Trade Bill Debate
Full Debate: Read Full DebateLord Clement-Jones
Main Page: Lord Clement-Jones (Liberal Democrat - Life peer)Department Debates - View all Lord Clement-Jones's debates with the Department for Business, Energy and Industrial Strategy
(4 years, 2 months ago)
Lords ChamberMy Lords, I wholeheartedly support the amendments tabled by the noble Lord, Lord Freyberg, to protect the healthcare data generated by the NHS as well as the safety and rights of the patients and citizens it exists to serve. I commend the way in which he introduced these amendments.
I have spoken on Second Reading and earlier in Committee about the need for data adequacy to ensure that personal data transfers to third countries outside the EU are protected in line with the principles of the GDPR. By the same token, we must protect NHS data, especially given the many transactions between technology, telecoms and pharma companies concerned with NHS data. Harnessing the value of healthcare data must be allied with ensuring that adequate protections are put in place in trade agreements if that value is not to be given or traded away.
Amendments 71 and 72 would introduce clauses to the Bill to help guarantee patient safety where the data-driven medicines and medical technologies feature in a trade agreement. These are products and services that are bound to grow in number and novelty in the future, as a direct result of both the ongoing Covid-19 health emergency and the accelerated use of new technologies. Given the number of healthcare-related amendments that have been discussed in Committee, it is very clear that there are fundamental concerns about protection of the NHS and the safety, efficacy and cost of the healthcare services that it delivers. There is the potential for the Government to lose control at precisely the moment they propose to take it back. That is why I have put my name to, and support, Amendments 71 and 72.
In July, in the case of Schrems II, the European Court of Justice ruled that the privacy shield framework, which allows data transfers between the US, the UK and the EU, is invalid. That has been compounded by the recent ECJ judgment this month in the case brought by Privacy International. In future, data exporters will have to rely on standard contractual clauses. Relying on standard contractual clauses in healthcare is simply not acceptable. Relevant to Amendment 72 in particular, there is a common assumption that, apart from any data adequacy issues, data stored in the UK is subject only to UK law. This is not the case: in March 2018, the US Government enacted the Clarifying Lawful Overseas Use of Data Act, or CLOUD Act, which allows law enforcement agencies to demand access to data stored on servers hosted by US-based tech firms, such as Amazon Web Services, Microsoft and Google, regardless of the data’s physical location and without issuing a request for mutual legal assistance. In practice, data might be resident in the UK, but it is still subject to US law.
Data cannot, therefore, simply be considered UK sovereign, and it is notable that Amazon Web Services gave a full response to more than 1,259 subpoenas, search warrants and court orders between January and June of this year. AWS’s own terms and conditions, which form part of its agreements with the UK Government, do not commit to keeping data in the region selected by government officials if AWS is required by law to move the data elsewhere in the world. Key and sensitive aspects of government data, such as security and access rules, usage policies and permissions, may also be transferred to the US without Amazon having to seek advance permission. Similarly, AWS has the right to request customer data and provide support services from anywhere in the world.
The Cabinet Office Government Digital Service team, which sets the Government’s digital policy, gives no guidance on where government data should be hosted. It simply states that all data categorised as official —the vast majority of government data, but including law enforcement, biometric and patient data—is suitable for the public cloud, and instructs its own staff simply to use AWS, with no guidance given on where the data must be hosted. The costs of AWS varies widely, depending on the region selected—and the UK is one of the most expensive regions. Regions are physically selected by the technical staff, rather than the procurement team or the security team. I should say that Amazon Web Services has a contract with NHSX, so that should be set in this context.
The free flow of data across borders, in principle, is of crucial importance, as the noble Lord, Lord Freyberg, said. However, I hope this example illustrates that control of policy and regulation as to what that data is and who it is shared with should be retained by the UK Government. In fact, that is not even enough existing control over government data. In particular, retention of control over health data, health service planning, and research and innovation is vital if the UK is to maintain its position as a leading life sciences economy and innovator. That is what these amendments would ensure.
My Lords, the noble Lord, Lord Freyberg, is to be congratulated on bringing these amendments to the forefront of our discussions and considerations, not least because, as he said, at the heart of them is an attempt to guarantee patient safety. That should be a paramount reason for giving them the active consideration we are.
As the noble Lord, Lord Freyberg, said, there is a significant value to NHS data for a number of reasons: expanding research, testing technology, better under- standing of diseases and, of course, improving treatments. The fiscal value of NHS data cannot be underlined strongly enough—imagine its value if an insurance company were to find, for instance, access to data concerning test, track and trace.
The value of all this data is estimated to be around £10 billion a year, but, as I have mentioned before, the Bill in its current form could allow UK data to be moved to servers in America and stop the NHS being able to analyse its own health data without paying royalties. We should not pretend that tech companies and US drug giants do not recognise the value of all this data; the noble Lord, Lord Clement-Jones, has given ample voice to that argument.
Last year, it was revealed that pharma companies Merck, Bristol Myers Squibb and Eli Lilly paid the Government for licences costing up to £330,000 each, in return for anonymised health data. The Government, as has been said earlier, have also given Amazon access to healthcare information, and DeepMind was given access to the data of 1.6 million patients at the Royal Free Hospital.
As we have touched on before in a previous group, Labour supports protecting the NHS, including its data and publicly funded health and care services, from any form of control from outside the UK in trade deals. I have already pulled out the inconsistencies in the Government’s position. They say the NHS is not on the table in trade talks, but they will not put protections on the face of the Bill. What have they got to hide? They do not want to improve scrutiny mechanisms for trade agreements, and I think we should be concerned and highly worried about that.
I am not the only one to recognise this: more than 400 doctors and health professionals have urged the Government to amend the Bill and ensure that health services are not on the table in future trade deals. They have also argued that free trade deals risk compromising the safe storage and processing of NHS data. Let us commit in statute to protecting our beloved NHS in trade deals and making sure we can use valuable data to provide the most cutting-edge care for patients here in the UK.