The UK government should make ‘malicious data breaches’ a criminal offence, according to a new report from the Science and Technology Committee.
Its paper, titled The Big Data Dilemma, argues that fines alone are not enough of a punishment.
Further, the committee highlighted its concern over big data techniques that can “re-identify” individuals “from previously anonymized data”.
“The way the new EU regulation is framed appears to leave it open for data to be potentially de-anonymized if 'legitimate interests' or 'public interest' considerations are invoked,” it elaborated.
“It is particularly important therefore that the government set out its anonymization strategy for big data in its upcoming Digital Strategy, including a clear funding commitment, a plan to engage industry with the work of the UK Anonymization Network and core anonymization priorities.”
The paper describes the anonymization and re-use of data as a pressing issue, one that needs to be tackled with care and urgency.
While the committee acknowledges that balance is needed – between collecting and processing data and ensuring that privacy is maintained – the fact that this is a topic that has been somewhat neglected by the government is concerning.
The Science and Technology Committee has accordingly recommended the establishment of a Council of Data Ethics within the Alan Turing Institute.
This, it explained, will go a long way in addressing “the growing legal and ethical challenges associated with balancing privacy, anonymization, security and public benefit”.
“Ensuring that such a council is established, with appropriate terms of reference, offers the clarity, stability and direction which has so far been lacking from the European debate on data issues,” the committee concluded.