Agent M
Proud Member
I wouldn’t trust Google with my personal info
My party would be mad to give control of sensitive records to an internet giant notorious for ignoring privacy concerns
When I read in the pages of this newspaper this month that the Conservative Party was planning to transfer people’s health data to Google, my heart sank. The policy described was so naive I could only hope that it was an unapproved kite-flying exercise by a young researcher in Conservative HQ. If not, what was proposed was both dangerous in its own right, and hazardous to the public acceptability of necessary reforms to the state’s handling of our private information.
There are powerful arguments for people owning their own information and having rights to control it. There are massive weaknesses in the NHS’s bloated central database and there are benefits from using the private sector. But there are also enormous risks, so we are still a long step from being able to give personal data to any company, let alone Google.
Google is the last company I would trust with data belonging to me. In the words of human rights watchdog Privacy International, Google has “a history of ignoring privacy concerns. Every corporate announcement has some new practice involving surveillance”. It gave Google the lowest possible assessment rating: “hostile to privacy”. It was the only company of the 20 assessed to get this rating. It also said Google was leading a “race to the bottom” among internet firms, many of which did little to protect their users.
This highlights how careful we must be in using private companies to handle personal data. Actual and potential misuse of such data will be a recurrent public concern of the next several decades. This is because of the huge commercial value of a near-monopoly internet presence, combined with legally unfettered use of personal data. This is what gives Google a market capitalisation of $130 billion (£79 billion). It represents the value of exploiting its customers’ private data for commercial ends.
There is little the state can do about this. It cannot cut back Google’s monopoly, because it arises properly from the fact that Google provides a service people want. The state should impose some limits on how personal data is managed, anonymised and used, but that is a slow, technically difficult and international process. We should not disapprove of the profitability of Google, but we should recognise that the size of its profits have a dramatic effect on corporate behaviour.
It was the prospect of huge profits that pushed Google into its amoral deal with China and drove its high- handed approach to the intrusion on people’s privacy with Streetview. These profits also explain its cavalier approach to European legislation (which it claims does not apply to it). This means we have to be rigorous about how we allow any private- sector operator to manage state-originated personal data.
A Conservative spokesman was quoted last week as saying: “We fully expect that there will be multiple providers that will almost certainly be free to users.” If so, the question arises of how the providers will pay for it. It should not be possible to make money out of holding health data. Health information has to be secure, and should not be available to be used for commercial purposes. That means it should not be sold on, it should not be data mined for commercial insights, and it should not be used for targeted advertising.
Furthermore, any companies allowed to hold this data must be required to do so on computers within the UK, with no possibility of transfer. This is the only way we can enforce UK privacy standards and laws. Paradoxically, such a contract might be of no interest to Google, because it denies the opportunity to profit from data exploitation. If a new government is not careful about these so-called “post-bureaucratic” policies, data-loss and data-misuse scandals will kill public confidence in it. This would be a tragedy.
There is value in letting people nominate where their personal data is to be kept. Ownership, control, and “property rights” in the trail of online information that makes up our virtual identities should rest with each individual. That is the only way we can navigate the world of opportunity and risk that the web offers. It is also a good idea to have competitive private sector companies, holding your secure data. Indeed, it is sensible to have many companies, since financial data is better kept in a separate place to medical data.
Commercial companies are not perfect, but they have a greater incentive to protect your data. One successful class-action suit for losing or abusing data could bankrupt a company. The reputational damage could certainly cripple it. So they will try harder than any government to avoid disastrous failures like HMRC’s loss of 25 million personal records.
So private companies are better than the state, but they are not saints. Accordingly, before any government privatises personal data management, we should be clear about the rules and the structure. The protection of the individual’s right to control his or her own data must be plain and strong. An individual is unlikely to mount, let alone win, a legal challenge against a large corporation unless that is so.
That is so even for their personal “commercial” data, such as shopping patterns. When it comes to more private information such as health records or tax-and-benefit history, we should go one step further and learn from the financial crash of the past two years. The financial “masters of the universe” were allowed to be too big to challenge, and too big to fail. Only three years ago, they were “cool”. Now they cripple our economy with their incompetence.
It is a similar situation with the companies we eventually entrust with our personal data. They have to be subject to personal, judicial, and national influence. They should not be beyond control. So when we are handing out these state contracts, being a multinational mega- corporation is for once a competitive disadvantage. Google need not apply.
David Davis is Conservative MP for Haltemprice & Howden
http://www.timesonline.co.uk/tol/comment/columnists/guest_contributors/article6728116.ece
My party would be mad to give control of sensitive records to an internet giant notorious for ignoring privacy concerns
When I read in the pages of this newspaper this month that the Conservative Party was planning to transfer people’s health data to Google, my heart sank. The policy described was so naive I could only hope that it was an unapproved kite-flying exercise by a young researcher in Conservative HQ. If not, what was proposed was both dangerous in its own right, and hazardous to the public acceptability of necessary reforms to the state’s handling of our private information.
There are powerful arguments for people owning their own information and having rights to control it. There are massive weaknesses in the NHS’s bloated central database and there are benefits from using the private sector. But there are also enormous risks, so we are still a long step from being able to give personal data to any company, let alone Google.
Google is the last company I would trust with data belonging to me. In the words of human rights watchdog Privacy International, Google has “a history of ignoring privacy concerns. Every corporate announcement has some new practice involving surveillance”. It gave Google the lowest possible assessment rating: “hostile to privacy”. It was the only company of the 20 assessed to get this rating. It also said Google was leading a “race to the bottom” among internet firms, many of which did little to protect their users.
This highlights how careful we must be in using private companies to handle personal data. Actual and potential misuse of such data will be a recurrent public concern of the next several decades. This is because of the huge commercial value of a near-monopoly internet presence, combined with legally unfettered use of personal data. This is what gives Google a market capitalisation of $130 billion (£79 billion). It represents the value of exploiting its customers’ private data for commercial ends.
There is little the state can do about this. It cannot cut back Google’s monopoly, because it arises properly from the fact that Google provides a service people want. The state should impose some limits on how personal data is managed, anonymised and used, but that is a slow, technically difficult and international process. We should not disapprove of the profitability of Google, but we should recognise that the size of its profits have a dramatic effect on corporate behaviour.
It was the prospect of huge profits that pushed Google into its amoral deal with China and drove its high- handed approach to the intrusion on people’s privacy with Streetview. These profits also explain its cavalier approach to European legislation (which it claims does not apply to it). This means we have to be rigorous about how we allow any private- sector operator to manage state-originated personal data.
A Conservative spokesman was quoted last week as saying: “We fully expect that there will be multiple providers that will almost certainly be free to users.” If so, the question arises of how the providers will pay for it. It should not be possible to make money out of holding health data. Health information has to be secure, and should not be available to be used for commercial purposes. That means it should not be sold on, it should not be data mined for commercial insights, and it should not be used for targeted advertising.
Furthermore, any companies allowed to hold this data must be required to do so on computers within the UK, with no possibility of transfer. This is the only way we can enforce UK privacy standards and laws. Paradoxically, such a contract might be of no interest to Google, because it denies the opportunity to profit from data exploitation. If a new government is not careful about these so-called “post-bureaucratic” policies, data-loss and data-misuse scandals will kill public confidence in it. This would be a tragedy.
There is value in letting people nominate where their personal data is to be kept. Ownership, control, and “property rights” in the trail of online information that makes up our virtual identities should rest with each individual. That is the only way we can navigate the world of opportunity and risk that the web offers. It is also a good idea to have competitive private sector companies, holding your secure data. Indeed, it is sensible to have many companies, since financial data is better kept in a separate place to medical data.
Commercial companies are not perfect, but they have a greater incentive to protect your data. One successful class-action suit for losing or abusing data could bankrupt a company. The reputational damage could certainly cripple it. So they will try harder than any government to avoid disastrous failures like HMRC’s loss of 25 million personal records.
So private companies are better than the state, but they are not saints. Accordingly, before any government privatises personal data management, we should be clear about the rules and the structure. The protection of the individual’s right to control his or her own data must be plain and strong. An individual is unlikely to mount, let alone win, a legal challenge against a large corporation unless that is so.
That is so even for their personal “commercial” data, such as shopping patterns. When it comes to more private information such as health records or tax-and-benefit history, we should go one step further and learn from the financial crash of the past two years. The financial “masters of the universe” were allowed to be too big to challenge, and too big to fail. Only three years ago, they were “cool”. Now they cripple our economy with their incompetence.
It is a similar situation with the companies we eventually entrust with our personal data. They have to be subject to personal, judicial, and national influence. They should not be beyond control. So when we are handing out these state contracts, being a multinational mega- corporation is for once a competitive disadvantage. Google need not apply.
David Davis is Conservative MP for Haltemprice & Howden
http://www.timesonline.co.uk/tol/comment/columnists/guest_contributors/article6728116.ece