Updated The health and social care data watchdog for England chastised the UK government for failing to publish details of information released from the Palantir-based COVID-19 data store within a year of the project's start.
In her Annual Report for 2020-2021, National Data Guardian (NDG) for health and social care Dr Nicola Byrne said NHS England and NHS Improvement, which contracted US spy-tech specialist Palantir – along with AWS, Google and Microsoft – in 2020 to build a national data store in response to the pandemic, had committed to publish a full register of releases of data from the privately run database.
The release was designed "to promote transparency in how information is used and shared, and provide assurance that disseminations are considered carefully to ensure that they are lawful," the report said.
However, NHS England and NHS Improvement failed to provide that information in the period covered by the NDG report. "It was disappointing that by the end of the period this report covers the register had not yet been published," Dr Byrne said. The NDG was informed that NHS England and NHS Improvement "would continue to work with others to develop the data dissemination register."
Transparency – we've heard of it
The national COVID-19 data store attracted controversy during the early stages of the pandemic as campaign groups fought for greater transparency after its role in the government’s response first emerged in March 2020. A campaign for greater openness led to the government publishing contracts in June 2020.
Data and analytics platform firm Palantir is famously associated with the CIA and the much-criticised US immigration agency ICE, while its founder helped finance impeached ex-president Donald Trump. Despite the plan for the data store to span only the duration of the pandemic, in December 2020 the government signed a two-year deal with Palantir to run it, without competition or scrutiny.
- Palantir abandons any attempt at curating nice-guy image with ‘Global Information Dominance Experiments’
- In the Navy, we want to share data with some ease. In the Navy, can someone help us with this please?
- NHS England staff voice concerns about access controls on US spy-tech firm Palantir’s COVID-19 data store
- Of all the analytics firms in the world, why is Palantir getting its claws into UK health data?
At the same time, it agreed to engage citizens about Palantir's role in the NHS via patient juries, apparently bowing to pressure from campaigners.
But those seeking transparency will not be assured by the time it took NHS England to publish the details of those accessing the store. They were finally published on 12 August 2021, less than a week before the NDG published its report.
NHS England's commitment to publish those details stem from a meeting with the NDG before the two-year deal with Palantir was published.
"The NDG's advice was sought at a meeting with her panel, particularly on how to demonstrate trustworthiness to the public of arrangements with commercial partners," the report said.
"She emphasised the importance of communicating openly with the public about what the plans were for the data store and data platform, what organisations would be involved, how the data was being used and released, and what current and future uses were envisaged for the data. Subsequently the contract for the re-procurement was published, alongside communications from NHS England and NHS Improvement and NHSX about this."
But it is not only campaigners, including legal group Foxglove and health data group medConfidential, and the National Data Guardian who are concerned about transparency in the NHS's dealings with analytics firms. NHS England's own data analysts have complained about lack of transparency in how their requests to access data are managed – why they are being turned down and by whom.
The Register has asked NHS England why took until 12 August 2021 to publish the release record. It is yet to respond. ®
Updated to add:
National Data Guardian Dr Nicola Byrne gave The Register the following statement about the COVID-19 data dissemination register: "The publication of the COVID-19 data dissemination register is an important first step for transparency. For people to be able to trust how their health and social care data is being used to support the pandemic response, those using it need to demonstrate their trustworthiness.
"Data release registers enable the public to evaluate for themselves how confidential data about them is being used, and by whom. I am keen, therefore, that registers such as this evolve, in consultation with the public, to ensure that their design and content support that aim."