Life in Britain will be “back to normal” after Easter, Health Secretary Matt Hancock assured us, just days before Pfizer’s first coronavirus vaccine rollout was finally confirmed.

But if that’s so, why is his government extending its short term, “emergency” COVID data deals with big tech firms for another five years?

In March, the government quietly announced a potentially ‘unprecedented’ transfer of our personal health information from the NHS to private tech firms. We were told that this COVID datastore was an ‘emergency’ system in response to the pandemic; that it would be unwound at the end of the pandemic and the data destroyed. We were also assured that, if there was any extension of the deal, it would go out to public tender. 

Turns out not. In recent weeks, it’s emerged that the government plans to extend these lucrative NHS data deals for up to half a decade, with no public scrutiny or consultation. 

We believe they’re breaking the law – which is why we’ve sent an urgent legal letter demanding an immediate fix, and proper public consultation. And if we don’t get it, we may sue.

Spyware and secrecy

Why should we be worried?

For a start, the emergency NHS COVID datastore involves controversial firms like Palantir. A data firm founded by Trump-backing billionaire Peter Thiel, it has built software accused of fuelling ‘racist feedback loops’ in US policing, and has come under fire from its own employees over its role in the deportation of undocumented migrants. Has such a firm earned the public’s trust? Is it a fit and proper partner to be handling our sensitive personal health information?

Second: there’s the secrecy. We had to threaten legal action to just force the UK government to publish the data deals. (We shouldn’t have had to fight: the public has a right to know how our health assets are being held, protected, or traded.) 

Once published, the contracts revealed major issues. The initial versions permitted tech firms to retain intellectual property from their datastore work: potentially profiting from emergency access to health data. This provision, government lawyers said, was revised in at least one contract after we started asking questions. But it never belonged there in the first place, and questions remain over the robustness of the protection provided.

Not only does this latest move – extending these contracts for five years without public consultation – go against everything they previously assured us. It also breaks the law on how our cherished NHS should be run, and governed.

Under the NHS Act, common law and data protection laws, the government has to consult the public about major changes to the National Health Service. They have to conduct a ‘data protection impact assessment’: to show that when they are processing our sensitive health information, they’re complying with a whole range of laws to protect us. And they shouldn’t use the so-called G-Cloud framework – an accelerated system for quick-fire, minor contracts – for flagship five-year programmes.  

The government, in other words, needs to take their plans for NHS data to the public: so the public can decide for themselves which partners are right for a long-term role in the NHS. 

‘Covid cronyism’

Taxpayers deserve to know if they’re getting value for money – particularly for deals governing our health data that will run for half a decade and cost millions. Boris Johnson’s government has an appalling record on value for money and transparency to date, as a recent, damning report from the National Audit Office lays bare. 

This year, openDemocracy’s journalism has exposed countless instances of ‘Covid cronyism’: massive public contracts awarded to Tory donors, allies, or large firms without any competition or public scrutiny. The chosen few have been paid vast sums to deliver a range of often shoddy COVID services, from ‘disastrous’ PPE provision to the failing Test and Trace system. (As the government’s own scientific advisers said, Test and Trace has had a ‘marginal’ impact on stopping the spread of the virus.) The usual processes for involving the public in how their tax money is spent have gone out the window. This isn’t just a question of keeping the market fair: it’s a question of democratic legitimacy.

This has been the most testing year for the NHS since its founding in 1948. After unprecedented strain on services and front-line staff, we all want to see the NHS emerge from the crisis stronger. 

But if ‘how to protect the NHS’ is the question, secretive contracts with zero public debate are no answer. We now know a radical ‘shake up’ of the NHS is in prospect. What will that mean? That the right partners are companies like Palantir? No one has sought a public mandate for long-term partnerships between the NHS and tech giants. 

The future of our most cherished public institution is in play. How to ensure the NHS survives for the long haul are questions that everyone has a stake in. We all belong in this conversation: and our case aims to make sure everyone can take part.

Poll: Do you think the public should be consulted on the future of the NHS Covid-19 datastore?