An order from the prime minister to centralise the gathering and analysis of user data from the GOV.UK website has triggered an investigation by the Information Commissioner’s Office (ICO).
The ICO has said on Twitter that it has asked the Government to explain the move to ensure it is complying with data protection laws and to understand whether further action is necessary.
It comes after all Government departments were told to collate the information from GOV.UK for the first time – to “provide the best possible service”, Downing Street said.
But the move has raised the alarm because a leaked memo revealed that it was specifically linked the gathering of the data to decision making to “support” Brexit.
Seen by the Buzzfeed website, it said the XO Cabinet committee in charge of ‘no deal’ Brexit preparations had been asked to ensure GOV.UK “is serving as a platform to allow targeted and personalised information to be gathered, analysed and fed back actively to support key decision making – in effect, focused on generating the highest quality analytics and performance data to support exit preparations”.
Nine days later, Johnson’ chief adviser Dominic Cummings emailed officials to stress this was a “top priority”, Buzzfeed said.
Data protection question
The Liberal Democrats and a member of the Commons Media Committee asked Information Commissioner Elizabeth Denham to look into the controversy after the emails were revealed. They demanded to know what the data will be used for and whether No 10 will be breaching data protection rights if people have not given permission for their information to be collected.
Ian Lucas, a Labour member of the committee, said the controversy involved the “same individuals” – the prime minister and his chief aide – who were at the forefront of allegations over the Vote Leave campaign’s misuse of data.
In a tweeted response, Denham said: “We have contacted Government regarding the collection of personal data on GOV.UK in order to fully understand its approach to compliance with data protection law and whether any further action is necessary.”
In his letter to Denham, Tom Brake, the Lib Dem Brexit spokesman, had asked if it was proper for data to be “fed back actively to support key decision making, if the individuals had not granted permission for it to be used in that way”.
And he added: “If such permission had not been granted, and data was fed back in this way, would this be a breach of their rights and data protection?”
Normality claim
But a Government spokesman insisted: “Across the industry, it is normal for organisations to look at how their websites are used to make sure they provide the best possible service.
"No personal data is collected at any point during the process, and all activity is fully compliant with our legal and ethical obligations.”
Officials said the only change would see the anonymised user data currently collected by individual departments collated across the GOV.UK website, generating better information on how the site is used as a whole.