Data (Use and Access) Bill [HL] Debate
Full Debate: Read Full DebateDepartment: Department for Business and Trade
Lord Tarassenko
Main Page: Lord Tarassenko (Crossbench - Life peer)Department Debates - View all Lord Tarassenko's debates with the Department for Business and Trade
Data (Use and Access) Bill [HL]
Lord Tarassenko ExcerptsWednesday 18th December 2024
(1 month, 1 week ago)
Grand CommitteeRead Full debate Data (Use and Access) Bill [HL] 2024-26 Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 40-IV Fourth marshalled list for Grand Committee - (17 Dec 2024)
Lord Tarassenko (CB)
My Lords, I will speak briefly in support of this amendment. Anyone who has written computer code, and I plead guilty, knows that large software systems are never bug-free. These bugs can arise because of software design errors, human errors in coding or unexpected software interactions for some input data. Every computer scientist or software engineer will readily acknowledge that computer systems have a latent propensity to function incorrectly.
As the noble Baroness, Lady Kidron, has already said, we all regularly experience the phenomenon of bug fixing when we download updates to software products in everyday use—for example, Office 365. These updates include not only new features but patches to fix bugs which have become apparent only in the current version of the software. The legal presumption of the proper functioning of “mechanical instruments” that courts in England and Wales have been applying to computers since 1999 has been shown by the Post Office Horizon IT inquiry to be deeply flawed. The more complex the program, the more likely the occurrences of incorrect functioning, even with modular design. The program at the heart of Fujitsu’s Horizon IT system had tens of millions of lines of code.
The unwillingness of the courts to accept that the Horizon IT system developed for the Post Office was unreliable and lacking in robustness—until the key judgment, which has already been mentioned, by Mr Justice Fraser in 2019—is one of the main reasons why more than 900 sub-postmasters were wrongly prosecuted. The error logs of any computer system make it possible to identify unexpected states in the computer software and hence erroneous system behaviour. Error logs for the Horizon IT system were disclosed only in response to a direction from the court in early 2019. At that point, the records from Fujitsu’s browser-based incident management system revealed 218,000 different error records for the Horizon system.
For 18 years prior to 2019, the Post Office did not disclose any error log data, documents which are routinely maintained and kept for any computer system of any size and complexity. Existing disclosure arrangements in legal proceedings do not work effectively for computer software, and this amendment concerning the electronic evidence produced by or derived from a computer system seeks to address this issue. The Post Office Horizon IT inquiry finished hearing evidence yesterday, having catalogued a human tragedy of unparalleled scale, one of the most widespread miscarriages of justice in the UK. Whether it is by means of this amendment or otherwise, wrongful prosecutions on the basis that computers always operate properly cannot continue any longer.
The Earl of Erroll (CB)
My Lords, if I may just interject, I have seen this happen not just in the Horizon scandal. Several years ago, the banks were saying that you could not possibly find out someone’s PIN and were therefore refusing to refund people who had had stuff stolen from them. It was not until the late Professor Ross Anderson, of the computer science department at Cambridge University, proved that they had been deliberately misidentifying to the courts which counter they should have been looking at, as to what was being read, and explained exactly how you could get the thing to default back to a different set of counters, that the banks eventually had to give way. But they went on lying to the courts for a long time. I am afraid that this is something that keeps happening again and again, and an amendment like this is essential for future justice for innocent people.
The Deputy Chairman of Committees (Lord Russell of Liverpool) (CB)
My Lords, before we proceed, I draw to the attention of the Committee that we have a hard stop at 8.45 pm and we have committed to try to finish the Bill this evening. Could noble Lords please speak quickly and, if possible, concisely?
Lord Tarassenko (CB)
My Lords, I support my noble friend Lady Kidron’s Amendment 211, to which I have put my name. I speak not as a technophobe but as a card-carrying technophile. I declare an interest as, for the past 15 years, I have been involved in the development of algorithms to analyse NHS data, mostly from acute NHS trusts. This is possible under current regulations, because all the research projects have received medical research ethics approval, and I hold an honorary contract with the local NHS trust.
This amendment is, in effect, designed to scale up existing provisions and make sure that they are applied to public sector data sources such as NHS data. By classifying such data as sovereign data assets, it would be possible to make it available not only to individual researchers but to industry—UK-based SMEs and pharmaceutical and big tech companies—under controlled conditions. One of these conditions, as indicated by proposed new subsection (6), is to require a business model where income is generated for the relevant UK government department from access fees paid by authorised licence holders. Each government department should ensure that the public sector data it transfers to the national data library is classified as a sovereign data asset, which can then be accessed securely through APIs acting
“as bridges between each sovereign data asset and the client software of the authorized licence holders”.
In the time available, I will consider the Department of Health and Social Care. The report of the Sudlow review, Uniting the UK’s Health Data: A Huge Opportunity for Society, published last month, sets out what could be achieved though linking multiple NHS data sources. The Academy of Medical Sciences has fully endorsed the report:
“The Sudlow recommendations can make the UK’s health data a truly national asset, improving both patient care and driving economic development”.
There is little difference, if any, between health data being “a truly national asset” and “a sovereign asset”.
Generative AI has the potential to extract clinical value from linked datasets in the various secure data environments within the NHS and to deliver a step change in patient care. It also has the potential to deliver economic value, as the application of AI models to these rich, multimodal datasets will lead to innovative software products being developed for early diagnosis and personalised treatment.
However, it seems that the rush to generate economic value is preceding the establishment of a transparent licensing system, as in proposed new subsection (3), and the setting up of a coherent business model, as in proposed new subsection (6). As my noble friend Lady Kidron pointed out, the provisions in this amendment are urgently needed, especially as the chief data and analytics officer at NHS England is reported as having said, at a recent event organised by the Health Service Journal and IBM, that the national federated data platform will soon be used to train different types of AI model. The two models mentioned in the speech were OpenAI’s proprietary ChatGPT model and Google’s medical AI, which is based on its proprietary large language model, Gemini. So, the patient data in the national federated data platform being built by Palantir, which is a US company, is, in effect, being made available to fine-tune large language models pretrained by OpenAI and Google—two big US tech companies.
As a recent editorial in the British Medical Journal argued:
“This risks leaving the NHS vulnerable to exploitation by private technology companies whose offers to ‘assist’ with infrastructure development could result in loss of control over valuable public assets”.
It is vital for the health of the UK public sector that there is no loss of control resulting from premature agreements with big tech companies. These US companies seek privileged access to highly valuable assets which consist of personal data collected from UK citizens. The Government must, as a high priority, determine the rules for access to these sovereign data assets along the lines outlined in this amendment. I urge the Minister to take on board both the aims and the practicalities of this amendment before any damaging loss of control.
Lord Freyberg (CB)
My Lords, I support Amendment 211 moved by my noble friend Lady Kidron, which builds on earlier contributions in this place made by the noble Lords, Lord Mitchell, Lord Stevenson, Lord Clement-Jones, and myself, as long ago as 2018, about the need to maximise the social, economic and environmental value that may be derived from personal data of national significance and, in particular, data controlled by our NHS.
The proposed definition of “sovereign data assets” is, in some sense, broad. However, the intent to recognise, protect and maximise their value in the public interest is readily inferred. The call for a transparent licensing regime to provide access to such assets and the mention of preferential access for individuals and organisations headquartered in the UK also make good sense, as the overarching aim is to build and maintain public trust in third-party data usage.
Crucially, I fully support provisions that would require the Secretary of State to report on the value and anticipated financial return from sovereign data assets. Identifying a public body that considered itself able or willing to guarantee value for money proved challenging when this topic was last explored. For too long, past Governments have dithered and delayed over the introduction of provisions that explicitly recognise the need to account for and safeguard the investment made by taxpayers in data held by public and arm’s-length institutions and associated data infrastructure—something that we do as a matter of course where the tangible assets that the National Audit Office monitors and reports on are concerned.
In recent weeks, the Chancellor of the Exchequer has emphasised the importance of recovering public funds “lost” during the Covid-19 pandemic. Yet this focus raises important questions about other potential revenue streams that were overlooked, particularly regarding NHS data assets. In 2019, Ernst & Young estimated that a curated NHS dataset could generate up to £5 billion annually for the UK while also delivering £4.6 billion in yearly patient benefits through improved data infrastructure. This begs the question: who is tracking whether these substantial economic and healthcare opportunities are being realised? Who is ensuring that these projected benefits—both financial and clinical—are actually flowing back into our healthcare system?
As we enter the age of AI, public discourse often fixates on potential risks while overlooking a crucial opportunity—namely, the rapidly increasing value of publicly controlled data and its potential to drive innovation and insights. This raises two crucial questions. First, how might we capitalise on the upside of this technological revolution to maximise the benefits on behalf of the public? Secondly, and more specifically, how will Parliament effectively scrutinise any eventual trade deal entered into with, for example, the United States of America, which might focus on a more limited digital chapter, in the absence of either an accepted valuation methodology or a transparent licensing system for use in providing access to valuable UK data assets?
Will the public, faced with a significant tax burden to improve public services and repeated reminders of the potential for data and technology to transform our NHS, trust the Government if they enable valuable digital assets to be stripped today only to be turned tomorrow into cutting-edge treatments that we can ill afford to purchase and that benefit companies paying taxes overseas? To my mind, there remains a very real risk that the UK, as my noble friend Lady Kidron, rightly stated, will inadvertently give away potentially valuable digital assets without there being appropriate safeguards in place. I therefore welcome the intent of Amendment 211 to put that right in the public interest.
Data (Use and Access) Bill [HL] Debate
Full Debate: Read Full DebateDepartment: Department for Science, Innovation & Technology
Lord Tarassenko
Main Page: Lord Tarassenko (Crossbench - Life peer)Department Debates - View all Lord Tarassenko's debates with the Department for Science, Innovation & Technology
Data (Use and Access) Bill [HL]
Lord Tarassenko ExcerptsTuesday 28th January 2025
(3 days, 1 hour ago)
Lords ChamberRead Full debate Data (Use and Access) Bill [HL] 2024-26 Read Hansard Text Watch Debate Read Debate Ministerial Extracts Amendment Paper: HL Bill 57-II Second marshalled list for Report - (24 Jan 2025)
Lord Tarassenko (CB)
My Lords, I speak in support of the noble Baroness, Lady Kidron, on Amendment 58, to which I have also put my name. Given the time, I will speak only about NHS datasets.
There have been three important developments since the Committee stage of this Bill in mid-December: the 43rd annual J P Morgan healthcare conference in San Francisco in mid-January, the launch of the AI Opportunities Action Plan by the Prime Minister on Monday 13 January and the announcement of the Stargate project in the White House the day after President Trump’s inauguration.
Taking these in reverse chronological order, it is not clear exactly how the Stargate project will be funded, but several US big tech companies and SoftBank has pledged tens of billions of dollars. At least $100 billion will be available to build the infrastructure for next-generation AI, and it may even rise to $500 billion in the next four years.
The UK cannot match these sums. The AI Opportunities Action Plan instead lays out how the UK can compete by using its own advantages: a long track record of world-leading AI research in our universities and some unique, hugely valuable datasets.
At the JP Morgan conference in San Francisco, senior NHS management had more than 40 meetings with AI companies. These companies all wanted to know one thing: how and when they could access NHS datasets.
It is not surprising, therefore, that it was reported in November that the national federated data platform would soon be used to train different types of AI models. The two models mentioned were Open AI’s proprietary ChatGPT and Google’s medical AI, Med-Gemini, based on Google’s proprietary large language model, Gemini. Presumably, these models will be fine-tuned using the data stored in the federated data platform.
Amendment 58 is not about restricting access to UK datasets by Open AI, Google or any other US big tech company. Instead, it seeks to maximise their long- term value, driven by strategic goals rather than short-term, opportunistic gains. By classifying valuable public sector datasets as sovereign data assets, we can ensure that the data is made available under controlled conditions, not only to public sector employees and researchers but to industry, including US big tech companies.
We should expect a financial return when industry is given access to a sovereign dataset. A first condition is a business model such that income is generated for the relevant public body, in this case the NHS, from the access fees paid by the companies that will be the authorised licence holders.
A second condition is signposted in the AI Opportunities Action Plan, whose recommendations have all been accepted by the Government. In the third section of the action plan, “Secure our future with homegrown AI”, Matt Clifford, the author of the plan, writes that
“we must be an AI maker, not just an AI taker: we need companies … that will be our UK national champions … Generating national champions will require a more activist approach”.
Part of this activist approach should be to give companies and organisations headquartered in the UK preferential terms of access to our sovereign data assets.
These datasets already exist in the NHS as minimum viable products, so we cannot afford to delay. AI companies are keen to access data in the federated data platform, which is NHS England’s responsibility, or in the secure data environments set up by the National Institute for Health and Care Research, NIHR.
I urge the Government to accept the principles of this amendment as they will provide the framework needed now to support NHS England and NIHR in their negotiations with AI companies.
Lord Stevenson of Balmacara (Lab)
I have signed Amendment 58. I also support the other amendment spoken to by the noble Baroness, although I did not get around to signing it. They both speak to the same questions, some of which have been touched on by both previous speakers.
My route into this was perhaps a little less analytic. I used to worry about the comment lots of people used to make, wittily, that data was the new oil, without really thinking about what that meant or what it could mean. It began to settle in my mind that, if indeed data is an asset, why is it not carried on people’s balance sheets? Why does data held by companies or even the Government not feature in some sort of valuation? Just like oil held in a company or privately, it will eventually be used in some way. That releases revenue that would otherwise have to be accounted for and there will be an accounting treatment. But as an accountant I have never seen any company’s assets that ever put a value on data. That is where I came from.
A sovereign data approach, which labels assets of value to the economy held by the country rather than a company, seems to be a way of trying to get into language what is more of an accounting approach than perhaps we need to spend time on in this debate. The noble Baroness, Lady Kidron, has gone through the amendment in a way that explains the process, the protection and the idea that it should be valued regularly and able to account for any returns it makes. We have also heard about the way it features in other publications.
I want to take a slightly different part of the AI Opportunities Action Plan, which talks about data and states:
“We should seek to responsibly unlock both public and private data sets to enable innovation by UK startups and researchers and to attract international talent and capital. As part of this, government needs to develop a more sophisticated understanding of the value of the data it holds, how this value can be responsibly realised, and how to ensure the preservation of public trust across all its work to unlock its data assets”.
These are very wise words.
I end by saying that I was very struck by the figures released recently about the number of people who opted out of the NHS’s data collection. I think there are Members present who may well be guilty of such a process. I of course am happy to have my data used in a way that will provide benefit, but I do recognise the risks if it is not properly documented and if people are not aware of what they are giving up or offering in return for the value that will be extracted from it.
I am sure we all want more research and better research. We want research that will yield results. We also want value and to be sure that the data we have given up, which is held on our behalf by various agencies, is properly managed. These amendments seem to provide a way forward and I recommend them.