Big Brother Watch has published a briefing note reviewing the issues with surveillance of communications data. Commenting on publication of briefing note Big Brother Watch said:
In the debate around state surveillance, we all too often we hear officials say that we have nothing to fear as only the communications data (or metadata) is examined, not the content of a communication. Big Brother Watch has therefore published a briefing not on why communications data matter.
In the briefing note you will find answers to questions like: what are communications data?; what can communications data reveal?; and how are communications data analysed?. We also include details of how communications data have evolved and whether the legal framework currently in place provides sufficient safeguards.
Caroline Molloy writes for Open Democracy about three amendments on care.data proposed by Professor Allyson Pollock and Peter Roderick:
To address concerns and ensure data is available for genuinely medical and public health purposes, the authors have drafted three amendments which they are urging the Lords to adopt:
“To keep confidential patient data in the public sector unless commercial organisations have express consent” and can demonstrate data are required for express medical purposes as set out in the law currently;
“To put the Caldicott Independent Oversight Panel on a statutory footing with a duty for its advice to be taken into account”, and
“To ensure independent or parliamentary oversight of directions to the Health and Social Care Information Centre and the accreditation scheme.”
Prof Pollock explains:
“These amendments will stop commercial exploitation of patient data and ensure there is proper scrutiny of commercial companies’ activities but they are still not sufficient to ensure full transparency over data flows, particularly to and among private companies. Further discussion and legislation are needed over the next six months to put an information system in place that deserves public confidence.”
It remains to be seen whether the Lords will adopt Pollock and Roderick’s amendments.
The full briefing note and proposed amendments are available on-line.
Olivia Solon writes in Wired:
Data relating to every school pupil in England is now available for use by private companies thanks to a change in legislation implemented last year.
The move is part of a wider government initiative to “marketise” data, which includes initiatives such as the much-criticised Care.data and the selling off of taxpayer data by HMRC.
Education Secretary Michael Gove launched a public consultation back in November 2012 on proposal to let the Department for Education share extracts from the National Pupil Database “for a wider range of purposes than currently possible” to “maximise the value of this rich dataset”.
The National Pupil Database (NPD) contains detailed information about pupils in schools and colleges in England, including test and exam results, progression at each key stage, gender, ethnicity, pupil absence and exclusions, special educational needs, first language.
The data have been collected since around 2002 and is now one of the richest education datasets in the world, holding what the government says is “a wide range of information about pupils and students” at different phases.
Extracts of the data are available for use by “any organisation or person who, for the purpose of promoting the education or wellbeing of children in England are: conducting research or analysis, producing statistics, providing information, advice or guidance.” Bespoke extracts are also available on request.
This might all seem quite non-controversial, but in light of stories about healthcare data misuse there may be some cause for concern.
Margaret McCartney, a general practitioner in Glasgow, writes in the British Medical Journal:
Why is care.data, the government’s flagship NHS patient data programme in England, floundering? It’s consent, stupid. Most citizens who were asked hadn’t heard of the scheme. Consent to upload individuals’ medical records was sought by sending a leaflet, which was typically lost among a heap of pizza delivery menus. People who had opted out of receiving junk mail did not get it at all.
The few who read the leaflet would have found that it didn’t even mention “care.data.” Also, it was heavy on assumed benefits (“find more effective ways of preventing, treating and managing illnesses”) but light on potential harms. It did not mention who would handle the data extraction (Atos), that records could be sold to private sector businesses, or the risk of re-identification by third parties and how this would be mitigated.