As legislation comes under Lords scrutiny today, campaigners, citing parliamentary committee concerns, warn broadness of regulations threatens numerous care.data-style privacy complications
Privacy campaigners are urging the government to drop an entire section from the Digital Economy bill that it argues will undo "slow, but painful" progress made in controlling patient information by removing scrutiny and oversight of citizen's rights to approve how their details may be shared.
The bill, which is intended to set out a national strategy for digital transformation, the sharing of data to support public services, broadband provision and age verification functions, today faces committee stage scrutiny in the House of Lords with changes then set to potentially be recommended to parliament.
Academics, parliamentarians and, it is understood, parts of government have increasingly raised concerns about demands within the proposed legislation that has already seen some 130 amendments tabled. Strong concerns in particular have been levelled at how information can be shared between the government, the wider public sector and private organisations.
From the perspective of a Delegated Powers and Regulatory Reform Committee report published last month, concern was raised that clause 30 in the bill would grant government minutes "untrammelled powers" to set out non-specific purposes of how the information can be disclosed or used.
"Although this is not stated expressly in the explanatory notes accompanying the bill or in the delegated powers memorandum, we infer that at least some of the clauses in [part 5 of the proposed legislation] are intended to supersede existing and more specific information-sharing gateways," the report said.
Phil Booth, coordinator of the MedConfidential pressure group, has warned that the wide-ranging consequences of clause 30 in the bill, and the committee's related concerns, highlighted significant concerns that threaten to undermine years of work relating to setting policy for patient information in the NHS.
He warned that while government has denied that health data will be affected, the broad nature of the clause will radically change how the public sector can be copied and used in the public sector.
An outspoken critic of previous government and NHS data sharing strategies like the care.data programme that sought to create a dataset of information extracted from GP records before being cancelled, Booth argued that accountability for how citizen data was used upon accessing public services would be undermined.
In allowing ministers to become effective data controllers of information they receive by copying from other departments, he said a failure to require a clear purpose and end point for each specific transaction would ensure little to no mapping of where data was travelling across government and beyond.
Without requiring to specify why data is being received and by whom in government, MedConfidential alleges that overall accountability and guarantees that a citizen's data will not be arbitrarily available to departments and third parties would not be possible to be enforced.
With Paul Maltby, the Government Digital Service (GDS) director of data leaving his role in December at the end of his contract, Booth said that clear strategic leadership was missing to outline how Whitehall could share information to inform and improve public service provision. This is required to meet wider Whitehall aims to end a silo culture in government with how departments pool together and share information through uses of common registers.
Booth has argued that the issues that saw the UK national data guardian Dame Fiona Caldicott recommending the end of care.data project due to privacy concerns would be reborn at an individual ministry level without improved clarity.
This in turn led to a consultation being established to look at future directions for patient data sharing programmes and how individuals should be informed about them, particularly around models of consent from patients.
While this thinking is yet to be finalised, Booth maintained that the criticisms levelled at clause 30 of the Digital Economy bill reflected growing concerns that the "slow, but painful" process of Caldicott's review of data sharing and subsequent work might be undermined by Whitehall policy.
Booth alleged that a previous attempt to set out a new GDS strategy before the New Year, which would include setting out clearer guidelines or policy for an information sharing strategy had been deemed too vague by the Prime Minister's Office.
He claimed that the reliance on the current draft of the Digital Economy bill would make ministers of state, with the exception of the Department of Health, data controllers for information, putting overall responsibility on Prime Minister Theresa May for what can be shared.
"Number 10 vetoed the last attempt at a strategy, so the PM is unlikely to be pleased when she learns GDS's current failure leaves her as data controller in chief, if clause 30 passes," Booth argued.
"Departmental conflicts might be ignored by the Cabinet Office but it's the controller in chief who'll be counting the cost of data copying as care.data type failures proliferate across government."
The Cabinet Office has said that the publication of the new GDS strategy was expected to be unveiled by Cabinet Office minister Ben Gummer this week.