Guest blog: Lord Clement-Jones on protecting and valuing our healthcare data

With the EU/UK negotiations on a knife edge, the recent conclusion of a UK/Japan trade agreement, consultation on a National Data Strategy and the current passage of a Trade Bill through parliament, data issues are front and centre of policy making.

NHS data in particular of course is a precious commodity especially given the many transactions between technology, telecoms and pharma companies concerned with NHS data. EY in a recent report estimated the value of NHS data could be around £10 billion a year in the benefit delivered.

The Department for Health and Social Care is preparing to publish its National Health and Care Data Strategy in the New Year, in which it is expected to prioritise the “Safe, effective and ethical use of data-driven technologies, such as Artificial Intelligence, to deliver fairer health outcomes”. Health professionals have strongly argued that free trade deals risk compromising the safe storage and processing of NHS data.

The objective must be to ensure that the NHS and not the US big tech companies and drug giants reap the benefit of all this data. Harnessing the value of healthcare data must be allied with ensuring that adequate protections are put in place in trade agreements if that value isn’t to be given or traded away.

There is also the need for data adequacy to ensure that personal data transfers to third countries outside the EU are protected, in line with the principles of the GDPR. Watering down the UK’s data protection legislation will only reduce the chances of receiving an adequacy decision.

There is also a concern that the proposed National Data Strategy will lead to the weakening of data protection legislation, just as it becomes ever more necessary for securing citizens’ rights. There should however be no conflict between good data governance and economic growth and better government through effective use of data.

The section of the Final Impact Assessment of the Comprehensive Economic Partnership Agreement between the UK and Japan, which deals with Digital trade provisions, says that the agreement “contains commitments to uphold world-leading standards of protection for individuals’ personal data, in line with the UK’s Data Protection Act 2018, when data is being transferred across borders. This ensures that both consumer and business data can flow across borders in a safe and secure manner.”

But the agreement has Article 8.3 a which appears to provide a general exception for data flows where this is “necessary to protect public security or public morals or to maintain public order or…… to protect human, animal or plant life or health”. So, the question has been raised whether this will override UK data protection law and give access to access to source code and algorithms.

To date there have been shortcomings in the sharing of data between various parts of the health service, care sector and civil service. The process of development of the COVID 19 App has not improved public trust in the Government’s approach to data use.

There is also a danger that the UK will fall behind Europe and the rest of the world unless it takes back control of its data and begins to invest in its own cloud capabilities.

Specifically, we need to ensure genuine sovereignty of NHS data and that it is monetized in a safe way focused on benefitting the NHS and our citizens.

With a new National Data Strategy in the offing there is now the opportunity for the government to maximize the opportunities afforded through the collection of data and position the UK as leader in data capability and data protection. We can do this and restore credibility and trust through:

• Guaranteeing greater transparency of how patient data is handled, where it is stored and with whom and what it is being used for especially through vehicles such as data trusts and social data foundations
• Appropriate and sufficient regulation that strikes the right balance between credibility, trust, ethics and innovation
• Ensuring service providers that handle patient data operate within a tight ethical framework
• Ensuring that the UK’s data protection regulation isn’t watered down as a consequence of Brexit or through trade agreements
• Making the UK the safest place in the world to process and store data. In delivering this last objective there is a real opportunity for government to lead by example–not just the UK, but the rest of the world by developing its own sovereign data capability.

Retention of control over our publicly generated data, particularly health data, for planning, research and innovation is vital if the UK is to maintain the UK’s position as a leading life science economy and innovator and that is where as part of the new trade legislation being put in place clear safeguards are needed to ensure that in trade deals our publicly held data is safe from exploitation except as determined by our own government’s democratically taken decisions.

Lord Clement-Jones’ blog follows guest contributions from cross-bench peer Lord Freyberg and GE Healthcare’s John Kalafut.