A broad-based campaign group has written to UK health secretary Matt Hancock calling for greater openness in the government's embrace of private-sector tech companies contracted to provide a data store and dashboards as part of the NHS response to the COVID-19 outbreak.
In March, the government said it would develop a data platform designed to provide "secure, reliable and timely data" to national organisations charged with coordinating the response to the pandemic.
Along with the triumvirate of dominant cloud service providers – Amazon, Google, Microsoft – the government contracted Palantir Technologies UK, a subsidy of Peter Thiel's controversial analytics firm, and the London AI company Faculty, which worked on the Vote Leave Brexit referendum campaign.
Campaign groups including Liberty, openDemocracy and Privacy International have now written to Hancock saying that promises of openness about the role of multiple private-sector tech firms in handling the health data of millions of UK citizens have not been fulfilled.
"We share the common goal of preserving public confidence in systems that can help make us all safer. Therefore, before the NHS continues its plans, we urge you to provide the public with more information and take appropriate measures to reduce risk of data sharing and keep the aggregated data under democratic control," the letter states.
UK COVID-19 contact-tracing app data may be kept for 'research' after crisis ends, MPs toldREAD MORE
At the launch of the initiative in March, the government had said: "Essential data governance procedures and established principles of openness and transparency remain at the core of everything we do."
However, the open letter – also signed by individuals from law and academia – points out a legal opinion from Ravi Naik, a solicitor and legal director at data rights agency AWO; Matthew Ryder QC and Edward Craven of Matrix Chambers; and Gayatri Sarathy of Blackstone Chambers: namely, that the data store plan "does not comply, thus far, with data protection principles".
The letter also says the COVID-19 data store project has lacked transparency. Freedom of Information requests from journalism platform openDemocracy and tech justice nonprofit Foxglove have produced no substantive response. At the same time, Palantir "offered some assurances" but failed to clarify the extent of the project and what protections exist, it says.
"We understand the need for better health information, but maintain that the public should be consulted throughout the development of the datastore and be able to obtain adequate information about the data sharing agreements in place," the letter states.
The campaign group asks the NHS to define the problem it is trying to solve and whether alternative models and providers were explored. It asks how the data store is being financed and requests details of the agreements in place for each tech supplier. It asks whether the NHS will be able to switch providers, whether the data store will depend on proprietary software, and who will own any resulting intellectual property. It asks if an end point to the project has been defined and requests details of an exit strategy.
"These questions are fundamental to maintaining public trust in the NHS and to help keep high-risk personal data about UK citizens safe at a time when we need that the most. Lack of transparency and opacity in which these agreements are made do not help [in] building this trust," the letter states.
Backing the letter is Article 19, a British human rights group that focuses on the defence of freedom of information; Big Brother Watch, a nonprofit non-party British civil liberties and privacy campaign; and medConfidential, a group campaigning for confidentially in the use of medical data.
Individuals backing the letter include Cory Doctorow, formerly of Boing Boing; Anouk Ruhaak, Mozilla Fellow embedded with AlgorithmWatch; and Frederike Kaltheuner, Tech Policy Fellow, Mozilla.
The UK government has so far failed to listen to experts or the global consensus in using a centralised contact-tracing app that slurps data and sends it to a massive central system.
The Register has contacted the Department of Health for its response. ®
Sponsored: Ransomware has gone nuclear