It’s been a busy first week for CONNECTED BY DATA.
My Shuttleworth Foundation Fellowship was announced, and this website launched. I’m pleased with the initial response, which includes over 150 people following @ConnectedByData on Twitter (not all of whom are my family) and 15 joining the Discord server, only about half of whom I already know. I also got a few people expressing interest in the Advocacy and Campaign Director role, which was reassuring – I think it’s going to be difficult to fill.
The Discord server is a bit of an experiment. I’m used, from ODI, to having a very busy Slack environment with lots of people sharing and discussing interesting things. One of the disadvantages of working on your own is not having those kinds of places to talk about what’s on your mind with a small community.
Tim Davies has already made it valuable (for me at least) by sharing a huge collection of literature on data governance that he’s put together. Inspired by this piece on integrity workers, he’s also made a great strategic suggestion about how we might achieve changes in practice by creating a community of practitioners who have expertise in designing and implementing collective data governance.
The official start of my Shuttleworth fellowship means that I started hanging out on the Shuttleworth Slack, and attended my first “Fellowup” (weekly meetings of the fellows) this week. I’m a bit intimidated by the amazing things the other fellows are working on, many of which are way more practical and grounded than the kind of work I’m doing (e.g. Cecilia collecting data on gun violence in Brazil or Tarek shipping open source tourniquets to Ukraine), but it’s a very warm and friendly community, so I’m looking forward to settling in and getting to know them.
One of the exchanges on Slack turned into one of those messages that should have been a blog post, so I thought I’d share it here. One of the other fellows talked about making the transition to being CEO and asked what it is that CEOs need to do. My response was:
I could answer in terms of tasks (eg strategy, fundraising, building partnerships, managing the board, dealing with personnel issues) but I think those things differ from CEO to CEO. The things I think you can’t really delegate are:
- Shaping the culture , mostly by modelling how you want others to behave.
- Clear communication about, well, everything, but especially why you’re doing what you’re doing as an organisation, both internally and externally. People will want and need to hear it from you.
- Constructive challenge to head off drift away from values or goals and to nip problems in the bud. You might be the only person who can do this safely with other senior leaders.
- Putting in place people who complement you (that’s complement with an e, not compliment with an i), both in the team and at the board level, so you can play to your strengths, whatever those are.
- Being conscious of what you, your colleagues, and your organisation need and finding ways to fulfill those needs. (This might include you still doing bits of the day to day if that’s what you need to keep you energised.) And being conscious of, and caring about, the impact you (and your organisation) are having, good and bad, and adjusting accordingly.
Not that I’m claiming I did any of these particularly well while I was a CEO!
Aside from getting things set up and launched, I’ve also been starting to work this week on a particular target for this year: making changes to the legitimate interests lawful basis for processing personal data. The upcoming revisions to the Data Protection Act 2018 and the UK GDPR (outlined in the Data: a new direction consultation) mean there are opportunities to insert some of the changes to the law we want to see and start introducing more open and collective data governance.
The government is currently concentrating on the idea of creating “a limited, exhaustive list of legitimate interests for which organisations can use personal data without applying the balancing test.” Whatever you might think of that (and for what it’s worth, I don’t think it’s a particularly good idea), there will still be situations where the balancing test will need to be applied and where revisions could both support business confidence and scrutiny of their choices.
Specifically, we’re arguing for changes to legitimate interests that would:
- Enable organisations to process data in the public interest, by adding public interest as a factor to be taken into account in the balancing test
- Increase organisations’ confidence in borderline balancing tests by encouraging them to consult with their customers or community
- Increase trust in organisations that use legitimate interests by requiring them to publish information about the balancing test and how it was undertaken
Following a meeting with a couple of civil servants who are working on this particular aspect of the reforms, I rustled up a briefing paper about the issues. Please do take a look and tell me what you think.
The final thing that I’ve been working on this week is the strategic roadmap for 2022-23. This includes activities around the three main goals of CONNECTED BY DATA:
- Change the narrative
- Change organisational practice
- Change public policy
And the underpinning activities of building an effective organisation and a strong community. I’m going to be discussing the details with a couple of people before sharing it more widely but I’m pretty pleased with how it’s shaping up.
Did you know?
The Civil Contingencies Act 2004 (Contingency Planning) Regulations 2005 reg. 45 contains quite a nice definition of sensitive information. It lists information that’s sensitive due to national security, public safety, commercial confidentiality or because it is personal data (with a few exceptions). I’d like to see sensitivity due to environmental protection added to the list, but it’s a useful thing to point to.