Data (Use and Access) Bill [Lords]
Jon Trickett Excerpts(1 day, 18 hours ago)
Commons ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Jon Trickett (Normanton and Hemsworth) (Lab)
I have tabled new clause 18, which is about health and instituting a new public interest test. There is an existing test, but it is not very accessible or useful nowadays. I will explain why. Probably the largest—or the most sensitive—database in the United Kingdom is the one held by the NHS. Almost every human being in our country is on a file somewhere, hopefully for beneficial and clinical reasons, in the NHS. I have had a series of medical issues in the last few months, and I am astonished by how much data is held about me. That will be the same for all of us, I guess.
That database is filled with the most vital, private and intimate details about all our lives, and if it is going to be sustained, it is important that it retains the confidence of patients and of citizens as a whole. The truth is that the Information Commissioner is not convinced that the Bill goes far enough in protecting us and the NHS data, and if the Minister has time at the end, I hope he will be able to comment on whether he is persuaded by the Information Commissioner that we should move further.
This data, which is intimate and private, as I have just said, can also be the basis of major advances in human welfare. We can imagine all sorts of ways that our interests as human beings are being advanced by the use of that data every day. I am thinking, for example, of the search for a covid vaccine, which was led by a British scientist and partly based on the data that was available from the NHS. We should be celebrating that—that scientific research is essential—but there is a threat to this database as well, and in my view it comes from two separate sources. First, there are hostile—or even friendly—state actors. Secondly, there are private interests who want to use the data not for human welfare, though that might be a fig leaf that they use, but for private profit. That cannot be right, given what that data has been created for.
Christine Jardine (Edinburgh West) (LD)
The hon. Gentleman makes an important point. Data can be susceptible and its breach is a breach of privacy. Does he agree that one danger in new clause 21, about the data on individuals’ sex at birth, is that it risks breaching someone’s privacy if they have kept that fact private and that data becomes public knowledge through the means being discussed?
Jon Trickett
I thank the hon. Member for making that important point, and of course she is right.
I go back to this question of the threats to the database, which are not simply the product of my imagination; they are real. First, all data can be monetised, but this database is so large that huge commercial interests are now trying to get access to that health data. I do not want to cause offence to any hon. Members, all of whom I know follow the rules, but it is interesting that nearly £3 million from the private health sector was made available to over 150 different Members of Parliament. I do not suggest that any Member has done anything inappropriate—that would be wrong of me—but one wonders how almost £3 million was found by a private sector that has no commercial interest in pursuing those investments.
Secondly, on commercial interests, will the Minister confirm that at no stage will any data or any other aspect of the NHS be up for sale as part of negotiations with the United States on a trade deal? Will the Government provide some guidance on that? If the House reflects on private sector interests—which are not necessarily in the best interests of humanity—and how they make money, there is an interesting thought about health insurance. A party represented in the House is led by an individual who has suggested that we should end the way that we fund the NHS and replace it with an insurance system. If the insurance industry got access to the data held on all of us by the NHS, they would be able to see the genome of each person or of groups of people, and provide differential rates of insurance according to people’s genetic make-up. That is a serious threat. I do not think the party that has recently entered the House has thought that through, but companies providing insurance could commercialise that data. That is one reason we must never follow the track towards a national insurance system to replace the NHS.
Yesterday, the Secretary of State for Health and Social Care told the House that we will not be privatising the NHS, and I welcome that statement. Reference has already been made to Palantir—the right hon. Member for Goole and Pocklington (David Davis) mentioned it earlier—and the contract that we inherited from the previous Government. It is extraordinary that Palantir, a company that has deep roots in the United States defence establishment, should be handling the data of millions of people, when its chair has said that he is completely opposed to the central principle of the NHS and that he effectively wants a private health system in the UK. How could a £500 million contract to handle our personal data have been handed over to such a company, led by a person whose purpose seems to be to destroy the principles of our NHS? How our data is handled should be our decision, in the United Kingdom.
The Information Commissioner says that it is important that this precious and vital data, which is personal to each of us, should be protected against any possibility of cyber-attacks. However, there has already been a cyber-attack. Qilin—the way I am pronouncing it makes it sound as if someone is trying to commit murder, but there may be another way of saying it—is a Russian cyber-criminal group that obtained access to 400 GB of private information held by a company dealing with pathology testing. That is an enormous amount of data. Qilin attempted to extort from the company that held the data a financial interest. I do not know whether enough provision is made in the Bill for the protection of our data, so I suggest that there should be a new public interest test, with a report to Parliament within six months, which we can all debate and then examine whether the legislation has gone far enough.
Finally, the Information Commissioner says three things. First, the database must retain public confidence. Media discussions and opinion polling show that people are losing confidence that their personal data is secure, and I understand why that should be the case. Secondly, data should be properly protected and built from the beginning with proper safeguards against cyber-attacks. Thirdly, and perhaps most importantly, the Bill refers to an effective exemption for scientific research. As my hon. Friend the Member for Newcastle upon Tyne Central and West (Chi Onwurah) said, private companies, and perhaps US companies, might use the idea of promoting scientific research as a fig leaf to hide their search for profit from the precious commodity—data—that we have because we created our NHS. That is a very dangerous thought, and the Information Commissioner says he is not convinced that the definition of scientific research in the Bill is sufficiently strong to protect us from predatory activity by other state actors or private companies.
David Davis
The hon. Gentleman is making an excellent speech and some very perceptive points. I remind him that previous attempts by the NHS to create a single data standard have all failed, because the GPs did not believe that the security levels were sufficient. It is not just the Information Commissioner; the GPs refused to co-operate, which highlights the powerful point that the hon. Gentleman is making.
Jon Trickett
I am grateful to the right hon. Gentleman for making that very serious point. When the clinicians—whose duty is to protect their patients—say they are not convinced about the safety of data being handed over to a central database, we have to listen to their reactions.
I do not intend to press my new clause to the vote, but it is important that we continue to debate this matter, because this enormous database—which can contribute to the general welfare of all humanity—must be protected in such a way that it retains confidence and ensures the security of the whole system. With that, I leave the discussion to continue on other matters.
