The government scheme that's after your data

A little known UK government initiative is underway to release vast amounts of personal data from companies to citizens with the laudable aim of handing power to the consumer. The midata initiative aims to provide you with easy access to detailed information about your spending habits and consumption, so you can make better decisions about your life – from what you eat to how you communicate.

However, the Midata Innovation Lab is pulling all the data it gathers into a small number of central servers. This might work while the project is small but storing large amounts of personal information in one place is potentially a bad idea if the project is to expand, as is the intention. In its rush to open up the information, the people involved in this programme need to take stock of the changed world in which we live.

As a first step, the Midata Innovation Lab is collecting information on consumer spending, bank transactions, energy consumption and mobile phone use. Developers, policymakers and private companies are working together to find new ways to make this data work harder for individual citizens. The lab, which opened in July, hopes to gather data from around 1,000 volunteers between now and October.

Many researchers are concerned that inadequate checks and balances are in place to make sure the data gathered through midata is not used in ways that we might not like or that threatens our privacy.

In the wake of the NSA scandal, we are increasingly alert to how companies use our data and even worry that our own governments are spying on us. We are more concerned about how our personal information is used, even if the initial intention is good.

The sort of information being handled by midata can work at very detailed levels. We're getting personal here. It's not just possible to see how much energy you consume – your data can be granular enough to identify when you make a cup of tea, what time you get home from work and turn the heating on and how much television you are watching.

Multiply this across different aspects of your daily life, add in your weekly shop and the number of phone calls you make in a month, and the people holding your data are able to build a very accurate picture of who you are.

If that person is you, it's difficult to see the problem. But, in reality, consumers are unlikely to want to handle large amounts of data, even if it came from them in the first place. It's great that the government wants to make this information available to us but will we actually want it? Many of us can hardly be bothered to open our bank statements and we only take a good look at our monthly phone bills if we're surprised by the headline figure. Would you sit down and pore over the numbers that reveal how much electricity you have used? The fact that many of us wouldn't opens the path for companies to step in and handle the information on our behalf.

The biggest danger for midata is mission creep. Companies are able to obtain broad rights over the data they gather by using "take it or leave it" terms and conditions of service. If you want the service they provide, you have to agree to your data being used in certain ways.

Even when a company is socially responsible and offers reasonable terms and conditions, it could merge or be bought by another. That company may well be less scrupulous about what it does with those personal records. Similarly, with midata, what started as a project to empower people could end up ensnaring them.

The midata project is backed up by the Enterprise and Regulatory Reform Act, through which the government can effectively require companies to hand over data about customers. This legislation was passed ahead of the Queen's speech this year without much fanfare. Few people realised that the government was handing itself considerable power. However, there is still time to take stock of what, as a society, we would view as reasonable use when it comes to our data. Legislation that deals specifically with the release of data is still in the works so it is not too late to push for consumer protection that prevents information abuse to be part of it.

The flip side of the consumers' concerns are the concerns of the organisations that currently hold our data: banks, credit card companies, retail chains, communication providers. Deeply worried about their customer relationships, they see major reputational risk and liabilities in handing over data to third parties. For example, if identity fraud is perpetrated based on credit card information that was leaked via a poorly implemented midata application, who is liable for any financial loss incurred?

While there are potentially many benefits to midata, and the lab is working on new and exciting applications, there are still significant technical and legal matters that need thorough investigation before we could responsibly roll out a nationwide programme.

This story is published courtesy of The Conversation (under Creative Commons-Attribution/No derivatives).