Data Protection Bill

Written evidence submitted by Future Care Capital (DPB04)

Dear Sir/Madam

Re Data Protection Bill

Future Care Capital is a national charity committed to engaging, educating and involving every generation in the development and delivery of unified health and care provision. We are a policy and advocacy charity that is also setting up an Innovation Fund for societal benefit. We work to achieve better outcomes for those in receipt of care by advocating a step-change in health and care. The core basis for our position on the Data Protection Bill was established in our report last year, Intelligent Sharing: unleashing the potential of health and care data, which pointed toward the scope for a new ‘digital contract’ between individuals, business and the Government. In particular, we advocated a balance between harnessing ‘data for good’ to further research, innovation and growth, whilst safeguarding individuals through the championing of the highest ethical standards.

Data Sets of National Significance

We welcomed the introduction of amendments concerning ‘data sets of national significance’ that were accepted during Report Stage of the Data Protection Bill in the House of Lords but are concerned that the provisions may be lost when the Bill is discussed in the House of Commons.

The provisions will, if retained, require the Information Commissioner’s Office to maintain a register of publicly controlled personal data of national significance, and prepare a code of practice which contains practical guidance in relation to personal data of national significance. Any such register will almost certainly impact health data controlled by public bodies to the extent that the UK benefits from unique health data sets which are of interest to researchers right around the world. Meanwhile, the Code must provide best practice guidance in relation to information sharing agreements which should serve to increase transparency and build public trust, as well as introduce greater consistency to initiatives that involve publicly funded data controllers working with third parties.

Such a Code would also provide guidance in relation to value for money calculations and could ensure that HM Treasury’s Green Book is updated to reflect intangible asset holdings that are controlled by public bodies. This means going beyond mere financial value to take into consideration the social, economic and environmental value which properly underpins ‘public benefit’ in relation to health data set analysis and usage. The wording of the provisions is therefore welcome because financial value will not always and necessarily outweigh other considerations where the prospect of significant health or care benefits is concerned. The additional requirement of the Code concerning guidance about securing financial benefits from information sharing agreements is, nonetheless, important and, not least, for those reasons cited by the Economics Editor for The Times recently in his timely article on the subject: https://www.thetimes.co.uk/edition/business/data-could-be-a-huge-source-of-funding-for-the-nhs-and-we-are-about-to-give-it-away-kb0w9nr8m

It is, therefore, concerning that the Information Commissioner’s Office should have released a briefing in advance of the Bill’s Second Reading in the House of Commons in which she states: "…she is not best placed to advise on ‘value for money’ and securing financial benefits from the sharing of such personal data with third parties for the purposes of processing or developing associated software." The argument for these amendments is clear and the Information Commissioner, herself, acknowledges as much to the extent that she also writes: "The clause raises important issues and these may become more pressing in future as technology develops and individuals become more aware of where their data is held and how it is put to particular uses." Who, then, should assume responsibility for safeguarding health and care data as a national asset - both in the public interest and for public benefit?

We would encourage you to consider whether HM Treasury might be best placed to develop the Code in the event that the Government moves to amend or remove these important provisions from the Bill having reflected upon the Information Commissioner’s briefing note. Alternatively, it may be that the new Ministerial Data Strategy Board which has been established to ensure a coordinated and aligned approach across key health and care data initiatives should take a lead working with the National Data Guardian.

Algorithmic Fairness and Access to Health and Care Services

In our report Securing the Future, a compendium of expert contributions that explored the future of health and care from a range of perspectives, we incorporated a contribution from Professor Bertie Muller – an Artificial Intelligence expert – who explored technological advancements that are expected to transform services and improve health and care outcomes over the years ahead. Professor Muller’s assessment of developments as broad-ranging as artificial intelligence, robot surgeons, nano-implants and automated vehicles suggests that technology harbours significant disruptive potential. He was, nonetheless, concerned about a ‘darker side’ to developments and, as such, recommended that action be taken to ensure the general public and ethical frameworks keep pace with them. There is, otherwise, the scope for our social contract that is premised upon tax and entitlements to become one that is ‘machine-tested and verified’ in the future.

We are concerned about the safeguards attaching to automated decision-making in the context of access to health and care services - they appear to run wholly counter to the phrase ‘no decision about me without me’. In particular, we believe current provisions are insufficient if the intention is to guard against the ‘machine-testing’ of access rights to publicly funded health and care products and services in future. We would, therefore, welcome the introduction of provisions designed to ensure that the processing of personal data by automated or structured processing is never the sole means of determining a person’s eligibility for health or social care or, at the very least, may be challenged in some meaningful sense to avoid a situation whereby an individual or group might be faced with an automated ‘denial of service’ without some means of appeal and/or redress.

The Data Rights of Vulnerable Adults and their Carers

The Bill should do more to protect vulnerable adults who might lack the capacity to provide explicit consent for their data to be collected and/or processed by virtue of a learning disability or cognitive impairment such as dementia. The SafeSurfing project revealed that most people with a learning disability are unaware of the dangers they face when sharing their personal information online, whilst others report difficulties in understanding terms and conditions and fully comprehending the services they were subscribing to (Mencap).

Here, the Bill should have regard to the Mental Capacity Act (2005), but it could go further to promote inclusivity and established accessibility standards. We believe the Bill could also usefully include measures to help address the challenges that carers increasingly face in liaising with service providers on behalf of those they care for. We welcomed a related amendment moved by Lord Clement-Jones and Lord Paddick during discussion of the Bill at Committee Stage in the House of Lords, and we are concerned that this issue was subsequently lost when the Government omitted to outline the steps that it is taking to safeguard vulnerable adults whilst empowering their carers in its formal response to Peers. We believe that this highlights a serious omission in those rights to be enshrined in law when the Bill is enacted, and we would urge you to consider what additional steps could be taken to recognise the growing number of people affected.

Enabling Data Philanthropy

In our report Intelligent Sharing, we made a number of recommendations appertaining to the promotion of ‘data philanthropy’, in recognition of the tangible benefits that could flow from a growth in trusted health and care data processing by a range of organisations engaged in research and innovation.

Our recommendations included:

- expanding the opportunity for data subjects to contribute health and care data to records and other data sharing initiatives;

- establishing a new National Health and Care Data Donor Bank, to coordinate data gifted by the public and help improve the alignment of research to clinical need; and

- exploring the development of a ‘gift-aid’ style scheme for health and care data, encouraging individuals to make health and care data donations to better enable research and innovation.

During the Bill’s Second Reading, Baroness Neville-Jones helpfully asked the Government to "think about the possibility that they should allow for the creation of governance and accountability regimes that will fit special circumstances" – adding that "the existence of the Information Commissioner should not result just in enforcing the law effectively and well; it should provide an opportunity for creativity under her auspices and the ability to create variations on governance regimes where they are needed". We support this sentiment and provisions that would render feasible the creation of what we referred to in our report as ‘data cooperatives’, ‘data communities’ and ‘data collaboratives’ for health and care, underpinned by ‘data philanthropy’ and creative approaches to lawful consent.

There is a further issue, here, surrounding the scope to facilitate ‘data philanthropy’ through the introduction of a ‘gift aid’ style scheme, such that we would be supportive of additional measures to supplement data portability provisions in the Bill. Specifically, we would welcome measures enabling individual data subjects to donate the data they consent to provide to a service provider onwards – to circumscribed third parties – in the interests of furthering research and innovation in health and care.

At the very least, we believe that either the Information Commissioner’s Office or the National Data Guardian should be required to investigate the circumstances in which it may be appropriate to invite the giving of explicit consent to the processing and pooling of personal data for the purposes of research and innovation in health or social care. However, MPs could go further and introduce provisions for ‘trusted data exchanges’ to be recognised in law as not-for-private-profit vehicles designed to safeguard data donated for the purposes of transforming health and care outcomes. This would constitute a bold move and attest to their ambition to support the evolution of public, private and third sector organisations alike in the digital age.

If you require further information about any of the issues raised above, please do not hesitate to contact me.

Annemarie Naylor MBE DU Essex (Hon.)

Director of Policy, Future Care Capital

March 2017