Digital activists sound the alarm over UK's 'coronavirus datastore' plans

A dozen groups including Liberty and medConfidential have written to Matt Hancock demanding answers

A broad coalition of privacy and digital rights activists have demanded answers to pertinent questions regarding the government's plans to build a COVID-19 datastore, in partnership with several major tech giants.

NHSX revealed plans in March to aggregate thousands of data points into a unified dataset in order to monitor and fight the spread of COVID-19 across the UK. The project would involve consolidating information to help decision-makers gain more visibility into the state of the virus, and how successful the response may be.

The datastore, which is being developed in partnership with Amazon Web Services (AWS), Microsoft, Google, AI firm Faculty, and Palantir, would be managed by NHSX. Moreover, in light of data protection concerns, the Department for Health and Social Care (DHSC) originally pledged that data will either be destroyed or returned in line with the law once the public health emergency has ended. 

Anxieties have swelled, however, over reports that the companies involved would be well-positioned to continue providing services based on a very similar model once the coronavirus pandemic has regressed. A report in the New Statesman, for example, suggested the project is likely to outlive COVID-19.

In light of these concerns, a dozen organisations and a string of individuals, including campaigners from openDemocracy, the Open Rights Group, medConfidential and Liberty, have penned a letter addressed to health secretary Matt Hancock

In it, the signatories urge the NHS to provide the public with more information, as well as take measures to reduce the risk of data sharing and keep the aggregated data under “democratic control”.

The letter cites a report in the Guardian suggesting the companies involved are processing large volumes of confidential patient data in a data-mining operation. One NHS document, for example, suggested Faculty had considered using the data to run a simulation to assess the impact of “targeted herd immunity”, although the company denies any such simulation took place.

“Emergencies require rapid responses, but these responses should also be appropriate, lawful and just,” the letter reads. “It’s unlikely that the NHS’s current plan to build a large-scale Covid-19 datastore meets those principles. 

“We understand the need for better health information, but maintain that the public should be consulted throughout the development of the datastore and be able to obtain adequate information about the data-sharing agreements in place.”

Points the letter requests clarification on include what problems the NHS aims to solve by building a datastore, how it's being financed, whether the NHS has considered any tradeoffs, and which agreements are in place with private partners.

The letter also wants the government to reveal who is conducting risk assessments, which specific data points each partner will have access to, and to what extent data access by partners will be audited.

Answers to the questions being put forward are fundamental to maintaining public trust in the NHS and to help keep high-risk personal data safe, the signatories added. 

Questions of data protection and privacy have arisen not just in the development of the datastore, but in the development of a contact-tracing app. The COVID-19 app, which is due to be released over the coming weeks, is thought to be key to easing lockdown measures. 

The centralised model pursued by the UK government, however, has raised concerns over whether gathering data into a single hub may lead to violations of privacy and data protection principles. As a result, the NHS has even reportedly begun work on a second NHS app, which follows a decentralised model based on an API developed by Google and Apple.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

Hackers using COVID vaccine as a lure to spread malware
hacking

Hackers using COVID vaccine as a lure to spread malware

15 Jan 2021
Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021
Website problems slow coronavirus vaccine rollout
hacking

Website problems slow coronavirus vaccine rollout

6 Jan 2021
BackupAssist teams with Wasabi to offer cheaper backup for businesses
backup

BackupAssist teams with Wasabi to offer cheaper backup for businesses

6 Jan 2021

Most Popular

What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021
150,000 arrest records accidentally deleted from police database
data management

150,000 arrest records accidentally deleted from police database

15 Jan 2021
Can Pat Gelsinger get Intel back on track?
chief executive officer (CEO)

Can Pat Gelsinger get Intel back on track?

13 Jan 2021