COVID-19 and our health data: a question of public trust

This is not a normal situation. The COVID-19 pandemic poses a profound threat to lives and livelihoods. The need to reduce its spread is so urgent that we’ve (reluctantly) accepted huge emergency limits on our freedom to work, to socialise and to go outside, which would be unthinkable in ordinary circumstances.

The pandemic is also prompting “emergency measures” with implications for our digital rights and freedoms. Around the world, governments are scrambling to make use of data in their efforts to control the pandemic.

And, because so much technological power rests in corporate hands these days, officials are turning to the private sector to help. The speed and scope of some of these projects would be unthinkable in ordinary times.

In the UK, the government has announced plans to build a new data platform that will provide those national organisations responsible for coordinating the response with secure, reliable and timely data […] in order to make informed, effective decisions.”

A range of private companies are involved in the project, because “in this time of crisis, we need the private sector to play its part”. They outline plans to consolidate and analyse large amounts of health data, in partnership with a range of private companies.

Foxglove wants digital technology to benefit everyone, not just the rich and powerful. That often means standing up to governments and tech companies and challenging partnerships between the two – especially when they involve the consolidation and exploitation of vast quantities of sensitive data.

However, we also recognise the need for an urgent, “all hands on deck” approach to tackling this deadly virus. We accept that this in an emergency and that this may justify things, temporarily, which we’d challenge vociferously in more ordinary circumstances.

But that doesn’t mean that we shouldn’t still look very carefully at what the government is doing.

There are good reasons for swift government action today, but speed increases the risk of flawed decisions or mistakes. Whilst the private sector may well have relevant expertise and capacity, it’s also not unheard of for private companies to seek to take advantage of a crisis for their own profit.

Some of the companies with whom the government has made deals have their own troubling histories of getting involved with abuses of power.

Perhaps most importantly of all, the success of the government’s efforts to control the pandemic ultimately relies on public consent and public trust. And public consent and public trust are much more likely to be maintained if there’s a high level of transparency, and independent scrutiny.

Foxglove plans to act as a “critical friend” ensuring that urgent pandemic data projects aren’t compromised by data abuses which would undermine public trust, that private companies don’t seek to exploit the crisis for their own benefit, and that any emergency uses of data are truly necessary and genuinely time-limited.

Our first objective is to establish more facts about the current plans so that they can be subjected to independent scrutiny and constructive criticism. To that end, we’ve just submitted some Freedom of Information requests seeking more information about the role of the private sector:

  1. We’ve asked to see copies of the Data Sharing agreements which have been entered into between the NHS and five private companies: Microsoft; Palantir Technologies UK; Faculty; Google; and Amazon Web Services.
  2. We’ve requested copies of the data protection impact assessments completed regarding these agreements/contracts with private companies.

Whether the government chooses to publish its agreements with these companies and more detail of its data sharing models – either voluntarily, or in response to official requests like ours – is a simple way of checking their commitment to taking the public with them.

It’s clear that those leading this project are aware that they need to be seen to get this right. They state:

“All NHS data in the store will remain under NHS England and NHS Improvement’s control. Once the public health emergency situation has ended, data will either be destroyed or returned in line with the law and the strict contractual agreements that are in place between the NHS and partners.”

This is encouraging and welcome. Foxglove will be monitoring the situation. We’ll offer constructive feedback and be ready to hold the government to its promises should that ever prove necessary.