I work three days a week for Connected by Data. Outside that, as well as parenting two active under 10s, over the last few years I’ve been trying to get more involved in my local community, whether supporting democratic engagement delivering leaflets or wrangling data for Stroud District Green Party, helping out as a Parent, Teacher & Friends Association (PTFA) member and parent-governor at my child’s school, or joining the board of Create Gloucestershire, a county-wide non-profit with a mission to expand access to arts, culture and creativity.
In the last few months I’ve been struck by how often data governance issues have been coming up in these roles - and how rarely it has been possible to resolve those issues simply with the conceptual tools to hand in the form of GDPR, or a data protection policy.
In work time, a lot of the conversations I encounter about rethinking data governance focus on relatively large-scale interventions: like establishing new institutional forms (data trusts, co-ops etc), or changing policy to better regulate big tech. However, the idea that we are ‘connected by data’ can perhaps also apply very productively to everyday data governance.
To look at just two examples:
Class WhatsApp groups
My phone regularly pings with alerts from the WhatsApp group setup by parents of other children in my son’s class. Most classes at the school have a group like this. These informal, unofficial groups provide a stream of information and interaction: from questions about PE day or school trips, to confirming the week’s homework spellings, and sharing news of events.
When I was at primary school 30 years ago, this information might have been flowing as parents waited in the playground for school pickup. But, today, whether we’re all still standing a little future apart after COVID lockdowns, or because changing family structures and after school clubs mean there isn’t a common cohort of parents that meet each afternoon, the natter networks are somewhat broken, and platform-mediated WhatsApp groups are filling that gap.
This raises some challenges. Last week I got an e-mail from ClassList, the school-based social network, highlighting a legal opinion they commissioned that suggests school-based use of WhatsApp groups may not comply with GDPR. The fact that joining a WhatsApp group shares phone numbers, and some might be excluded if groups are the only formal route for sharing information, are amongst the concerns they raise.
Invoking GDPR might be a good marketing strategy to encourage risk-averse schools to adopt a platform that promises to ease compliance - but it converts a set of questions about how best to support communication and connection between families, into one about data controllers, notice, consent, and individual privacy controls. And in practice, questions of inclusive communication, and understanding the needs of different families, are likely to remain unaddressed.
Instead, I wonder how we might create light-weight models for conversations that allow the ad-hoc collectives convened, for example, in a WhatsApp group, to explore the norms and behaviours they want to jointly operate by, and the data governance (small d, small g) implications of those choices. For example, a set of conversation prompts might cover:
- What do we want this group to be here for?
- What impact does the information shared here have on others? On teachers? On students?
- What is it ok, and not-ok to share in this space?
- Should we move to another platform (e.g. Signal) that has more privacy-preserving features?
I’m not sure how starting a conversation like this would be received - and what other resources (e.g. background explainers etc.) might be needed to support a meaningful conversation. But it is the kind of discussion of platform data governance in the everyday that I think we need to be having alongside the big picture work to secure better platform defaults. Perhaps a bit of action research is required.
On Wednesday I had a meeting of the board working group on data for Create Gloucestershire (CG). The group was set-up to support CG, as a small non-profit infrastructure organisation, to make better internal use of data and to catalyse good data practice amongst partners. GDPR was on our agenda this week, triggered by a need to work through the NHS Data Security and Protection Toolkit as part of new work with the NHS.
However, it quickly became clear that the conversation was not just about protection of personal data. Instead, it was also about a sense of data extractivism, and the feeling that voluntary sector organisations risk ending up in the middle of processes that capture data from communities, but that don’t provide insights or identified benefits in return. And it was about making sure data practices were the right-fit, applying strong protections to sensitive data, but not inhibiting sharing of community-level insights, or co-operative working on non-personal data. I was struck that, although the CG team introduced the item with questions about GDPR compliance, the language used to talk about what practices to encourage or require from partners, was much more a language of community, capacity building and collective responsibility.
The conversation ended with the idea for a local data unconference, to create a space that could both share practical data security and data management skills and give practitioners greater confidence in handling data at the individual level, at the same time as building a stronger collective voice amongst voluntary sector organisations to talk about how to data collection and sharing could work for them.
Just as the individuals whose lives are captured in the same dataset, or whose choices are shaped by its analysis, are connected by data, so too are organisations reporting to the same funders, or operating in policy landscapes governed by the same centralised metrics. If these organisations can find common voice, then there may be opportunities to shape more equitable data infrastructures that more effectively deliver the public good.
I took the idea of this unConference to Jeni and Jonathan at our regular check-in on Thursday, and they liked it. So I’m hoping to work with the CG team in the next few weeks to work up the idea more. If you might be interested in collaborating too - as a co-host, sponsor or attendee of a data-focussed day-long unconference in Gloucestershire, do drop me a line!