UK government developing ‘trust framework’ for commercial use of personal data
The UK government is currently working to develop a framework designed to encourage businesses to be more transparent in the way they use the biometrics data of customers, according to a report by Out-Law.com.
The new ‘Trust Framework’ is intended to set guidelines regarding the commercial use of personal data, which serves as a response to a March 2015 report by the Science and Technology Committee in the UK parliament on using biometric data and technologies.
“The government is working with the Digital Catapult and the British Standards Institution, along with businesses and consumer representative bodies, to develop a ‘Trust Framework’ for commercial use of personal data,” wrote the government in the 13-page report. “The Framework is being designed to give consumers more clarity and a greater level of control on how their data is collected, stored and used by companies. The Digital Catapult is looking to run a number of pilot projects over 2015, with the aim of completing the initial stages of the Framework by March 2016.”
In the March 2015 report, the Science and Technology Committee at the House of Commons condemned the government for not devising a “comprehensive” plan on how it will use biometrics to provide access to government services, as well as stating any “associated ethical and legal implications” related to biometric collection.
The government stated that it will issue individual forensic and biometric strategies before the year’s end.
“The government recognizes the need to develop a strategic approach to the use and retention of biometrics,” it said. “This approach should recognize that biometrics is fast-changing and provides opportunities for better secure identity verification, better public services, improved public protection and the ability to identify and stop criminals. This should be balanced against safeguarding the rights of the individual from unnecessary intrusion. The government’s biometric strategy and associated policy framework will support an aligned approach on the use and retention of biometrics and how its implementation is governed.”
In response to the Science and Technology Committee’s recommendation that the government’s biometric strategy ought to address “public concerns about the security of personal data and the potential for its use and misuse”, the government said that Home Office systems that store biometric data implement “defence in depth measures” to safeguard the data from being breached by third-party individuals.
Additionally, it said the measures are “subject to regular effectiveness reporting and are subject to third-party assurance and annual assessment to ensure their fitness for purpose”, as well as employs a ‘secure by design’ philosophy at the beginning of any project that involves the use of biometrics data.
The government’s response to the Science and Technology Committee come a few days after privacy watchdog the European Data Protection Supervisor released a 21-page report calling for the ethical use of data to be taken into account for EU policy making.
“Policy makers, technology developers, business developers and all of us must seriously consider if and how we want to influence the development of technology and its application,” Giovanni Buttarelli said. “But equally important is that the EU consider urgently the ethics and the place for human dignity in the technologies of the future.”
“Data protection principles have proven capable of safeguarding individuals and their privacy from the risks of irresponsible data processing. But today’s trends may require a completely fresh approach. So we are opening a new debate to what extent the application of the principles such as fairness and legitimacy is sufficient. The data protection community can play a new role using existing tools like prior checks and authorizations – because no other bodies are equipped to scrutinize such data processing,” he said.