Where to next? - A series of White Papers looking at Trends

30.09.21 10:14 AM By Colin Rhodes

Data, data everywhere and not a drop to leak! 

As more data breaches hit the headlines there is a significant move in the UK towards updating rules and regulations around data.


The UK’s new Information Commissioner is charged with shaking up data regulations to go beyond existing rights protections, but also looking to promote innovation and economic growth. It’s an interesting dilemma. Does this mean a lessening of the constraints, red-tape, and burden and how does this retain the rights of individuals to say “No”?


One of the targets is the removal of cookie-popups, most of which are pointless anyway, as we all simply accept to proceed. However, that does give the site permission to store our personal information which can be sold on – so should we be more wary?


Not really because, in most instances it doesn’t require our permission for our data to be collected and sold. So far this year, there have been at least three major “scraping” incidents where publicly available data was bulk-harvested and sold. And big tech companies are beginning to accept these occurrences as “normal”: 


•In April, a hacker sold another database of around 500 million records scraped from LinkedIn, (including emails and phone numbers).
•In the same week another hacker posted a database of scraped information from 1.3 million Clubhouse profiles on a forum for free.
•Also in April, 533 million Facebook user details were compiled from a mixture of old and new scraping before being given away on a hacking forum with a request for donations.


One of the key reforms under review by the new Information Commissioner involves the introduction of “Data Adequacy Partnerships” which facilitates the exchange of data between states if they have similar regulatory policies in place. These agreements ensure adequate protections are maintained. However, this remains in flux between the UK and the EU as data flow is subject to Brexit sub-clauses if legislation between the two diverges. 

This kind of “Data Adequacy Partnership” reform or agreement is drastically required in the healthcare sector where proprietary EHR (Electronic Health Record Systems) have a monopoly hold on patient records. This prevents ownership (or edit) by the originator – the patient. These electronic systems (for primary and secondary care) hold patient records in silos without clear regulations and central governance. 

A new drive headed by WHO (World Health Organisation) and Michael Miller (About | CIC) is pushing for an open system to untangle the mess and importantly to allow interoperability of systems, providing patient ownership of their own data. This new Open EHR is being promoted by many leading governments and commercial operations to remove siloed data and to democratise healthcare systems. This will give back data to those who own it and from a practical perspective will enable systems to integrate into the NHS; unblocking and removing legacy systems that are holding back NHS system innovation. 

A formalising of “Data Adequacy” standards will enable agreements through many sectors, from commercial to healthcare and between states and countries. 

A company called DuckDuckGo has slowly grown and become profitable through organic growth despite competing head-to-head with Google. It has doubled its traffic year-on-year with keyword internet searches that don’t track your behaviour. It leaves your data and your searches in your hands using contextual targeting of search, rather than behavioural tracking that fuels advertising by creating a humungous dossier of your online activity. 

The argument that behavioural search enables companies to deliver a more compelling and personal service is blown out the water and so too is their justification for data harvesting. 

Data can be returned into the hands of the individual and the user and technology can find ways to still deliver an engaged and relevant service. In the same way, the proprietary EHR systems propound security but, they are self-serving and do not allow data ownership by the originator and system innovation through integration. 

Can we expect our new UK Information Commissioner to build a brave new world that understands privacy, but also comprehends the barrier that can impose?  We need bold new regulations and laws for a digital post-Brexit Britain that lead the way for trade and interoperability and with data laws based on common sense.