Wednesday, 22 August 2012

Midata: here we go again

Have you heard the one about a Government Department actually being interested in giving the public greater access to customer data?

The BBC today carried a great story about a proposal to the Midata project, which is a proposal to require utilities, web firms and shops to provide "machine-readable" records of transactions.

Consumer Minister Norman Lamb was quoted as remarking: "It's clear to me that giving consumers the right to access their own transaction data promises huge opportunities for both consumers themselves and UK businesses."

You may have heard of this idea before, as it was originally launched last November. At that time, Information Commissioner Christopher Graham said: “Midata presents an innovative and empowering opportunity for consumers. It goes without saying that privacy and data security principles must continue to be upheld and I’m pleased that consumer data security has been a key strand from the outset. I look forward to continuing to work with the government and businesses to ensure the scheme complies with the Data Protection Act."

Evidently, not that much progress has been made, so another effort has been made to engage the public’s attention to a new consultation exercise, which was actually announced (and virtually totally ignored) on 27 July. You may not remember much about what you did at work on 27 July – other than it was the day of the opening ceremony of the London Olympics. What chump would have launched a consultation process on a serious proposal on that day?

Everyone has until 10 September to respond to the proposals which might become compulsory. So I hope you’re not planning on taking too much time off during the upcoming Paralympics, which end the previous day.

If ever there were a prize for the “consultation exercise that most people were likely to ignore”, this is a contender.

To my mind, the project is similar to making a Subject Access Request on steroids. We all know what access is provided when an individual makes a Subject Access Request. The significant difference with the current law appears to be a requirement on the data controller to provide information in a certain technical format, so that people who will be selling machine-readable technologies will be able to create software to process these reports and the people buying these machine-readable technologies will be able do something meaningful with them.

How much will it cost data controllers to turn their records into the new electronic format (whatever it is going to be)? Not sure.

Does this matter? Well, given the stink that data controllers have made about the European Commission’s compliance cost assessment of the draft Data Protection Regulation, it certainly does.

How much force will be required to get all the large supermarkets to be more open about the purchases made by their customers, so that those customers can compare the prices with competitors and get cheaper deals? And how many small businesses might this put out of business, if a vicious price war were to take place? And who would stick up for these small suppliers? Will that include the Consumer Affairs Minister? Again, I'm not sure.

But, in the end, let’s concentrate on what matters. Consumer rights and promises about how much better life might be if everything was machine readable. And let’s not worry too much about the awful consequences of what happens when large datasets are accidentally made available to third parties. It’s a good news story, focusing on a customer-friendly initiative. Surely, that’s enough?

Incidentally, I wonder how many public authorities will be joining the Midata project? Given the regulatory action that is increasingly taken against them in respect of their data breaches, which will be the first to stick their head above the parapet and give the ICO yet another reason to fine them when something foreseeable goes badly wrong?