initiatives such as the updated Government Gateway, and the underlying work on an identity assurance framework are subject to an open, honest and fundamental reset," he said.

In March, the National Audit Office (NAO) published a report on GDS' work that looked at a number of key projects such as Verify and how it was impacting data sharing and online service access.

"Our review shows that GDS could have done more to understand the existing landscape of department services to support their early work on identity assurance for individuals. For example there was no full analysis of how existing services identified customers or analysis of the way in which customer data is held in existing services or how this might affect the user journey from Verify to completion of the service transaction," said the findings.

The report argued that undertaking such research would have given an improved understanding of how to meet the identity needs of departments and public sector bodies to improve take up. The report added that major questions remained over the platform's capabilities for wider use in the public sector, such as by NHS bodies.

Based on official government figures, GDS and PCAG have met numerous times over the last twelve months, with the Cabinet Office maintaining that the group is one of a number of bodies it consulted with before finalising its data sharing legislation.

"Views from many groups, including the Privacy and Consumer Advisory Group, were taken into account when establishing the Digital Economy Act 2017," said a spokesperson for the organisation.

Critical view

For longer-term critics of the government's work around ID and data, such as privacy blogger David Moss, Fishenden's resignation was seen as coming at a time where serious questions must be asked about how government is sharing personal information.

According to Moss, one notable consideration that PCAG finds itself having to consider is that government commitments and potential for open data remains very different from personal information.

Moss argued that Fishenden's resignation highlighted that Whitehall was failing to take account of key issues around public trust and transparency as to how personal information is used.

"Open data is a good thing. It needs to be distinguished from personal information. The government isn't good at doing that," he claimed.

Querying the current ability of Verify, which is now classed as a live service to effectively meet citizen needs for a secure identity, Moss argued that whatever future government PCAG advises, there were significant privacy and security concerns left unaddressed.

"For the moment we are left with the uncontrolled gathering of personal information with no working government identity assurance and the unspecified promise of an HMRC alternative," he claimed.

The platform's completion rate, defined as the proportion of visits to GOV.UK Verify that result in successful user sign-in or account creation, has between February and April this year ranged between 31% and 46% for the over half a dozen services using it.

As part of its own commitments to develop GOV.UK Verify, GDS is this month seeking a team of between five to six developers to provide additional capabilities to improve uptake of the platform.

The opportunity, valued at between £550,000 and £650,000, is expected to last six months with work commencing no later than July to try and tackle broader challenges for the platform including handling lower levels of assurance requests from users, such as certain services in the tax domain.

Other requirements will include realising a 5% to 10% to the "Verify completion rate per quarter", as well as testing the platform's hub capability for handling lower level assurance services and then migrating the hub to Amazon Web Services.

The closing date to receive applications for the opportunity, which is being undertaken via the Digital Outcomes and Specialist (DOS) agreement, is set for May 22.

Related articles:

Privacy and identity expert Fishenden calls for Verify rethink

Cunnington: "Very concrete" plans mapped for 25m user Verify expansion

Summer launch planned for GOV.UK Verify private sector testing


Post a comment

Comments may be moderated for spam, obscenities or defamation.

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.