Views on data management
The UK government has identified both public trust in data and data mobility as critical enabling factors to the success of the UK’s national data strategy (DCMS 2018). Under the General Data Protection Regulation (GDPR), individuals have new legal rights with regard to their personal data, including, for example, rights to access and portability. GDPR provides a legal imperative for developments in this area, and there is mounting evidence of growing experimentation in, for example, personal data management technologies such as personal data stores (e.g. digi-me, databox, solid), data portability (Cntl shift 2018) and responsible data stewardship (ODI 2019).
These developments are taking place against a backdrop of growing concern about data collection and use. Research shows low levels of public trust when it comes to data practices (Doteveryone 2018), described elsewhere as a ‘data trust deficit’ (RSS 2014). Growing awareness of the data trust deficit, combined with high profile failures to protect people’s personal data from exploitation or mis-use, has led to cross-societal consensus on the need for responsible data practices as articulated by, for example, the think tank Doteveryone, independent research and deliberative body the Ada Lovelace Institute, and the UK government’s new Centre for Data Ethics and Innovation.
In this context, it is vital that public views are factored into new developments and expert debates and decisions that will shape the future of the data economy. We therefore undertook a survey into public attitudes to data management models and associated data practices. In May 2019, a total of 2,169 respondents living within the UK completed our online survey from a Qualtrics panel. In the survey, we examined what participants thought about eight models for managing personal data. Each model was based upon approaches to data management that were being considered in various forms at the time of administering the survey, including personal data stores, data trusts and data co-operatives.
|Personal Data Store||to give you personal control over your data, which you can manage in a secure way.|
|Responsible Independent Party||you have a say over what happens to your data, but are not personally responsible for looking after it.|
|Resp Ind Organisations||have legal responsibilities to manage access to your data in ways that represent the interests of all parties involved.|
|Digital Service (Status Quo)||gives services control over your data (this is what usually happens now).|
|Data Co-operative||your data is managed collectively, by the people whose data is in the co-operative.|
|Public Data Commons||to make data accessible so everyone can benefit from it.|
|Regulatory Public Body||to ensure that personal data are collected, stored and used in legal and fair ways.|
|Data ID Card (Opt Out Option)||to give people the option of opting out of having their data collected.|
What we found
- A consistent finding is that respondents dislike the status quo, in which commercial organisations control personal data in return for the digital services they provide (average ranking = 4.9/10).
- Respondents generally preferred approaches that give individuals control over their personal data (average ranking = 7.7/10), that include oversight from regulatory bodies (average ranking = 7.6/10) or that enable opting out from data gathering (average ranking = 7.5/10).
- When a range of credible alternatives are available—for example, a public data commons, a data co-operative, oversight by a responsible independent organisation or party—respondents preferred all of these approaches to data management to the status quo.
- These findings were consistent across different methods used in the survey: asking respondents to rank models on a scale, choose a preferred model from a randomly generated pair; and choose a preferred scenario from a pair made up of randomly generated features.
- Existing knowledge about issues relating to data was a significant predictor of preferences in relation to four models. More knowledgeable respondents preferred approaches that offered more control and/or oversight over personal data by a regulatory public body than less knowledgeable respondents who rated the status quo higher. While this effect was significant, it was relatively small (about a half point difference on a 10-point scale). In other words, this mattered, but not a great deal.
- Age had a significant impact on evaluations of the status quo. Younger respondents rated the status quo higher than those who were older than 34.
- Apart from these two findings, there were no other clear differences in data management model evaluations by demographic subgroups within the sample.
- Our findings suggest that new approaches to data management are urgently needed, because there is a strong desire from the public for an alternative to the status quo. These new approaches need to give individuals control over their personal data and include oversight from regulatory bodies.