When I read in the pages of this newspaper this month that the Conservative Party was planning to transfer people’s health data to Google, my heart sank. The policy described was so naive I could only hope that it was an unapproved kite-flying exercise by a young researcher in Conservative HQ. If not, what was proposed was both dangerous in its own right, and hazardous to the public acceptability of necessary reforms to the state’s handling of our private information.
There are powerful arguments for people owning their own information and having rights to control it. There are massive weaknesses in the NHS’s bloated central database and there are benefits from using the private sector. But there are also enormous risks, so we are still a long step from being able to give personal data to any company, let alone Google. […]
Health information has to be secure, and should not be available to be used for commercial purposes. That means it should not be sold on, it should not be data mined for commercial insights, and it should not be used for targeted advertising. Furthermore, any companies allowed to hold this data must be required to do so on computers within the UK, with no possibility of transfer. This is the only way we can enforce UK privacy standards and laws. […]
There is value in letting people nominate where their personal data is to be kept. Ownership, control, and “property rights” in the trail of online information that makes up our virtual identities should rest with each individual. That is the only way we can navigate the world of opportunity and risk that the web offers.