'Biggest data grab' in NHS history stuffs GP records in a central store for 'research' – and the time to opt out is now The NHS is preparing for the "biggest data grab" in the history of the service, giving patients little information or warning about the planned transfer of medical records from GP surgeries in England to a central store for research purposes – and with no prospect of the data being deleted. Campaigners and doctors have …
I'm pretty sure all that inconvenience will be scrapped as soon as they realise that it's getting in the way of their hugely remunerated post-government directorships.
This is a hugely stupid thing for them to be doing, which could end up leaving us helplessly vulnerable to no end of exploitaion for the rest of our lives.
I can understand that but when you've worked in a trust that decided to ignore the advice of the IT department when it wanted to get rid of some old hard drives, despite them giving them details of a company that would shred them securely and give a certificate. They choose to ignore this as "We want it done now, we don't want to wait".
They turned up later on ebay. Someone bought them, found unencrypted patient data on them which also IDed the trust and hospital. The hospital was then hit with the biggest fine in the UK.
So no thanks.
Yep. Even more annoying when I suggested long before that "Why don't we get our own drive crusher. Then all controlled internally and done properly". I was a low down temp so was ignored with mutterings by them of "waste of money".
Several years after the incident I find they have bought in their own drive crusher and are very strict with it. Funny that.
Reminds me of one manager saying "I don't want anyone doing "quick win tickets anymore" you need to work on all tickets but prioritise the "low hanging fruit" tickets". I couldn't keep quiet. "They mean the same thing." No that don't he kept saying. I gave up arguing as he was never going to admit they do. Fuck whit.
Reading This Is Going to Hurt, although from the viewpoint of a junior doctor and they get it worse. It so reminds me of the mentality of IT management at all NHS trusts.
"We are taking the overnight beds away for the junior doctors" ignoring the fact they tend to have to work way over their allotted hours.
"Staff car park isn't own by us. Speak to the parking company that gave you the fine while you were delivering babies"
"We need to save money so taking away your staff cantine and leaving you with just a vending machine instead"
Arseholes.
Exactly...we need a policy of zero tolerance on this.
Anyone, absolutely anyone found accessing records they shouldn't be, or leaving USBs on trains etc. should be dismissed instantly with no chance of re-employment in the health system ever. Applied to all, from the lowliest support staff up to the best brain surgeon in the country.
You miss the point then about data being outside the NHS.
I opted out of internal data sharing - which causes problems - simply because thats the only way to stop it being shared worldwide. There needs to be something other than "GP only" "everyone and his elephant" which are the only models the NHS uses.
You don't but where is your data now? It' with your last GP practice so send the form the them with a note telling them you are no longer a patient but you don't want your data shared. Though your comment raises an interesting question. If I opt out with my current GP how do I know every other doctors I've been registered and still probably hold my information won't share it? Will this be active patients only or all data? I think it will be the latter.
@ Zippy´s Sausage Factory
Easy enough if you use a VPN, (they block external ip addresses) use this link and also use your NHS number, you don't need anything else, and go through the options.
https://www.nhs.uk/your-nhs-data-matters/manage-your-choice/
in my case they already had my opt out saved from the first time they tried this bollocks but it's worth doing it again to be sure. (I left the UK for good a few years ago).
Hi Zippy´s Sausage Factory...can i bring to your attention and others this nhs-data-matters is only for hospital/clinic info...you need to complete an opt out form from which you have to return to your GP surgery...cant be done online..lots of people are currently being mislead about this. The opt out 1 form has a closing date for 1st sept but theres speculation that it will be closed from 25th august the week before as in the earlier case of 23rd june for the 1st july close off. However, i am hearing so many GP surgeries making it nigh on impossible to get the data to them..not supplying their email address, not acknowledging data forms being sent, not accepting the forms at the surgery (unless you had an appointment to see gp - which is incredibly hard to get)... but please pass the word around it is not the link you refrence above that needs urgently completed..its the opt out1 form read the following https://medconfidential.org/how-to-opt-out/
Don't even have to move abroad for there to be issues and questions.
If you left England for Northern Ireland, Scotland or Wales, and your new GP surgery did get your medical records, you might think yourself in the clear.
But both I and my partner have definitive proof the old GP surgery in England retained data. We got things like SMS reminders!
If you visit NHS Digital's website, it actually takes quite some effort to identify whether it is UK-wide or just England. Yes, you can see the word "England" but not in a context which makes it clear whether this data transfer issue is confined or not. After all, the NHS Covid-19 app actually covers England and Wales so there is at least some lack of clarity.
If it involves your *direct care*, you're ok and that info is shared. It's research that is *not* specific to you, involves projects that are given to commercial companies (like Palantir has been given data) etc, that is at stake here.
And quite frankly, they do *not* need information that is not directly medical, and can get stuffed.
They already have near total shared information within the NHS. That how they can effectively deliver care when needed like in your case. This is asking for that information to be shared outside the NHS with zero benefit to any of us other than those making money off of it.
'If you read the NHS announcements, it puts this data into the "significant national interest" exemption of GDPR'.
Slimy bar stewards!
Did they overlook that the exemption is intended to apply to the interests of *this* nation?
Or were they thinking of the interests of other nations - you know: the sort whose businesses might benefit by having ex-UK MPs in their corporate C-suites?
Or is feeding the political swamp now considered a 'significant national interest'?
There must be a joke about where old politicians go to die, or a future fill-in-the-blanks puzzle...
Nick 'Facebook' Clegg
David 'Greensill Capital' Cameron (*)
Alexander Boris de Pfeffel '-----' Johnson
(*) There was a good Sky news report of today's questioning
https://news.sky.com/story/david-cameron-says-he-was-paid-generous-amount-to-lobby-on-behalf-of-greensill-capital-12305395
it puts this data into the "significant national interest" exemption of GDPR
This is an example of why the ability to apply for a judicial review of government actions is important. No government which respects the rights of its citizens would want to curtail that ability would it?
"This is an example of why the ability to apply for a judicial review of government actions is important. No government which respects the rights of its citizens would want to curtail that ability would it?"
Umm, Doctor Syntax, I rather think you have answered your own question.
"Does not the GDPR mandate opt-in ?"
Not for multifarious government purposes.
Data protection legislation emerged from the European Convention on Human Rights, which was envisaged primarily to protect individuals from governments (not businesses) in the aftermath of WW II. It's consequently both strange and disquieting that governments seem to be the least affected by the legislation in practice. The legislation as enacted includes blanket exemptions for a wide range of government activities
Yes GDPR is, but it came from the Council of Europe's convention on human rights.
As has been said, the British view of justice and proper dealing, aimed in part to reduce executions after the war -- no one would be killed by the state ever again across Europe was the goal. And it's succeeded! Well done Europe.
But the numptie brexiters only see 'Europe', and are to a man convinced of the benefits of capital punishment, so they complain.
Numpties. Learn some history.
Like almost all EU laws, there is a UK interpretation. Brexit did not change anything - this is UK law
Just before the transition period started, the UK basically signed everything EU into UK law so we are 100% aligned - the point was to stop a train wreck but it does mean that in future, we will have to repeal UK laws in order to deviate from current EU legislation...
Still UK can change it at its will now, without being bound to GDPR any longer.
So you UK citizens can't invoke GDPR protection any longer - they need to refer exactly to their own DPA - and if they are afraid of data being sent to US, again, they can't invoke any "European" protection. Max Schrem achievement won't apply automatically to UK now.
You're on your own now - it's what you wanted, isn't it?
Well I read this every week: https://chrisgreybrexitblog.blogspot.com/
You might think that brexit is over now that that blond pillock has made many old white racists happy, but there are many of us who don't. And, just FYI, brexit now means we have to negotiate (from weakness, being just the UK -- for now, until NI and Scotland leave, then Wales?) on everything for years to come, to try to claw back what was taken away at a stroke by, as I say, the racists that voted for brexit.
Oh, and please don't tell me racist is the wrong word -- I married one of these brexit idiots, so I see it at face value every day.
It shows the low level of your thinking to brand all Brexiters as racist just because you know one person who voted Brexit and is racist. I voted to leave because I believe that the EU is a corrupt, elitist and non-accountable organisation. It was not because I am racist (I'm not), or because I don't like Europe/Europeans, or because I want to stop migration to the UK. It was because I do not believe that the EU as a political organisation is not one that I think should hold any kind of power without major reform. And they are not willing to reform.
I will still take my weekend breaks to Europe, have my European friends, welcome migrants to this country. But I will be happy that the EU political classes have no direct influence over UK laws going forward. In a non-racist way.
I hate to tell you but that is more normal than you imagine. Not just UK but all over the world.
Big pharma use a lot of public funded research and then surround the result in layers of patents etc. This is just a bit more obvious than most.
"So you UK citizens can't invoke GDPR protection any longer - they need to refer exactly to their own DPA"
As they always have, GDPR is not a law in itself it is enacted into law by the various states in the EU, such as the Republic of Ireland, Germany, France etc and as such the DPA has not changed. The difference now is the highest court for appeal will be the UK's House of Lords not the European Court of Justice.
"Still UK can change it at its will now, without being bound to GDPR any longer."
I think that was one of the points of Brexit (agree or not) the control of your own laws. So yes the UK could weaken or strengthen the DPA, just as any EU changes with the GDPR would no longer have to be enacted by the UK.
But at present the DPA is the same DPA as before brexit so Max Schrem achievements to 30/12/31 should apply automatically to UK now.
"30/12/31"
??
Even if you make that 30/12/21 ??? applies. I can't see any means by which any of Max Schrem's (more power to his elbow) from this February onwards will help protect us. The difference isn't just the highest court of appeal, it's the entire jurisdiction which has changed.
I guess you meant 20-12-31, i.e. 31/12/2020, which I'd agree with.
Every Max Schrems victory since then either in court or in a DPA ruling means nothing in the UK. There's quite a lot of news from 2021 on NOYB's website.
"Still UK can change it at its will now, without being bound to GDPR any longer"
Actually it's more complex than that. We were never bound to implement the GDPR regulations into UK law because Brexit was already far enough along. When we did implement the DPA in the UK though, "we" chose to point to the central EU list of countries. As such, unless something has changed this year, the UK DPA considers the UK a third country.
The new "NHS data-grab" abbreviation, GPDPR, shows that the UK government lawyers have a great sense of humour.
The normal "personal opt-in" mandate comes from Art. 6 para. 1 (a) of GDPR.
The "NHS data-grab" mandate comes from Art. 6 para. 1 (e).
--
If you want to think about legal challenges, look at Art. 6 para. 4.
You could try to argue that under the "NHS data-grab", the data controller must ascertain that the "basis of the processing of personal data for a [new] purpose" is [not] compatible with the purpose for which the personal data was initially collected (which is the opposite of what it should be). And hence, inter alia, because of...
(d) the possible consequences of the intended further processing for data subjects;
(e) the [non-] existence of appropriate safeguards, which may include encryption or pseudonymisation.
And peer into your crystal ball to visualise how new up-coming technologies could be used to backup your arguments.
Good luck!
You can notarise a copy of the form before sending and send it as recorded delivery but if they want to wiggle out of it there's nothing to prove the form was inside the envelope, only that you have a true copy of original form and they're received the envelope.
This post has been deleted by its author
"That does not appear to be completable online - unless I have missed something, have to print it, and then scan it."
I've not looked at that specific form yet (i will, tomorrow), but I recently had to fill out a government form which was only able to be fully completed using Internet Explorer. It worked in Edge up to the point where it had to be securely signed, where it failed. I couldn't fill it in at all with Firefox.
You can do it on your children's behalf easier to call the number
Make your choice - You can make or change a choice for:
yourself
someone you can legally make decisions for
children under the age of 13
You can make or change a choice for yourself by phoning the NHS Digital Contact Centre.
The phone number is 0300 303 5678 – Monday to Friday, 9am to 5pm (excluding bank holidays).
A member of staff can:
help you use the online service - They can't do this it's in PDF you have to print it off and send by snail mail
make or change a choice on your behalf - I used this
print and post a form to you
The main NHS page: https://www.nhs.uk/your-nhs-data-matters/manage-your-choice/
The page it sends you to actually do the job: https://your-data-matters.service.nhs.uk/
As others have noted, you can't do it for children under 13. Technically you can't do it for anyone else at all, but I suspect the website won't know who's typing if you have all the relevant details.
For once this actually worked. It is a simple form and can be completed in less than 2 minuets.
Why should you.
The government is making changes to Gdpr to make it easier for company's to target individuals but they need data for that. You don't have any say where you data goes or what kind of scumbag can use it.
Resistance is not futile.
"Completed in two minuets? I can’t even dance a waltz. Another sleazy government barrier to transparency and public confidence."
Sorry to tell you but you haven't completely opted out.
There are two:
- Type 1 for GP based data ( the data to be grabbed). Download, print, complete, post form from
https://nhs-prod.global.ssl.fastly.net/binaries/content/assets/website-assets/data-and-information/data-collections/general-practice-data-for-planning-and-research/type-1-opt-out-form.docx
Keep a copy, post to GP with COP or registered mail if you don't have absolute trust, Alternatively hand deliver & get them to sign or stamp your copy.
- Type 2 for National data (hospital, clinics etc) data. Download, print, complete post form obtained from
https://assets.nhs.uk/nhsuk-cms/documents/Make_and_manage_your_choice_PDF_108kb.pdf#page=3&zoom=auto,-16,798
Post to the address on Page 4 with COP or or registered mail if you don't have absolute trust.
Alternatively you can do this online at https://www.nhs.uk/your-nhs-data-matters/manage-your-choice/
REMEMBER: Check periodically to ensure your choice hasn't been reset. Mine has been flipped several times back to opt-in. The last time it happened (type 2 opt-out) in March 2019 I was told it was a "bit-flip error" and said it was too technical to explain. Citing my age and ill-health as an excuse (clearly failed to understand Equality Training) I let him BS a little more before I let fly. He let slip whilst panicking to defend himself that my dataset was likely amongst a targetted profile that didn't have enough subjects.
When this happened with my GP (type 1 data) they blamed EMIS when they used SystmOne The practice manage tried BS but she admitted she hadn't a clue what she was saying confessing she didn't know there was an opt-out. She was basically regurgitating what she had been told to say.
Hope that helps.
Don't assume you've registered. Check periodically and keep records.
The link given in the article is a Word doc, not PDF.
Don't know why you'd need to print it either way - type your info in using editor of choice. Insert a signature JPG, save (perhaps print to PDF?) and email to your GP
Thank you. I thought I was a nerd, but chickened out from actually posting something along those lines :)
Anyway, as this is El Reg, here's the necessary citation:
https://en.wikipedia.org/wiki/Leyland_Tiger
See also the Leyland Tiger Cub
https://en.wikipedia.org/wiki/Leyland_Tiger_Cub
Trainspotter? Who, me?
I would recommend the Atlas Editions DVD - "The British Coach a journey through time" (4:3 Region 2). The usual "enthusiast" type of documentary collating video from many sources - but interesting to see the changes over the decades.
My school days saw the post-war modernisation of British bus fleets. The daily journey oscillated between various era models - which included some single-deckers to negotiate a low bridge variation. Double-deckers occasionally tried the same alternative route unsuccessfully.
Not having my private medical data - ever.
I opted out when they first floated this turd. Now I've had to print out a form (waste of my resources) to sign and then scan and send to their 'enquiries' email address - what could possibly go wrong there, eh?
I've taken the option to post a physical copy through the doctors post box too.
This is shifty beyond belief. If they're after our medical data so desperately, it's time to question why.
And please - the medical research line is just that - a line. No truth in it.
> And please - the medical research line is just that - a line. No truth in it.
Indeed, Ben Goldacre heads up a team in Oxford that mines hospital records with an anonymous trawler engine which (allegedly):
a) doesn't transfer any information outside of where it's held
b) doesn't produce patient-identifiable information
c) does valuable research
Goldacre is one of the reasonably decent ones in the game. There are all too many (with links to the US) who are *not*.
Unless I specifically join a research effort (like I did for the Oxford/AstraZeneca vaccine), my data stays *mine*. Uni of Oxford (well, the Jenner Institute and their Vaccine Group) got permission to share my data with AZ, but that's as far as it goes.
@AC
"So what do you want? A US style system? It's the Americans that are pushing for this, and its this Brexit government that are complying, not the NHS."
I am in shock. The only 2 healthcare systems in the world are NHS and the American system? The woefully under-performing NHS (which isnt just docs and nurses but a bureaucratic insanity) in the developed world being far from the envy of the world. Yet your only alternative is the American system?
The fragmented NHS which still uses fax machines is not to blame, but the gov is? Bloody good job health isnt nationalised and so controlled by the gov. Oops.
The USA system, which charges you 100 times the cost of meds?
This healthcare system:
"Tens of billions of dollars are estimated to be lost in the United States through healthcare fraud each year. The National Health Care Anti-Fraud Association estimated that as much as $300 billion, or 10% of total annual health outlay in the United States, is stolen through fraudulent activity each year, compounding the challenges of high healthcare costs"
https://www.reuters.com/article/us-healthcare-fraud-usa-idUSKBN2BC03R
@JohnMurray
"The USA system, which charges you 100 times the cost of meds?"
I think you missed the point of my post and probably should reply to the AC I was responding to. I never said move to the American system but the AC instantly assumed its NHS or the only developed world healthcare system we look down on.
AC> So what do you want?
They want PAYG healthcare. Where if you can afford treatment you get it.
And you don't have to pay for other people.
It's the gammon/right-wing/brexit-elite's wet dream healthcare "system".
And It's what people have been voting for these last years.
Along with: All your database are belong to us. (To help sweeten the pot.)
Enjoy.
https://www.nhs.uk/your-nhs-data-matters/where-your-choice-does-not-apply/
"When information that can identify you is removed"
As long as your name isn't on it, all information about 43-year old female plumbers in the Chelmsford area who lived in Norwich from 1997-2002, who were treated for contact eczema following exposure to chemicals in the workplace in 2005 and who are currently being treated for high blood-pressure can be shared regardless of your choice.
I personally think this sort of research is a good thing. So long as the data is properly anonymised and it is kept secure who really cares.
And anyway it's better that data research is performed on the NHS data in an anonymised dataset rather than the live full shebang with all your details, which is the alternative (and probably what currently happens).
I could go on, but it's not worth it.
Bring on the down votes (just make sure your tinfoil hat is fitting snuggly while you do it)
"So long as the data is properly anonymised and it is kept secure..."
How do you propose to do the first? How confident are you about the second?
" ...it's better that data research is performed on the NHS data in an anonymised dataset rather than the live full shebang with all your details, which is the alternative (and probably what currently happens)."
Cite for (mis-)use of the full shebang? And again, that word "anonymised". You appear to be placing great faith in that word.
I agree with you 99%. The problem is that, as the article says, "healthcare tech professionals are all for using data for research purposes though transparency and trust are key issues"
This land grab is utterly devoid of both. This announcement should be launching a public consultation, not the done deal. We must be able to see for ourselves that their claims of anonymity are true. There is no rush - data that is "too old" will not be collected anyway.
Where I disagree is on secrecy. Where a database is accessible via the Interweb thingy, nothing is secure. The database should be sufficiently anonymous to be safely accessible by anybody and everybody prepared to sign up to a user agreement and have their activity logged. I mean, fuck it, it's our data not theirs.
For genuine medial research, performed in the UK and under UK laws, by researchers supervised by meaningful ethics committees, and with the data locked up in an archive after a limited period of time (with any later access to the archived data requiring a new ethics approval), I might agree.
I would prefer to be able to approve individually for each researcher (depending on the topic of the research and my personal assessment of the probity of their employer) but understand that this might be infeasible at scale. But in order to be covered by this exemption the data should be very limited in the fields made available for the specific project, with no chance of being able to correlate information such that individuals are deanonymised. In addition, of course, an absolute prohibition on merging or correlating data provided for one project with data provided for another.
In other words, if you want a lot of records you have to be asking for very limited information about them, only for very general conclusions able to be drawn. If you want detailed information (such as disease/treatment histories, location more precise than district council area, job history, etc) then you have to be limited to very few records and with a project where it can be assured and verified that no further (deliberate or accidental) deanonymisation can occur - or specific approval is required.
However, as those guarantees are not being provided, I will have no choice but to opt out completely.
"In other words, if you want a lot of records you have to be asking for very limited information about them, only for very general conclusions able to be drawn. If you want detailed information (such as disease/treatment histories, location more precise than district council area, job history, etc) then you have to be limited to very few records and with a project where it can be assured and verified that no further (deliberate or accidental) deanonymisation can occur - or specific approval is required."
Well yes, but it'll all be alright anyway because I'm sure they'll use these new-fangled AI learned machine GPU-powered whatsits to examine the data and the requests and make sure that our best interests are safeguarded. What could possibly go wrong?
Complete agree with @Graham Cobb.
An individual's medical record pretty much uniquely identifies them. If the data set is rich it can be de-anonymised. If it's not rich, it's of limited use.
Sure you if you gave me a random record plucked from millions, would I be able to identify the person it related to? No. But if you gave me a set of records of 30-year old women giving birth to a boy in central London on 9th Feb 2021 and being discharged three days later, I would lay odds on being able to identify a certain royal princess (glossing over the fact that I doubt she'd appear in NHS records...).
Yes I remember filling in what they called workplace pulse surveys that were badged as completely anonymous so you should feel safe to answer open & honestly your thoughts & feelings on your work environment,even though TPHB had lists of those that didnt fill them in.
But you had to fill in your gender and age for some kind of diversity in the workplace profiling.
Well when you were the only 30 year old woman filling in a survey in the workplace and your gender/age range made up about 1% of the company's workforce, you didnt need to wear a tinfoil hat to recognise you were instantly very identifiable if people chose to look at the data in certain subsets.
Whilst I doubt US companies will get upto any nefariousness with this medical data as I'm sure the NHS partners with plenty of UK ones who are more than competent of doing that themselves, whilst also accidentally leaving backups of it on trains, or with back doors on databases held on the internet, it's not going to be anonymous data and that alone should raise red flags to people concerned about their rights to privacy
Upvoted for ethics committees. Getting the best health care consistent with privacy (or vice versa) is an ethics problem. Ethics is hard. Most people, myself included, don't get it right, even when they are trying. So there needs to be careful consideration beforehand, oversight during, and review afterwards.
From the article, about the previous iteration: "In 2016, The Register revealed NHS England spent nearly £8m on its controversial care.data programme before scrapping it. The publicly hated programme was beset by delays and criticised by doctors and privacy campaigners over the HAPHAZARD way it would share sensitive medical data of citizens with commercial companies without explicit consent."
I put haphazard in all caps. All the commercial value is in the haphazardness. Oversight == pure cost. Ethics == not a business problem. That's why anything with *effective* oversight just gets canceled. If they can't do it profitably, there's no point to it. I'm sure all the El Reg readers in the NHS will be opting out soon if they have not already done so. But the real goal should be to have this iteration canceled as well.
Of course the other news from only yesterday is that GPs have been ordered by NHS diktat not to allow people to make face-to-face appointments until they have exhausted the telephone and online mechanisms for deflecting them from being seen at all.
"Dead? Ring Arthur Mills of Prestatyn. Stiffs taken out of the house and down the chute within the hour!"
On paper what you say is right, this research could help a lot of people.
It's sad that this type of data is often misused through greed or incompetance.
Even if they anonymise the data, there are going to be ways of de-anonymising it all.
I just do not trust them.
Yes. I have 4 levels of trust:
1. NHS themselves. This is fairly high: I expect incompetence (including security problems, resulting in losing data) but not deliberately being evil.
2. Commercial health providers (private hospitals). Medium. I would trust them enough to make sure they have the data they need to provide medical care but they have to be limited to normal GDPR requirements regarding use of my data.
3. Data-driven research with specific contracts. Low trust. Unless there are very strict restrictions on their data usage (and a complete, enforced, prohibition on any sort of correlation or other attempt to de-anonymise, with criminal penalties) then I will opt out completely in order to stop them getting the data.
4. Google, Palantir, etc. Negative trust. Must be able to specify a complete ban on providing any of my data to them, however "anonymised". If not, I will opt out completely in order to stop them getting the data.
As there are no signs of the criminal penalties for class 3 and bans for class 4, I am opting out.
I'm actually of the opinion that everybody's medical data should be available at full granularity to anybody in the name of the greater good, and for myself I'm not fussed about anonymisation at all — I'm open about everything with medical professionals, friends, colleagues and strangers alike.
However the right to privacy trumps that. My mindset's something that's specifically mentioned in NHS training on these matters, but the fact that people own their data and are entitled to privacy always comes first, so my utopian fever dream doesn't matter.
As pointed out elsewhere, it's pretty much impossible to guarantee that you've irreversibly anonymised personal data. You can attempt to mitigate it, but something will always slip through the net — even without personal demographic data, there are instances where a postcode alone can be used to identify someone. There are probably instances where the postcode area can be used, and there are probably islands with a population of 1 where other address details would give it away. Throw some personal demographic or medical data in there and you haven't got a chance — it may be illegal/unlawful/a breach of contract to attempt to deanonymise data, but that doesn't mean it won't be done. The only sane option is to give people the choice, which is not what's happening here.
I'm torn on whether to opt out because I truly believe that pulling healthcare provision and studies out of the dark ages will accelerate humanity's wellbeing at a rate we haven't seen before, but I'm cynical enough to question the motives behind this particular project and I wonder whether the benefits (to healthcare knowledge) truly outweigh the risks (to, e.g., our fairly-socialised healthcare system).
>I'm torn on whether to opt out because I truly believe that pulling
>healthcare provision and studies out of the dark ages will accelerate
>humanity's wellbeing at a rate we haven't seen before
Whilst this is a seductive belief, there is a law of diminishing returns when processing larger and larger amounts of data (or 'big' data or 'AI', to use the journalists' and marketers' mot du jour when simply referring to computer programs processing large amounts of data in fairly standard statistical ways). That is not to say that there might not be some very unusual situations for which very large amounts of data might include a small amount of data related to such situations, but those would be, by definition, only relevant in very limited contexts.
Almost all scientific, including medical, advances are the result of the application of human intelligence and knowledge and a little bit of luck to relatively small amounts of data. Substantially increasing the amount of data does not yield proportionally better results, or even better at all after a certain point.
To characterise the potential of vast amounts of intensely personal data from almost all UK citizens to "pull healthcare provision and studies out of the dark ages" and "accelerate humanity's wellbeing at a rate we haven't seen before" seems like wishful thinking (unless you mean a very small rate).
The idea that we are in "the dark ages" and that lots of personal data would "pull us out of them" lacks two important definitions.
1) What is meant by the dark ages, that we are apparently in? How are they recognised? (It would seem that one needs to be already out of them to recognise them).
2) What is meant by humanity's well-being? Or well-being at all? One person's sense of well-being might differ from another's.
There was a series of Reith Lectures some years ago given by a gerontologist
https://www.bbc.co.uk/programmes/p00gpznv
He made a point that stuck in my mind. He surmised that within, perhaps, 100 years medical advances might have increased life expectancy to approaching 200 years. That sounds wonderful, at first glance, he said, but what it means is that whereas we currently might hope to live to 80 to 100 years and spend, perhaps, the last 15 years of life increasingly the victim of more and more bodily systems wearing out and failing, if our life expectancy was extended to 200 years it would probably be accompanied by the last 30 years of our bodies increasingly not working in the ways that we would enjoy.
Would that be 30 years of "wellbeing"?
I'm certainly guilty of wishful thinking :)
I'm not particularly interested in the idea of extending the human lifespan — I agree the arse-end of life isn't renowned for being too pleasant.
What I was thinking of specifically was being able to spot patterns and precursors (genetic, dietary, environmental, drug-induced) for existing diseases that wouldn't normally be recognised otherwise, due to the fact that it's often difficult to get funding for a clinical study for something without there being potential future drug revenue attached to it.
Having truly open data (as in accessible to all) would mean that amateurs could try their hand at tackling a given condition, potentially providing leads for funded professional or academic research in the name of improving people's quality of life (there are plenty of conditions that don't affect lifespan but do make the span of your life a pretty shit time). I'm sort of inspired by the way extraordinary rendition was brought to the public's attention via amateur sleuths and planespotters investigating flight patterns, tail numbers and aircraft ownership records using data in the public domain; as well as astronomers who often operate out of passion and interest.
As I say, I'm an optimist in such matters, but I think we'd probably find quite a lot of interesting stuff that way. The idea of the data being personal is a matter that's not as black-and-white as I'd like it to be — my idealist self would like everybody to know everything about everybody else and for no stigma to be attached to any sort of health concern, but I'm not of the opinion that that should be enforced or even encouraged as there are innumerable reasons for wanting something kept private (and there's an uncomfortable parallel with the idea of making all communications be out in the open, which I'm against).
Thanks for the link to the lectures, I'll be checking those out :)
>I personally think this sort of research is a good thing.
Did you have any particular sort of research in mind when you said "this sort"?
Or did you not look deeper than carefully crafted dearth of detail and warm fuzzy feelings about exactly what sort of research this huge, non-consensual data-grab facilitates?
Clue: "research" isn't all about medicine and patient care.
E.g. Some US businesses with their eyes on chunks of the NHS might undertake "research" about how to milk it and its patients for profit.
The descriptions are replete with weasel words that try to create an impression of good outcomes and avoid, or fail to recognise, bad outcomes.
Most Register readers, and other thinkers, can smell such excrement from far off. But a small proportion, one suspects, might look no deeper than at the sort of "news" they read on FB.
As a timely suggestion - looking for adverse effects from SARS-Cov2 vaccination or identifying the post-Covi19 effects on health.
Vaccine trials might be 40,000 participants but from a select group (the sort that volunteers for that sort of thing) and specific groups might be missed due to low numbers of those populations but when you can search the population and examine a possibly at-risk group for post-licensing followup to see if there are signals.....
@AC OP: in general, I agree with you. What many people don't realise is that the NHS was set up back in the late 1940s with the aim of creating the world's biggest health research database. The idea was that researchers would have the means to e.g. find correlations between things that affected health and do something about it. Essentially the NHS was set up to become a primarily public-health focused organisation. Health data usage was the quid pro quo for free healthcare at the point of provision. However, this didn't happen early enough (the switch back to Tory government in the early 1950s was disastrous), and now no sensible person trusts the government (of any colour) with this information.
The commercialization of the NHS started years ago. As soon as PPP started, it allowed companies to effectively (and in reality for the new hospitals) run the hospitals. Even hospitals that did not partake in PPP often outsource cleaning, catering and building maintenance to outside companies.
And it is becoming the case that the NHS is contracting out certain medical procedures to private hospitals, available for free to the patient, but paid for by the NHS. I'll take a bet that it would be cheaper to do these procedures withing NHS hospitals, but that they just don't have the capacity.
In addition, GP surgeries are run as small businesses, and it is becoming more normal for these to group together as a company to run several surgeries. Once this happens, the company can be sold to another company, and it is already the case that US companies own significant numbers of GP surgery. See https://www.bmj.com/content/372/bmj.n519.full (behind a paywall, but the abstract gives enough information to see what is happening).
On top of this, most of the provisioning of supplies and medicines are already being managed by facilities management companies, under names that make it appear that they are part of the NHS.
About the only thing that remains solely in the control of the NHS is the directly employed NHS staff (although agency locum doctors and nursing staff are used quite a lot to cover shortfalls).
So what is this NHS, then.
The only thing that seems to matter is that it is "Free at the point of use". Is this all that remains of Nye Bevan's vision?
The only thing that seems to matter is that it is "Free at the point of use". Is this all that remains of Nye Bevan's vision?
I don't have an absolutist view: my concerns are twofold: (i) cost-effectiveness: does the chosen model mean we get better or worse healthcare (in total) for the same amount of money, and (ii) fairness: is the service addressing the needs of everyone fairly and not providing better outcomes based on wealth, geography or other factors.
Of course, no solution will be perfect. The issue is that privatisation is something which needs very careful planning and control. We now have 30 years or more experience and we need to learn from it. There have been some disasters, like the railways, and some successes (maybe BT?). We should not be driven to a model by ideology (of either side of politics) or by foreign influence (multinationals wanting to make a lot of money).
I agree with what you say.
But the NHS has been supplying a lowest common denominator service for a long time - maybe since the start - this is what always happens with "socalist" projects.
Would you voluntarily stay in a hospital with its packed together beds (if you are lucky) unless you were desperate? Prisoners get far better accommodation and facilities.
If you are over about fifty there is little interest in treating anything properly - just keep you ticking over.
It is mre than frustrating when you see what can be done to rebuild athletes.
Then there are the popular "do not resuscitate orders"
There is no interest in treatments to help quality of life, just costs and numbers. This is made worse by the fact that some high profile lobbying groups get support for expensive "lifestyle choice" aliments wasting money for more "deserving" causes.
Why should I provide data that only benefits rich Americam patients and US pharma and internet companies like Google and Facebook.
I am not sure which NHS you go to, but care for 65-85 accounts for some 32% of the budget and 85+ account for 10%. People between 30-65 account for 35%
This is borne out by the fact the NHS bends over backwards for my almost 90 year old father who seems to have a regular weekly slot. Though given the average UK life expectancy is 81, those who are 8%+ cost disproportionately more.
So what's your alternative ?
Means testing for public versus private health insurance ? We already do this, it's called National Insurance contributions.
Force people to take out health insurance ? Works in France where the employer usually pays complementary insurance. Self-employed - bad luck - you'll pay more but as a less capitalist society still less than the UK.
Or America - ObamaCare a great idea to go from 3rd world health care access to 1st world. But contributing money to subsidise others less fortunate seems to go against the American psyche until you're a rich philanthropist. And even then you get to decide.
Of course any treatment too complicated gets delegated to the national system as it's far too big a risk to the bottom line. As happens in the UK already - hips and knees ? Yes please ! Cancer ? No thank you.
Not forgetting that US health care is around 17% GDP as compared to France which is around 12% and the UK which just about makes 10%. Where bureaucracy is purported to account for a third of health care costs in the US - around $2000 per person (including those who don't get health care)
https://data.worldbank.org/indicator/SH.XPD.CHEX.GD.ZS
https://www.reuters.com/article/us-health-costs-administration-idUSKBN1Z5261
Better health care available for the rich who can pay ? Who already suffer from fewer issues because they are rich and therefore generally healthier. I mean come on it's the fault of poor people for being poor.
The questions never change.
What kind of society do you want to live in ?
How much should your government do ?
How much are you prepared to pay for it ?
Without balanced answers the outcome is always strife for part of the community - usually the most disadvantaged.
So all these comments protesting the NHS using its data to try and help everyone improve their health, and work to reduce disease, are from people who never say "yes" when the visit a web site that uses cookies - I guess they never search with Google either and stay off the internet ...
Yes. Except the "stay off the Internet" bit. I don't use Google, FB, etc. I run my own mail server, Searx instance, etc. I always block cookies - although Firefox Containers means every tab gets their own cookies anyway, which are destroyed when the tab is closed, I answer the cookies question with "no" so the sites know there are people out there who care enough..
I never say "yes" to cookies. I say "reject all" or the more usual "reject all but the ones we deem necessary that probably aren't really" plus I've blocked all 3rd party cookies for over 20 years, use Firefox in enhanced tracking protection mode and have uBlock Origin for anything that gets through all that.
If a website doesn't provide a reject option I close the tab.
I use DDG for searching anything I deem sensitive info and a VPN for my 'private' downloads.
So what was your point?
and 99.9% will... shrug without diverting their eyes from the latest fb or twitter feed. Hell, 99.9% will NEVER even know there's something about mumblemubledatamumblemumblenhsmumbleoptoutmumblemumble, because it's not like you hear mainstream media alerting you, or even, God forbid, NHS sending you a text (without a clickable link, hopefully)
There is a very, very good reason for those behind the plan to make sure people don't got ANY information from NHS about this, and to make double sure, it's the old chestnut of the 'opt-out' (in case those who DID hear about might not go along with it). And hey, in this day and age, you not only can't submit your optout online, as you can with covid tests, nosir, you need to print the fucking form and once you read and understand what the message by each tick means, post or deliver to your local GP. Which might, or might not lose it, intentionally or not, but you will NEVER find out. If you don't know what it's about, it means it's about data, but ultimately, about money. Big Data = Big Money.
btw, I bet if I complete the form on behalf of my teen children, it will get rejected, because, from age 13 I believe, the system won't let you, kids need to give their own consent... And what's the deadline, did you say, in 46 minutes?
I did this - Apparently I'd already opted out although my last opt out had no date the bloke I spoke to said he'd add the reference for this call to it. - Please note: The automated message states 'We can't make the changes for you, the bloke I spoke too put me on hold came back and said he could .. then he did so ignore that - If the person who answers says they can't tell them to check because they can ...
You can make or change a choice for yourself by phoning the NHS Digital Contact Centre.
The phone number is 0300 303 5678 – Monday to Friday, 9am to 5pm (excluding bank holidays).
A member of staff can:
help you use the online service
make or change a choice on your behalf
print and post a form to you
I dont know why they dont store gp records centrally as a matter of course.
At the moment the hospital and gp (and other hospitals) struggle to communicate with each other becasue they have different record systems.
I for one would rather the NHS looked after my records centrally , rather than the GP , who i think keeps em on a usb stick in the glove box of his merc.
Summary patient records are stored centrally for hospitals to access. I sometimes end up in hospital unconscious or needing to be anaesthetised because of a medical condition. Normally the hospital or paramedics use the emergency button on my phone to see my name and basic details and use Spine to get that record.
I would rather the records were kept securely and locally but with secure portability designed into the data storage system requiring the individual's permission if they need to transfer any of them to another site.
That is how it works in Spain where I live, formerly we lived in Ibiza and my wife still works there, in order for the local hospital to access her records, she was required to show ID and health card before the records could be sent.
There are protocols for when the patient is unable to participate due to health.
Given the history of authorities of all sorts in the UK losing and misplacing records, a central DB just means they can lose them all at once (or sell them in a lump).
Oddly,foreigners seem to be able to do ID quite well in many countries, in Spain I have no qualms about my ID card, if I still lived in the UK, I would sooner leave the country than live in what would rapidly become a country where ' Papieren Bitte' was a common demand.
In Spain we don't get utility bills printed on bits of dead tree, this is a modern country!
On the other hand your ID number is for life unlike, say, Germany, where it changes on every card issue. So you'd better hope it's not leaked because everywhere asks you for it, even though legally for most things providing your ID number should not be a requirement to receive service (except, say, banks and telecoms).
quote from medconfidential.org/how-to-opt-out/
These choices do not, for example, currently:
Prevent the sale of your hospital history to companies;
Prevent the use of prescribing data by pharmaceutical marketers to influence your doctors;
Prevent public bodies doing work with the data they have for commercial companies, such as tobacco companies;
Prevent mistakes by those who have copies of your medical information from the above, cf. the Partridge Review recommendations.
Prevent the non-clinical body NHS England insisting that you opt out all over again if it decides to create a new project…
Thank you for the article, and thanks for the pdf link in the discussion.
It took about 3 minutes to fill it in, sign it and send it, all without printing it out.
If you don't know how to put text and a signature into a pdf, why not spend a few minutes finding out rather then composing an angry response on this forum about how printing and scanning is all too difficult.
I normally use Okular (on Linux), free. It works for adding annotations (X's in boxes, text for answers and graphics for adding a scanned signature) with most PDFs. The annotations are added as extra graphical elements on the page - and there is no attempt to hide the fact it has been changed. I use it all the time to deal with "print this, sign it, scan it and send it back to us" requests from companies and officials.
I believe there are much more complex and expensive tools that will edit the underlying PDF structures (and even cope with encrypted PDFs) but I haven't used them.
Interesting. It has always worked for me. I did a lot of form filling (in lockdown) last year and had no complaints. Just depends on what tools everyone is using I guess.
I did have to do something different for an encrypted document... I captured it as an image file (I can't remember if it was a screen capture or whether I found a way to print to a graphic file) then I used GIMP to edit the graphic adding my text and signature image and saved as a new PDF. It was no worse resolution than the typical print/sign/scan process.
Adobe Reader lets you import a signature as a picture, which can be inserted into a PDF document.
Unfortunately Adobe Reader doesn't do anything to complete strangers from importing your signature into a PDF file as a picture, so your imported signature isn't worth the paper it isn't printed on!
(The signature is no more meaningful if you print, physically sign, and re-scan, of course.)
... unless you digitally sign the 'signed' form (and the recipient does actually check the signature for validity, an rejects forms without a digital signature).
If you don't know how to put text and a signature into a pdf, why not spend a few minutes finding out rather then composing an angry response on this forum about how printing and scanning is all too difficult.
Its more a question of wether the person recieving the modified pdf , as opposed to scannedpdf.jpg
will accept its authenticity.
BOTH ARE LESS THAN WORTHLESS AS A FORM OF AUTHENTICATION!
why even ask for a signature?
to prove its you?
HAHAHAHAHAHAHAHAHA
why does nobody get this yet?
we know all about passwords now - The KEY fact being its checked against the copy on file
this just DOES NOT happen with a signature
We even bolster the password system more with hashes and 2FA
...And yet when it comes to the really important stuff , like buying houses , or wills , or Power of Attorny
we chuck all that out of the window
and regress to the primitive
"Make yer mark here sunny...
... iffen you dont do the riting , you can just put a X"
(forcing us to all dig our printers out and go through this utterly pointless rigmarole , often having to post the paper to people for them to scrawl on it)
/rant
It's not like any sanguine-stained parent-rogering anus (thank you Martha) suit-wearers have ever made dodgy deals to give all our data away is it?
When the AUS government offered exactly this boon, a year or so ago, they made quite clear that they planned to share the data with all and sundry, and that such sharing would end up being a profitable business for them. Yeah, nuh.
Of course this sort of thing sounds brilliant in the abstract, in the "wouldn't it be great for medical research" context, but then you look at the spivs and blackguards who are devising and running the thing. And you think "this is the same mob that couldn't keep the cryptojackers out". And really, how far would you trust them?
Yes, the problems are trust and competence, and our respective governments aren't doing much to show themselves trustworthy or competent.
All of the data we are talking about is already available to legitimate researchers. Those researchers are both private companies and academics and the data is used for developing new treatments.
The problem here is that this new organisation seems to be mainly tasked with selling the data (£10B per year mentioned) but once you put a price on the data, what happens to all those researchers who were getting it for free. Do they have to match the price? That would be the end of academic research. Also, would the government accept a deal for exclusive access to specific data, thereby excluding all other researchers?
This could very quickly change data being used for the greater good into data being used by the highest bidder.
As far as I read it, this has not changed for years since I originally registered a "Type 1 opt out" at the GP. This new form only allows you to object to sharing "outside of your GP practice for purposes except your own care"
There is nowhere on the form you can possibly object to them storing the data centrally.
Let me know if you have found a way.
From the link:-
1 There is no 30 September deadline for opting out of sharing your data. You can opt out at any time.
2 NHS Digital will never sell your data.
3 There are strict rules about how NHS can use your data. It's only shared securely and safely.
4 Shared data helps the NHS. It has been used to find the first treatment for coronavirus and for vaccine research.
Observations:-
1. If your data has been shared, what does opting out achieve? You cannot retract it from who it has been shared with.
2. There is an implication there that it can be given away, or "loaned out".
3. There have been occasions where this is definitely not true.
4. It may well do, but not if it is shared in a way that commercial enterprises then benefit commercially from that data, maybe not immediately, but for future uses of that data. Does the NHS get free benefit from drugs developed after initial sharing? What is the negotiation expertise within the NHS like, that ensures the NHS (and by extension, us) gets a fair deal? Is it on a par with a negotiator in a commercial enterprise, for example? (I have some experience of an organisation similar to the NHS working on a joint venture with a commercial enterprise which highlights a severe deficiency in negotiating skills of the former).
I will conclude by mentioning this name:-
Henrietta Lacks
What the Lacks affair and NHS and UK government behaviour over COVID shows us is the individual has no value or rights at all compred to big business. Only number count - whether it is dollars or deaths. The old and frail were deliberately sacrificed at from the beginning.
"NHS Digital will not approve requests for data where the purpose is for marketing purposes, including promoting or selling products or services, market research or advertising."
How the feck will they know what it will really be used for? Big Pharma has been outed many a time in recent years for abusing research data to forward its own commercial ends. Major drugs have been withdrawn from the market when they overcooked it. Since Big Pharma sponsors most medial research - both in-house and at academic institutions - is there not an elephant-sized conflict of interest inherent in the whole sorry scam mess?
If there is enough stuff left in there tu fuel the sales effort, then there is too much stuff left in there, period.
Oh if only there was a better way to meet the wonderful stated Government objectives of enabling better research. One that did this without enabling crass commercial exploitation and privacy loss. But its JUST TOO HARD!. Sob sob sigh
But wait. What's this? A couple of academic clinicians and some coding friends at Oxford University Data Lab have solved this? They did it in FIVE WEEKS! That's going to put a kink in the kickbacks from our commercial colleague retirement fund. These guys dont even appear to be hoovering up the data..and wait, they are openly sharing the code on...? Sorry whats a Github?
"OpenSAFELY is a new secure analytics platform for electronic health records in the NHS, created to deliver urgent results during the global COVID-19 emergency. It is now successfully delivering analyses across more than 58 million patients’ full pseudonymised primary care NHS records. All our analytic software is open for security review, scientific review, and re-use. OpenSAFELY uses a new model for enhanced security and timely access to data: we don’t transport large volumes of potentially disclosive pseudonymised patient data outside of the secure environments managed by the electronic health record software companies; instead, trusted analysts can run large scale computation across near real-time pseudonymised patient records inside the data centres and secure cloud environments of the electronic health records software companies. This pragmatic and secure approach has allowed us to deliver our first analyses in just five weeks from project start. You can read about the principles of OpenSAFELY here. You can read about our pilot programme for new users here."
From the first week it was offered I have opted-out of both local data-sharing (type 1 opt-out) and national data-sharing (type 2 opt-out).
At some point they dropped the local opt-out and went for the national opt-out only. However they bought back local data sharing relying on your GP to make this option known to all patients. The local opt-out is the one provided in the Airmed App in the "Sharing your data section."
You need to to opt-out to both the local and national data sharing, hence the need to download, print and deliver to your GP. Using the online National Opt-out will not stop them selling your data.
It is reported that only 1 in 7 GPs will actually advise their patients. Of the three GP surgeries I have registered over the last 5 years, only one admitted the opt-out exists with the other two suddenly becoming mute or changing the subject.
As some with several serious long-term conditions (including a rare cancer brought on due to treatment for another condition), I am a magnet for researchers. Even though I have opted out, my data choices has been over-ridden to allow researchers access. I take a lot of meds and need specific equipment and dressings. De-anonymising me didn't take them long and I was pursued until my tame solicitor got me an injunction.
My wife was collecting my meds etc from our local branch of a national chain of pharmacies and like always she had to wait. During this wait as per usual, various reps appeared chatted to the pharmacist and left. On one occasion she overheard the rep saying they were trying to identify user of a specific drug. The pharmacist printed out a list and gave it to him. He then left telling the pharmacist "thanks, I'll see you right on my next visit.
An old friend, now retired GP said "that's pretty normal" and "happens nearly everyday" finishing with "where do you think we get our toys from?" He did say he did provide data once but realised his mistake soon after. However, data still got out to these reps usually via an admin staff member.
For the last 7 years I have checked twice a year to ensure my national data opt-out (done online) remains intact and for the GP they get a formal notice when signing on and every 6 months there after. I use a dedicated number and email address specifically for NHS use. When the inevitable call or email arrives anyone denying the origin of their source is soon caught out. A second attempt means they get a solicitors letter. That normally stops the intrusion. Funny enough since my local surgery was made aware of the injunction I have had no new approaches.
18 months ago I received a call from the R&D of one of the big 4 pharma. I was told that I HAD registered and that they were calling to give me my appointment time. It was for 10:00h two days later 415 miles away. My wife was in hysterics. I hadn't travelled further than the 3 miles to and from the hospital in 8 months.
However, the fact is, I DGAF if you say I'm selfish yes perhaps, maybe but I get prodded and poked by Doctors it can take days to recover. and I object vehemently at allow someone to do the same so they can get very rich in patenting a cure that I will unlikely benefit from, like most people with serious complex health issues just leave me alone.
To reiterate my original point, you need to Opt-Out separately for for national (hospital/clinics) data-sharing (via online/phone) and again for local (GP) data-sharing. You have one chance to stop the upload of your local data. You do not need to use a specific form so long as the relevant data is included. Don't get fobbed off either.
Apologies for the long winded reply. no pain.
I wonder how many other people here have joined up the dots of what is happening in the UK
House prices, fiat money, inflation, influx of foreign money from immigrants who buy their access to NHS and the gov borrowing only to pass on to chums.
Anyone want to speculate on what happens next?
"Thank god the "unelected officials" of EU can't meddle with this!"
Amen. That scum are already looking to ramping up debt in the member countries names, still struggling with a vaccine failure of their own making and demonstrating how correct leave voters were. The (ir)relevance of GDPR already looking to cause problems with the EU trading with the rest of the world.
@Dan 55
"If your privacy is not relevant,"
Aww nice try but you aint my type. Of course if you actually read the comment you will note I said GDPR. Which is the legal buff the EU is trying to push on the world but with its declining influence and incapability bringing the likelihood of the EU being cut off from the world
What are you on about? It's the EU's data protection directive transposed into national law for 27 countries + the EEA.
Also, what is your opinion about California's newest privacy law? Is that being pushed onto the world or not? If not, why not? Will California be cut off from the world? The commentariat demand answers, not emotive statements without anything to back them up, show your working!
@Dan 55
"What are you on about? It's the EU's data protection directive transposed into national law for 27 countries + the EEA."
Yes. Which they are trying to apply to the world when they impose it on EU citizen data regardless of the country. Which is why the US keeps renaming whatever agreement doesnt meet GDPR and the EU has to accept it. But the EU is becoming less influential in the world and are not really reliable and so their ability to impose it worldwide is diminishing.
"Also, what is your opinion about California's newest privacy law?"
No idea, I dont live there nor deal with any Californians.
www.euractiv.com/section/data-protection/news/global-data-transfer-uncertainty-undermines-eu-digital-ambitions/
Which they are trying to apply to the world when they impose it on EU citizen data regardless of the country.
Well there you are, you don't understand GDPR so you've obviously got the wrong idea.
It applies to EU + EEA countries and their residents. No more, no less.
Happy to correct you.
@Dan 55
"It applies to EU + EEA countries and their residents. No more, no less."
I suggest you read the link you sent. Hell even the title disagrees with you-
Under certain conditions, the GDPR applies to companies that are not in Europe. In this article, we’ll explain when and how the GDPR applies outside the EU.
"Happy to correct you."
Which of course makes this line both hilarious while also making me feel very sorry for you.
Yes. Online business outside the EU/EEA that deal with data belonging to people inside the EU/EEA or sell into the EU/EEA have to follow GDPR. Otherwise it would be pretty useless, wouldn't it?
It doesn't apply to EU/EEA citizens outside the EU/EEA, which is what you wrongly claimed.
It even says on the page that GDPR doesn't apply for "occasional instances" and SMEs are exempt from onerous record keeping.
Why don't you go back and read it again, and then the next time you post about GDPR hopefully you won't be posting incorrect information?
@Dan 55
"Yes. Online business outside the EU/EEA that deal with data belonging to people inside the EU/EEA or sell into the EU/EEA have to follow GDPR."
Ok so your first comment was talking about the wrong thing and your following 'argument' was also wrong. So what is the point to your responses?
"Otherwise it would be pretty useless, wouldn't it?"
So we should scrap GDPR and take the law of the US? Or China? This is why laws have jurisdictions and its often difficult to apply laws beyond that without cooperation. Which goes back to the difficulty due to the EU's falling influence and lack of ability.
"It doesn't apply to EU/EEA citizens outside the EU/EEA, which is what you wrongly claimed."
This contradicts your own first paragraph.
I can only suggest you either read and understand what you are posting (and what you are responding to) before posting, or that you wont be able to discuss this with me as you cant consistently follow your own comment nor the facts as you even state them
You said you didn't like GDPR but didn't say why.
We then established that your privacy is important to you. In my opinion this is a good thing.
Then you claimed:
Which they are trying to apply to the world when they impose it on EU citizen data regardless of the country.
This is the basis for your argument that the EU is trying to impose GDPR worldwide. Your claim is not true, and I corrected you.
If online companies wish to deal with EU/EEA residents' data or sell into the EU/EEA online, they have to follow the law there. This is a pretty normal thing, just like other companies exporting to the EU/EEA having to follow food/drink/safety/standards laws, and it's pretty difficult to coherently argue otherwise (as you have failed to do).
I don't think there are any more loose ends to tie up here, so I'll leave it here.
@Dan 55
"You said you didn't like GDPR but didn't say why."
Did I? In this conversation we are having or previously? I ask because I have previously disagreed with it but not in this conversation. What I mentioned in this conversation is GDPR potentially damaging EU trade with the rest of the world.
"This is the basis for your argument that the EU is trying to impose GDPR worldwide. Your claim is not true, and I corrected you."
And you corrected me by agreeing with me and posting a source agreeing with me but then claiming I am wrong. Which is why I am having a difficult time following what the hell you are on about.
"If online companies wish to deal with EU/EEA residents' data or sell into the EU/EEA online, they have to follow the law there"
You mean follow GDPR. Even if they are not in the EU. Hence applying it outside the EU. Feels like we are going in circles here.
"This is a pretty normal thing"
Wrong. As a result of GDPR Facebook moved data so the physical locations were different to come under differing law. Because the EU wishes to apply GDPR law to digital companies not based in the EU but dealing with EU citizens. Hence trying to apply the EU law beyond the EU borders. Hence cutting themselves off from the rest of the world.
"This is a pretty normal thing, just like other companies exporting to the EU/EEA having to follow food/drink/safety/standards laws, and it's pretty difficult to coherently argue otherwise (as you have failed to do)."
And now I see why you are struggling. We are not talking about a food/drink/appliance but instead information. Something which has no physical property and is instead a communication which travels around the world instantly. Which is why digital companies can deliver a service world wide.
The issue of course being that a person in the UK, a person in the US and a person in the EU is hard to distinguish over the internet. Information being handled differently in different countries with different regs, yet the EU is trying to be special. And so is the problem.
"I don't think there are any more loose ends to tie up here, so I'll leave it here."
I suggest you try to understand the issue before commenting. This has been a long conversation for you to still not understand the subject
I hope the NHS takes as much data as it can. Why? Because in the end, big data benefits us all.
For example, a recent study looking at over 9 million person years has recently showed that if you are overweight in adolescence, there is a much greater risk of stroke as an adult. You can't get this sort of information unless you have huge numbers of people providing data.
I think you would find that almost everyone here would be perfectly happy to support medical research like the study you mention. I would sign up for that tomorrow.
Because of that, the government have decided that they won't allow us the option of supporting legitimate, ethical researchers without also allowing their unethical, corrupt mates (the ones who employ ex-Whitehall players as "consultants" or "lobbyists") to rape the data to make money from it and from us and to use it in their campaigns to cherry-pick the profitable parts of the NHS leaving the state to pick up the unprofitable parts.
That is why I am opting out.
So you can cite - well, not cite but I don't suppose PR folk with their first post really understand what a proper citation is - a study that relied on large amounts of data obtained prior to this data grab. Doesn't this pose a problem for the argument you're putting forward? After all if such studies are already possible with ethically sourced data why would we need this? Or does the study you cite say happened have an ethics problem?
@"For example, a recent study looking at over 9 million person years has recently showed that if you are overweight in adolescence, there is a much greater risk of stroke as an adult"
Indicated not shown.
Statistics, economics and all the other lying/gambling maths are neither absolute nor definate and since they are so open to misinterpretation/manipulation they should always to be taken with a pinch of salt.
Not having seen the particular study, that you fail to refer to, then it is possible they you just misunderstood it.
To make things easier for you to understand define "overweight" or IQ or any of the other stupidly biased misrepresentations that are kicked around in the media to confuse the ignorant, they are not facts they are mantra.
Following this story I've been poking around the NHS site to see how to get my own medical history - so far it seems the only is to register, in person, at a GP and asking them to print it out. Don't know whether it's worth flying across the Atlantic just for that.
I contacted the practice manager at my GP Surgery, turns out he can add the opt-out code to my information, without all the hassle of downloading the opt-out form, creating an electronic signature and sending it to him, or the hassle of getting a printer and using snail-mail to forward the printed-out paperwork :)
Having worked in GP IT services for over a decade I can honestly say that I've never met a more mercenary bunch of people than GP's. The sole purpose of a GP surgery is to generate as much profit as possible. If you think for a second your GP wouldn't offer you data out to anyone for a buck then I'm afraid you're sadly mistaken. Their only complaint in this scenario is likely that the government isn't paying them enough.
Just sending in my form, interesting small print.
Form was last revised on 10th May.
"It will take us up to 14 days to process your form once received"
"It may take up to 21 days for your choice to be processed and acted upon".
So I email them today (May 17th) with photos of the printed off and signed PDF (that is soooo convenient, not) which they may take until May 31st to process. And a further 21 days takes us to the date on which transfers are assumed to have been approved by default.
Anyone would think that they don't want us to opt out :-)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
