Lord Knight of Weymouth (Lab)

- Hansard -

Copy Link

-

My Lords, I too very much welcome the Bill and the way that it was introduced by the noble Baroness, Lady Chisholm, with appropriate detail and clarity, and the speech by the noble Lord, Lord Patel. Like them, I agree that it is important to give the authority of a statutory footing to the National Data Guardian, Dame Fiona Caldicott.

I remind your Lordships of my interests in respect of my part-ownership and administration of a company called xRapid. Without wanting to go into any kind of long advert for its technology, it demonstrates why I am excited by health technology. This particular technology uses an Apple iPhone attached to a microscope to allow diagnostics, such as of malaria. It works in the same way that a laboratory technician does: it recognises what it sees through a microscope and gives a diagnosis. To be able to do that the computer has to be trained, which is done by it looking at a series of images so that it can learn what the parasites look like. That is health data which has to be collected in order for the machine to be trained. But I see the huge social benefit of that technology—in the end, of that data being used—to provide much cheaper and much more accessible and affordable access to diagnostics around the world.

I have huge excitement around the potential for machine learning and other artificial intelligence to be able to spread some significant health benefits. I want that excitement to build and for others to share it but I am also aware of the worries that people have about the privacy of their data. I share those worries, especially about the inferences that can be drawn from data when it may not have been collected for a specific health purpose, as in this case, but is then mashed with data that has been collected with consent for health-related purposes. Inferences and intelligence are then drawn from what is found and analysed.

I was supportive of the Data Protection Act, as it now is, but at the time of its passing I also pointed out the limitations as I saw them, in that it is a consent-based regime. It is very difficult to give consent about information if I do not know that you have it, because you have inferred it from analysing various sources of data that I might not know about. That is why I have previously talked in this House about the need for us to explore mechanisms such as data trusts and a statutory duty of care on technology companies, similar to the duty of care that they have in the physical world in respect of environmental protection or health and safety. In that way, they can then be held to account in a more general way for how the technology is used for social good.

Those concerns are good reasons for our needing a National Data Guardian in respect of health. I had some initial concerns about how that guardian would relate to the regulators but as set out by the noble Baroness, Lady Chisholm, in her speech I am satisfied that there would be a reasonable relationship—one whereby the National Data Guardian issues guidance, and the trusts and other health bodies would adhere to that guidance. If they did not, then it might be referred to the regulator.

I also remind the House of my interest as one of the chief officers at Tes Global, a large education business. I guess that my only question—if the Minister is in a position to answer questions when he responds—would be around the remit of the National Data Guardian. At Tes, we hold all sorts of data on teachers’ behaviour but we do not really hold any for children. I understand from my relationship with education the particular sensitivities that we have around the collection of children’s data: how it is held, who it is shared with and what happens when there are data breaches in respect of children. I am aware that there are 25,000 schools in this country collecting data on a systematic basis, many of which are led by people who are struggling to understand their obligations under the Data Protection Act and GDPR. I think that they would welcome guidance from a National Data Guardian, if such a person had a remit that extended to children and vulnerable adults. If the Minister were able to give any thoughts on it, has any consideration been given to extending the role of the National Data Guardian or finding another body that could perform a similar function in respect of children and vulnerable adults’ data as a whole?

I very much welcome the Bill and hope that it proceeds quickly, as the noble Lord, Lord Patel, said. We should get this on to the statute book quickly so that these protections can be put in place and it becomes part of a range of what has to be ever evolving legislation where we, as policymakers and legislators, are continuously keeping an eye on an ever evolving technological landscape. That will allow us to live in a society which can realise the excitement that I have around health technology and other social technologies, with the confidence of knowing that our rights as individuals in respect of the privacy of our data are being maintained.