The Government Digital Service has put in place “robust memorandums of understanding” allowing it to collect data from the websites of three quarters of Whitehall’s major departments.
A written parliamentary answer from minister for implementation Simon Hart reveals that, as part of its rollout of an “end-to-end performance monitoring” programme, GDS has signed data-sharing MoUs with 12 departments.
For the four that are yet to sign – the Cabinet Office, Foreign and Commonwealth Office, and the Departments of Work and Pensions, and Digital, Culture, Media and Sport – GDS is “still working through some points of detail, to facilitate their response”, Hart said.
“We are using clear and robust memorandums of understanding to set out the terms of the project,” he added, in response to a question from the Labour MP for Wakefield, Mary Creagh. “The MoUs outline the responsibilities of both the GDS and departments in a number of areas, including handling the relevant data to ensure there is no unauthorised access, loss, misuse, modification or disclosure.”
RELATED CONTENT
The 12 departments that have already signed are: the Home Office; HM Revenue and Customs; the Ministries of Defence, Justice, and Housing, Communities and Local Government; the Departments for Education, Transport, International Development, Environment, Food and Rural Affairs, and Business Energy and Industrial Strategy; HM Treasury; and the Department of Health and Social Care.
When the data analytics plans first emerged – in a report from Buzzfeed News – it was suggested that the scheme was politically motivated, and was being introduced at the behest of prime minister Boris Johnson and his chief adviser Dominic Cummings.
But ministers and officials have since insisted that the data-gathering plans have been in place for many months, and are solely geared to gaining insight into how people use the GOV.UK website, so as to improve its performance.
“GDS is implementing end-to-end performance monitoring so that GOV.UK can be designed to ensure that people can access the information and services they need as easily as possible,” Hart said. “Government departments are enabling GDS to centrally collect data on site usage across the GOV.UK estate, to provide an end-to-end, anonymised view of how people interact with government online. In developing this project, we have taken into account both the data protection regime and other guidance like the Government’s Data Ethics Framework.”
In answer to another question from Creagh, the minister for implementation offered some explanation of how the data involved in this project will be processed, stored, and analysed – and by whom.
“Different types of data and information are stored in different ways in accordance with our information assurance policies. In relation to the specific project to join up performance analytics across the GOV.UK estate, GDS has created a separate account within its existing Google Analytics account to hold the anonymised performance data collected from GOV.UK services managed by other government departments. Data within the two accounts is not linked together.”
He added: “Currently Baseline Personnel Security Standard (BPSS) cleared personnel working on the project have access to this anonymised data. BPSS is the minimum required security clearance, and access is granted on a case-by-case basis to further ensure that only appropriate people have access to the data. Data is stored in an encrypted format when it is in transit between service systems and the centralised Google Analytics account, and when stored in the account data store. These measures, together with GDS’s secure by default approach ensure that no data will leave the Cabinet Office by accident or malicious intent.”