Data (Use and Access) Bill [Lords]
Debate between Jon Trickett and David Davis(2 days, 1 hour ago)
Commons ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Jon Trickett
I thank the hon. Member for making that important point, and of course she is right.
I go back to this question of the threats to the database, which are not simply the product of my imagination; they are real. First, all data can be monetised, but this database is so large that huge commercial interests are now trying to get access to that health data. I do not want to cause offence to any hon. Members, all of whom I know follow the rules, but it is interesting that nearly £3 million from the private health sector was made available to over 150 different Members of Parliament. I do not suggest that any Member has done anything inappropriate—that would be wrong of me—but one wonders how almost £3 million was found by a private sector that has no commercial interest in pursuing those investments.
Secondly, on commercial interests, will the Minister confirm that at no stage will any data or any other aspect of the NHS be up for sale as part of negotiations with the United States on a trade deal? Will the Government provide some guidance on that? If the House reflects on private sector interests—which are not necessarily in the best interests of humanity—and how they make money, there is an interesting thought about health insurance. A party represented in the House is led by an individual who has suggested that we should end the way that we fund the NHS and replace it with an insurance system. If the insurance industry got access to the data held on all of us by the NHS, they would be able to see the genome of each person or of groups of people, and provide differential rates of insurance according to people’s genetic make-up. That is a serious threat. I do not think the party that has recently entered the House has thought that through, but companies providing insurance could commercialise that data. That is one reason we must never follow the track towards a national insurance system to replace the NHS.
Yesterday, the Secretary of State for Health and Social Care told the House that we will not be privatising the NHS, and I welcome that statement. Reference has already been made to Palantir—the right hon. Member for Goole and Pocklington (David Davis) mentioned it earlier—and the contract that we inherited from the previous Government. It is extraordinary that Palantir, a company that has deep roots in the United States defence establishment, should be handling the data of millions of people, when its chair has said that he is completely opposed to the central principle of the NHS and that he effectively wants a private health system in the UK. How could a £500 million contract to handle our personal data have been handed over to such a company, led by a person whose purpose seems to be to destroy the principles of our NHS? How our data is handled should be our decision, in the United Kingdom.
The Information Commissioner says that it is important that this precious and vital data, which is personal to each of us, should be protected against any possibility of cyber-attacks. However, there has already been a cyber-attack. Qilin—the way I am pronouncing it makes it sound as if someone is trying to commit murder, but there may be another way of saying it—is a Russian cyber-criminal group that obtained access to 400 GB of private information held by a company dealing with pathology testing. That is an enormous amount of data. Qilin attempted to extort from the company that held the data a financial interest. I do not know whether enough provision is made in the Bill for the protection of our data, so I suggest that there should be a new public interest test, with a report to Parliament within six months, which we can all debate and then examine whether the legislation has gone far enough.
Finally, the Information Commissioner says three things. First, the database must retain public confidence. Media discussions and opinion polling show that people are losing confidence that their personal data is secure, and I understand why that should be the case. Secondly, data should be properly protected and built from the beginning with proper safeguards against cyber-attacks. Thirdly, and perhaps most importantly, the Bill refers to an effective exemption for scientific research. As my hon. Friend the Member for Newcastle upon Tyne Central and West (Chi Onwurah) said, private companies, and perhaps US companies, might use the idea of promoting scientific research as a fig leaf to hide their search for profit from the precious commodity—data—that we have because we created our NHS. That is a very dangerous thought, and the Information Commissioner says he is not convinced that the definition of scientific research in the Bill is sufficiently strong to protect us from predatory activity by other state actors or private companies.
David Davis
The hon. Gentleman is making an excellent speech and some very perceptive points. I remind him that previous attempts by the NHS to create a single data standard have all failed, because the GPs did not believe that the security levels were sufficient. It is not just the Information Commissioner; the GPs refused to co-operate, which highlights the powerful point that the hon. Gentleman is making.
Jon Trickett
I am grateful to the right hon. Gentleman for making that very serious point. When the clinicians—whose duty is to protect their patients—say they are not convinced about the safety of data being handed over to a central database, we have to listen to their reactions.
I do not intend to press my new clause to the vote, but it is important that we continue to debate this matter, because this enormous database—which can contribute to the general welfare of all humanity—must be protected in such a way that it retains confidence and ensures the security of the whole system. With that, I leave the discussion to continue on other matters.