UK government could face legal action over huge, secretive health database
Exclusive: Lawyers acting for openDemocracy have written to health secretary Sajid Javid demanding transparency over database originally run by Palantir
Lawyers acting on behalf of openDemocracy have written to the British government demanding transparency over a massive health database that campaigners fear could break legal promises made about the use of the public’s health data after the pandemic.
Privacy campaigners have raised increasing concerns about the role of private sector firms in British health data.
Last month the government ended a controversial deal to handle adult social care data with US ‘spy tech’ firm Palantir.
This data is instead set to be held in a new system called Edge, which will be run internally by the Department of Health and Social Care – but built by British defence contractor, BAE Systems.
openDemocracy, supported by legal campaigners Foxglove, has now written to the health secretary, Sajid Javid, demanding that he offer a clearer explanation of what the BAE system is for, and to what extent other private companies will be involved in its set-up, operation and processing of sensitive personal data.
Only ‘emergency’ data relating to COVID-19 is supposed to be transferred into the new system, but concerns have been raised that the information could be used for purposes unrelated to the pandemic.
Foxglove director Cori Crider said: “The government promised that the massive Palantir datastore wouldn’t be extended beyond the pandemic without talking to people.
“Now we learn that there’s another huge health database called Edge, that arms firm BAE were somehow involved, and that it may be being adapted for post-pandemic use.”
The onus is on the government to explain “how these moves keep faith with the pledges made to openDemocracy,” Crider added.
openDemocracy previously forced the government to publish its initial COVID contracts with Palantir
The British government’s approach to data transparency has raised concerns previously. Last year, openDemocracy and Foxglove launched judicial review proceedings over “mission creep” in the government’s £23m deal with Palantir to supply the COVID-19 datastore. The government subsequently backed down, promising to consult on future deals.
openDemocracy and Foxglove had previously forced the government to publish its initial COVID contracts with Palantir and other tech giants. And over the summer, the government was forced to pause plans to upload the GP data of everyone in England, following further legal threats from openDemocracy, Foxglove and other groups.
On Tuesday, campaign group All the Citizens and Foxglove have a legal hearing about whether the government’s use of WhatsApp and Signal to conduct official business is unlawful, given the facility on both to permanently delete messages.
Details of what the BAE system for social care data does are sketchy, it is unclear why it is now set to take in social care data, and the extent of this data, and whether this is specific to the pandemic or not.
At the point the government launched the COVID datastore last year, it promised that it would “only be used for COVID-19” and that after the pandemic, it would be deleted. Data protection rules on sharing health data with third parties were suspended as part of emergency COVID powers, but only for pandemic-related purposes.
But the emergence of the existence of another secretive health database, seemingly developed and operated in parallel to the COVID datastore and pulling in similar data, has raised alarm bells.
Health data privacy experts are also concerned that the government is misusing emergency powers – currently extended to the end of March next year – in an attempt to set a ‘new normal’ that abandons current data protections, even in advance of planned legal reforms.
Sam Smith, the coordinator for medConfidential, said: “Outsourcing social care data to a British military contractor is barely better than American mercenaries. The Department of Culture, Media and Sport is trying to promote data-driven innovation, incentivising a supplier compatible with the culture of the NHS would be a good place to start.
The government is currently consulting on plans to scrap the existing data-protection regime derived from the EU and replace it with a system of increased flows of sensitive data, self-regulation by businesses and greater reassurances for private firms selling various data services. The proposals have raised eyebrows even in the business community.
Crider added: “The millions of opt-outs from the NHS data grab earlier this year send a clear message: unless the government works in the open, no new pool of patient data will command trust. Trust is essential if we’re to unlock better use of health data in a way that benefits patients and the NHS – not cronies or corporations.”
Get our weekly email