Digital activists sound the alarm over UK's 'coronavirus datastore' plans

A dozen groups including Liberty and medConfidential have written to Matt Hancock demanding answers

A broad coalition of privacy and digital rights activists have demanded answers to pertinent questions regarding the government's plans to build a COVID-19 datastore, in partnership with several major tech giants.

NHSX revealed plans in March to aggregate thousands of data points into a unified dataset in order to monitor and fight the spread of COVID-19 across the UK. The project would involve consolidating information to help decision-makers gain more visibility into the state of the virus, and how successful the response may be.

The datastore, which is being developed in partnership with Amazon Web Services (AWS), Microsoft, Google, AI firm Faculty, and Palantir, would be managed by NHSX. Moreover, in light of data protection concerns, the Department for Health and Social Care (DHSC) originally pledged that data will either be destroyed or returned in line with the law once the public health emergency has ended. 

Anxieties have swelled, however, over reports that the companies involved would be well-positioned to continue providing services based on a very similar model once the coronavirus pandemic has regressed. A report in the New Statesman, for example, suggested the project is likely to outlive COVID-19.

In light of these concerns, a dozen organisations and a string of individuals, including campaigners from openDemocracy, the Open Rights Group, medConfidential and Liberty, have penned a letter addressed to health secretary Matt Hancock

In it, the signatories urge the NHS to provide the public with more information, as well as take measures to reduce the risk of data sharing and keep the aggregated data under “democratic control”.

The letter cites a report in the Guardian suggesting the companies involved are processing large volumes of confidential patient data in a data-mining operation. One NHS document, for example, suggested Faculty had considered using the data to run a simulation to assess the impact of “targeted herd immunity”, although the company denies any such simulation took place.

“Emergencies require rapid responses, but these responses should also be appropriate, lawful and just,” the letter reads. “It’s unlikely that the NHS’s current plan to build a large-scale Covid-19 datastore meets those principles. 

“We understand the need for better health information, but maintain that the public should be consulted throughout the development of the datastore and be able to obtain adequate information about the data-sharing agreements in place.”

Points the letter requests clarification on include what problems the NHS aims to solve by building a datastore, how it's being financed, whether the NHS has considered any tradeoffs, and which agreements are in place with private partners.

The letter also wants the government to reveal who is conducting risk assessments, which specific data points each partner will have access to, and to what extent data access by partners will be audited.

Answers to the questions being put forward are fundamental to maintaining public trust in the NHS and to help keep high-risk personal data safe, the signatories added. 

Questions of data protection and privacy have arisen not just in the development of the datastore, but in the development of a contact-tracing app. The COVID-19 app, which is due to be released over the coming weeks, is thought to be key to easing lockdown measures. 

The centralised model pursued by the UK government, however, has raised concerns over whether gathering data into a single hub may lead to violations of privacy and data protection principles. As a result, the NHS has even reportedly begun work on a second NHS app, which follows a decentralised model based on an API developed by Google and Apple.

Featured Resources

Unleashing the power of AI initiatives with the right infrastructure

What key infrastructure requirements are needed to implement AI effectively?

Download now

Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey

A Veritas webinar on implementing a hybrid multi-cloud strategy

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

Recommended

What are employers' responsibilities when we use personal tech to work from home?
flexible working

What are employers' responsibilities when we use personal tech to work from home?

25 Jan 2021
How to be a great motivator
Business strategy

How to be a great motivator

22 Jan 2021
Hackers using COVID vaccine as a lure to spread malware
hacking

Hackers using COVID vaccine as a lure to spread malware

15 Jan 2021
Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021

Most Popular

WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021