In March, the government said it would develop a data platform designed to provide “secure, reliable and timely data” to national organisations charged with coordinating the response to the pandemic.
Then it announced that the contracts would be going to the usual US suspects of Amazon, Google, Microsoft. However, more alarming was Palantir Technologies UK, a subsidy of Peter Thiel’s controversial analytics firm, and the London AI company Faculty, which worked on the Vote Leave Brexit referendum campaign. All of these groups have a history of using personal data that has hacked off someone at some time.
Campaign groups including Liberty, openDemocracy and Privacy International have now written to Hancock saying that promises of openness about the role of multiple private-sector tech firms in handling the health data of millions of UK citizens have not been fulfilled.
“We share the common goal of preserving public confidence in systems that can help make us all safer. Therefore, before the NHS continues its plans, we urge you to provide the public with more information and take appropriate measures to reduce risk of data sharing and keep the aggregated data under democratic control”, the letter states.
At the launch of the initiative in March, the government had said: “Essential data governance procedures and established principles of openness and transparency remain at the core of everything we do.”
But a legal opinion from Ravi Naik, a solicitor and legal director at data rights agency AWO; Matthew Ryder QC and Edward Craven of Matrix Chambers; and Gayatri Sarathy of Blackstone Chambers: namely, that the data store plan “does not comply, thus far, with data protection principles”.
At the same time, Palantir “offered some assurances” but failed to clarify the extent of the project and what protections exist, Naik says.
The campaigners said that while they understood the need for better health information, the public should be consulted throughout the development of the datastore and be able to obtain adequate information about the data-sharing agreements in place.
The campaign group asks the NHS to define the problem it is trying to solve and whether alternative models and providers were explored. It asks how the datastore is being financed and requests details of the agreements in place for each tech supplier. It asks whether the NHS will be able to switch providers, whether the data store will depend on proprietary software, and who will own any resulting intellectual property. It asks if an endpoint to the project has been defined and requests details of an exit strategy.
Individuals backing the letter include Cory Doctorow, formerly of Boing Boing; Anouk Ruhaak, Mozilla Fellow embedded with AlgorithmWatch; and Frederike Kaltheuner, Tech Policy Fellow, Mozilla.
The UK government has so far failed to listen to experts or the global consensus in using a centralised contact-tracing app that sucks up all the data and sends it to an extensive central system.