Contact-tracing app U-turn ‘shouldn’t distract from wider data concerns’

  • 29 June 2020
Contact-tracing app U-turn ‘shouldn’t distract from wider data concerns’

The contact-tracing app U-turn “shouldn’t distract us” from pressing the government for clearer information on how it is using health data, a cybersecurity and privacy expert has warned.

Professor Eerke Boiten, professor in cyber security at De Montfort University in Leicester, raised concerns about the companies with “strong political connections” that have access to the data.

“Even if the app never gets off the ground, that shouldn’t distract us from seeking more insight into what the government and a few companies with strong political connections are still doing with our health data,” he wrote in The Conversation.

In parallel to the app, NHSX has been developing a data dashboard to manage all the Covid-19 data collected to inform the UKs response to the virus.

According to Boiten the choice of partners for the programme were “worrying”.

He added the data protection impact assessment (DPIA) later released for the app was “unsatisfactory” and lacked justifications for holding the data on a centralised database.

“But while it appears the app is off the table – or at least that England and Wales will get a more privacy respectful one run by internet giants – there’s still reason to be concerned about NHSX’s use of patient data and how it’s being shared with private firms,” he wrote.

“Palantir’s original contract was published under legal pressure but its renewed contract has not. In particular, we do not know whether NHSX is paying Palantir properly this time.

“We also know more clearly that there’s a lot that we’re not being told, as the government has only published a DPIA for data being combined and stored but not for how it is then being used for planning, including possibly through AI.

“The DPIA only assesses Palantir’s role for data storage, and yet the firm’s original contract also mentions ‘data analytics, ‘support tracking, surveillance, and reporting’, and none of that is covered in the document. It also doesn’t mention Faculty, which says it is working on data dashboards and modelling as part of its contract with NHSX.”

Boiten raised concerns that consultation with stakeholders and external experts was not completed for the DPIA, despite it being recommended practice.

“Overall, that leaves us in a position where we do not know what Palantir, Faculty and others are doing with NHS medical data. We do not know whether the risks of abuse of the data have been properly recognised and mitigated,” he added.

“But we do know that this kind of database is not protected against access by intelligence services.”

Boiten was one of hundreds of academics who in April signed an open letter asking NHSX about its plans for the app, warning it could “catastrophically hamper trust” if it became a tool for “large scale data collection on the population”.

“There was no publicly available information on how the app would work or keep the data secure, and it was not clear that it would work at all. There was also no justification for the choice of a centralised data matching model that was intrinsically riskier to privacy.”

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

WHO launches collaborative network for data and digital health

WHO launches collaborative network for data and digital health

WHO is bringing together its European region member states with partners for a network focused on advancing data and digital solutions in health.
Calderdale and Huddersfield awarded HIMSS stage 6 for analytics capabilities

Calderdale and Huddersfield awarded HIMSS stage 6 for analytics capabilities

Calderdale and Huddersfield NHS Foundation Trust has achieved a stage 6 validation from HIMSS for its use of data and approach to data science.
34,000 medication errors reported last year despite investments in tech

34,000 medication errors reported last year despite investments in tech

Last year saw a total of 34,000 medication errors made, including 21 incidents leading to patient death, and a further 27 leading to serious harm.