The Chair of the Health and Social Care Information Centre, Kingsley Manning, wrote to the Guardian this week to ask for “an intelligent, grown-up debate” about the sharing of GP-held health data with the HSCIC, so that it can then be accessed by researchers of various kinds. This bracing proposition was almost immediately undermined by NHS England’s launch of a video in which a woman with a London-based Civil Servant’s idea of a Northern accent cheerfully exhorts us to Trust The Government while some fake-smurfs do an NHS jigsaw. Even in his own letter, Manning showns the kind of debate he really wants to have by whining about semantics: “The data will be issued on a cost recovery basis and not “sold”.” If Manning is unwilling to accept the plain meaning of common words and thinks we’ll be convinced by some pious plasticene, the “debate” will remain the hurricane of bullshit it has been since the beginning.
I’ve opted out of care.data and that’s that. It’s none of my business what you do (but I have included links on how you can opt out at the end, if you want to). If you have opted out, fine. If you haven’t and don’t intend to, then you’re either basking in the warm glow of playing your part in a grand enterprise to save the lives of your fellow citizens, or the spreading warmth you’re experiencing is NHS England pissing contemptuously on your leg. Time will tell. But I believe that many of the people on Manning’s side of the argument (which is what it remains) are hurling around nonsense to make their case, so here’s my contribution. There are four assertions that I have a particular problem with, and this is why.
1) We’re all nice people and we’re definitely not going to do shit things with your data
The NHS leaflet states “Records are linked in a secure system so your identity is protected.” It is pointless to be sarcastic about the claim that a government IT project will be secure and will work as intended. Nobody believes this, right? If you don’t think that it will be hacked, will fall over, will end up riddled with inaccuracies and be a tempting target for thieves, I hope nobody ever fills you in about Father Christmas. That’s not the problem.
The problem with the leaflet is the specific nonsense, rather than the general. It mentions only “approved researchers”, rather than insurance companies and other private sector organisations. We are told “We sometimes release confidential information to approved researchers, if this is allowed by law”. The entire care.data wheeze wasn’t allowed by law a few years ago, and now it is. We’re not talking about tablets of stone. They’ve create the framework and make these promises now – if NHS England or someone else want to change the rules later, you didn’t opt-out so you’re stuffed. Even those of us who opt out are warned that our data could be shared if “allowed by law”.
After Leveson, the press relentlessly argued against the principle of state regulation for fear of what a future authoritarian government would do with such a lever. The mechanism for access to GP data exists; insurance companies will already get access in their guise as ‘approved researchers’. How hard is it to imagine a future government ‘allowing by law’ access to this data by the police, financial services and insurance companies, and a whole range of others? Think about the pile of data from a police perspective: access to information about every citizen in the country, all aggregated in one place? Don’t mind if I do!
This is not going to happen now; but if you haven’t opted out, your data will be aggregated with everyone else’s in one place, just waiting one of those magic laws that made this possible in the first place. We’ve experienced an authoritarian, surveillance-obsessed government desperate to court the private sector in very recent memory – what would Blair and John Reid have done with this?
2) You already do privacy invasive things to yourself, so you should let us do some
I remember sitting in a stuffy office six or seven years ago while a civil servant from the Department for Education (or whatever it was called then) cooed about the wonders of Contact Point (or whatever it was called then). When challenged about what parents would say – especially as they would be complaining to us the Council, not the faceless department – she was dismissive. All those parents have already got ClubCards – what’s the difference? Roy Lilley played this (Nectar) card in his blog, bewildered about the fuss. You give your data away all the time, so what is all the fuss about? This is just like having a loyalty card.
Care.data is nothing like having a Nectar Card. Sainsburys have not given themselves the legal power to force us all to have a Nectar Card, and then tossed out a poorly handled, badly-explained opt-out which many people won’t actually notice. Even if you opt into having a Nectar Card, you can opt-out of the marketing and some of the data sharing, while still enjoying the modest discounts. Admittedly, like care.data, all loyalty cards are sold in a disingenuous way – they don’t reward loyalty but pay a below market-value price for data about your shopping habits. But they are entirely optional and you can shop in the relevant stores without even having one. Oh, and Nectar collects data about shopping, not data about your health.
I don’t think people should use Facebook, especially not in the way they spray every last intimate detail of their private lives there. I don’t think people should announce on Twitter that they are on holiday (because burglars). I think people should close their curtains when they get changed (thinking of none of my neighbours in particular). But that shouldn’t feed a sense of entitlement. Quite the opposite; the state should be encouraging its citizens not to overshare, rather than using it as ammunition for a data grab. One pro care.data tweeter told me that if I was concerned about my privacy, I should stop using the internet. That’s right, because cookies using my browsing habits to show me adverts for things I bought two days ago is exactly analogous to information about my health being extracted and shared under rules I didn’t agree to, for purposes approved by unelected and unaccountable people I have never heard of. It’s the same. I feel so stupid now that you’ve explained it like that.
3) People won’t misuse data because it’s illegal
Lilley also raises the scary penalties argument, one also adopted on Twitter by Geraint Lewis, and by Manning’s Guardian letter. As Lilley puts it: “Does it mean an insurance company that also provides care could obtain it for one purpose and use it for another? If they did it would be a criminal and civil offence in law and someone would go to jail.” No breach or offence in DP is punishable with a jail term, and Lilley should have done his research before asserting this. And besides, the whole murder being illegal has been a roaring success.
Of course, you’re perfectly entitled to believe that commercial companies involved in this process will definitely not attempt to re-identify the individuals – assuming that they haven’t been given identifiable data in the first place – and furthermore, you are more than welcome to tell me with a straight face that Commercial Companies Don’t Do Bad Things Like That. Go on. With a straight face.
So back in the real world, for the criminal sanction to be used, firstly, the Information Commissioner would have to find out. Bear in mind, what commercial companies could do is not obvious or attention-grabbing; they could factor the data into already complex and multi-layered calculations about insurance, for example. People may see premiums go up, they may even be refused insurance altogether, but the companies are not going to admit how this happened and it will probably be impossible to prove. Even if the ICO had evidence – beyond a reasonable doubt – that the insurance companies were misuing the data, there would first be an argument about whether the data was personal at all, and even if the ICO made the case, it is technically impossible for anyone to go to jail because the punishment for a criminal breach is a fine.
Of course, the ICO could – again assuming by some unexplained set of circumstances that they find out – take action for a civil breach of the DPA’s first and second principles, something Lewis suggested that they would do. But the maximum current fine is £500,000, so assuming that the ICO enforced at the maximum level, it would still probably be worth their while. And lest we forget, the ICO has issued 45 CMPs, and only 7 have been against the private sector. They have never issued a CMP for a 1st or 2nd principle breach.
The ICO taking on massive private sector organisations with huge budgets, pursuing either criminal or civil enforcement that they have never attempted before in any context, wrestling with the slippery concept of pseudonymised data (which most people struggle to pronounce, much less understand), based on evidence that I have no idea how they would source: that’s what’s going to stop the misuse of data.
I’m reassured: you?
4) If you don’t like it, you can opt-out
I expect my opt-out to be temporary. I don’t believe the people who want to do this have any respect for my wishes, and at some point, they will change the rules. It will either happen because enough of us opt out now to skew the results, or because in a year or so, somebody in NHS England will be emboldened because nothing obvious has gone wrong.
I don’t say this because I think the people running this scheme are evil or conniving. It’s quite the opposite. It’s only because they’re not evil, only because they’re so convinced that they’re doing the right thing that they’re able to treat their fellow citizens with such disrespect. It’s the same mentality that allows charities to get overbearing drama students to bully people in the street to sign up to direct debits, despite the huge slice of the donation that usually goes upfront to the company the students work for. You knew that, right?
But we are where we are. Our most private data is taken without consent, and the best we get is a leaflet sneaked out with the takeaway dross and a patronising cartoon. Anyone who has opted out of the Royal Mail’s unaddressed mail deliveries won’t get the leaflet. UPDATE: as Doug Paulley pointed out to me, people living in care homes and shared accommodate won’t see the leaflet. Anyone who is sick of the endless tide of pizza menus and offers for Sky won’t notice the leaflet and will bin it without reading it. Anyone who reads it is told to ring or go to see their GP – that’s right, waste the precious time of a medical professional to ask their advice on a privacy-invasive wheeze that GPs didn’t ask for, and yet might be punished for if they don’t get right.
There is no “an intelligent, grown-up debate” here. At the stroke of a legislative pen, intimate details of every citizen who is not plugged in to what is happening will be taken and exploited (even if for good reasons) by an establishment clique. Even if it could be guaranteed that not one scrap of data would be lost or misused, such an audacious assault on a society’s privacy should only be contemplated with permission. And the possibility of asking us for consent has never been on the table. Not for a moment. Instead, the fine folk who are running this scheme have treated their fellow citizens like children; there is no attempt to persuade, just a decision that because they can do this, they will.
UPDATE: I ranted all the way through this and didn’t include two crucial things: the addresses of those advising you how to opt out. Look at www.care-data.info or www.medconfidential.org. I included a stamped plain postcard with my opt-out letter and asked my GP to send it back to me to confirm receipt. They were kind enough to do so. Some practices are offering opt-outs online or accepting them via email.