If the government wants people to use the coronavirus app and save lives, it must answer questions on privacy first

Sign up for the View from Westminster email for expert analysis straight to your inbox

Get our free View from Westminster email

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Coronavirus has upended our economy and the way we live our lives. Unless coronavirus is tackled, we face the threat of not only a second peak, but of multiple peaks killing tens of thousands of people over a prolonged period. Technology has the power to help us tackle the pandemic, with AI supporting the detection of symptoms or collecting smart data to inform NHS resourcing decisions. It’s right for the government to harness technology to crack the pandemic, but its approach could fatally undermine public confidence.

Enter Palantir, a highly controversial company founded by right-wing libertarian Peter Thiel. Palantir’s digital profiling tools are used by Donald Trump’s notorious Immigration and Customs Enforcement (ICE) division which apprehends and deports undocumented migrants in their workplaces, many of whom are then forcibly separated from their families. Migrant rights groups in the US describe Palantir’s actions as contributing to the violation of fundamental human rights, which Palantir denies. It is this company that the UK government has asked to develop their response to coronavirus, including taking data points from across the NHS using anonymised patient data.

The companies that the UK government has engaged to develop their response to coronavirus and the fundamental lack of transparency around the data they are using will give credence to conspiracy theorists and state propagandists that are enjoying a revival of fortunes since the pandemic struck.

This is happening just as the government is launching its NHS app. Public confidence in the NHS app needed to be earned: after all, the aim was for as many of the population as possible to voluntarily download and use it. The University of Oxford’s Big Data Institute estimates that 56 per cent of the general population will need to download and use the app for it to be effective. Because not everyone has a smartphone, 80 per cent of all smartphone users will need to download the app. Yet the government is failing to answer fundamental questions about how the app will access our private data, who has access to it and how our data will be processed. Parliament was told on Monday that there still has been no data protection risk assessment for the app, even though the launch is due to launch on the Isle of Wight imminently.

It is also concerning that the app has been developed using a highly centralised system, with the NHS app working with a central database to track contact between people. In other countries, the apps work by storing the contact between people (using Bluetooth technologies) on the individual’s smartphone and only in the instance where someone tests positive for coronavirus is the data used to tell others they may have been infected. The UK government is building a major centralised database of who we contact, or have proximity to, and when, without even an assessment of the risks.

A coalition of privacy groups has written to the government asking questions as to how our data is going to be processed during the pandemic. There are some worrying gaps in what we, the public, know about the app. For instance, will Palantir retain the NHS data analysis or insights gleaned from their contract once the app is no longer used? Can Palantir use the data gathered from the app to inform their big database projects as Palantir Gotham? How can Palantir use the insights gleaned from their databases for future clients?

And why, according to reports, is Palantir spending an estimated £88,000 a week on this NHS contract, but only charging the NHS £1? Perhaps, as many contractors will do, they are working on a time critical project that hasn’t been tendered for in good faith in order to secure future work. This is entirely legitimate. Or perhaps Palantir sees the data gathered by this exercise as infinitely more valuable than their expensive time commitment? Data is the next trillion dollar industry.

The risk is the public don’t engage with the NHS app. The future of the NHS will lie with us, as citizens, sharing more of our data, our DNA and our behaviour in order for smart treatments to emerge for existing and new diseases. Data sharing has enormous practical benefits and is likely to be one of the key ways in which we unlock our understanding of diseases.

The NHS enjoys high levels of public support precisely because it is a national asset. Our data should also be seen as a common resource, and harnessed as a national asset for the public good. If we can harness the power of the state to build new hospitals such as NHS Nightingale in a week and tackle a pandemic, why do we need private companies to build these databases and develop the capacity modelling? If British scientists can crack the human genome and make it open source for humanity, surely we can work on beating the pandemic in the same spirit? If the government’s existing digital team can build a database to handle the personal data of six million furloughed workers in days, why can’t the government handle a technically similar database project?

I don’t envy Matt Hancock who has arguably the most demanding job in Britain right now. I do not believe the government has behaved with bad faith in their engagement with Palantir. Yet, with so many unanswered questions, it is concerning that public trust in a separate project, the app, could be eroded by the lack of transparency on another project.

In the end, an app that is meant to demonstrate how technology can support the NHS may end up fatally undermining public trust in it – and that will, in the long term, cost lives.