The Information Commissioner’s response to proposals for data protection reform has another take on my idea of the law helping us to find sweet spots: those points shouldn’t be seen as “trade-offs”, but as mutually beneficial. As the ICO puts it:
The economic and societal benefits of this digital growth are only possible through earning and maintaining people’s trust and their willing participation in how their data is used. Data-driven innovations rely on people being willing to share their data.
Others have suggested a safety analogy:
Good brakes let you drive faster
That has certainly been our experience at Jisc. We’ve been developing, using and publishing GDPR tools as part of our innovation in use of data since before the GDPR was passed! Not because it’s a legal requirement (which is often arguable) but because it’s a really good way to think through issues and explore concerns with customers and users of our services. And, because we’ve done that thinking and exploration, those stakeholders seem inclined – when we come up with a new idea – to approach it with confidence. They may want to point out issues we haven’t thought of, which is great as we can work together to improve, but we rarely get a reaction of pure suspicion.
When I first suggested using a DPIA to explore and explain our network security services, it felt like radical transparency. Now it seems much more like common sense. You can find the tools we’ve developed along the way at:
- Security Operations Centre DPIA
- Learning Analytics DPIA
- Intelligent Campus DPIA template
- Wellbeing Analytics Code of Practice (including DPIA and Purpose Compatibility templates)