BloodOmen
I am a FH squatter
- Joined
- Jan 27, 2004
- Messages
- 18,676
Oh joy
- Thread starter BloodOmen
- Start date
Gwadien
Uneducated Northern Cretin
- Joined
- Jul 15, 2006
- Messages
- 20,563
Sack those responsible, apologise, move on.
Suing them is not the correct way about it, the NHS is strapped for cash as it is.
I don't get the 'profit' argument, profit for who exactly? - What if they said, look, we had to do it, but with the money that we made saved x amount of lives, would your stance change?
Suing them is not the correct way about it, the NHS is strapped for cash as it is.
I don't get the 'profit' argument, profit for who exactly? - What if they said, look, we had to do it, but with the money that we made saved x amount of lives, would your stance change?
TdC
Trem's hunky sex love muffin
- Joined
- Dec 20, 2003
- Messages
- 30,925
what he said tbh. medical records are to be handled with the utmost care, and certainly not bandied about in such a manner.
- Joined
- Dec 27, 2003
- Messages
- 45,640
- Joined
- Dec 22, 2003
- Messages
- 38,671
No suey-suey, no-learny-lessony.
BloodOmen
I am a FH squatter
- Joined
- Jan 27, 2004
- Messages
- 18,676
- Thread starter
- #10
the cunts who proposed the whole selling of personal details should be the ones held responsible as well as whoever leaked it all, not the NHS directly, pretty sure it was some Tory toss pot that's responsible overall.
Gwadien
Uneducated Northern Cretin
- Joined
- Jul 15, 2006
- Messages
- 20,563
suey suey = no nhsy nhsy - People who sue should be exempt from NHS care.
Job
The Carl Pilkington of Freddyshouse
- Joined
- Dec 22, 2003
- Messages
- 21,652
We are simply under attack..not only from a worldwide army of hackers..but an industry that keeps pushing the boundaries as far as they can go...the amount of times I switch on my android phone now to see it searching for gps..it will only get more and more intrusive and will require dropping out technology wise not to be probed and marketed on a daily basis...for this to happen allready tells you of the intent...black boxes for insurance...it will be compulsary in 5 years time and in 10 uears time people with suspect lifestyle profiles will have to prove they arent breaking the law or face investigation...we are on a path to a singularity of control.
- Joined
- Dec 22, 2003
- Messages
- 38,671
Bully-shitty. The NHS rightly gets sued for malpractice and incompetence. Without legal threat hanging over its head the NHS wouldn't be worth saving as it'd act like a monstrous corporation with impunity.
Krazeh
Part of the furniture
- Joined
- Dec 30, 2003
- Messages
- 950
And what do you consider the 'obvious' to be?
BloodOmen
I am a FH squatter
- Joined
- Jan 27, 2004
- Messages
- 18,676
- Thread starter
- #18
The extracted information will contain a person's NHS number, date of birth, postcode, ethnicity and gender. - Perhaps that? and the fact its not only been brought to light by the dim witted media but its also on a server that has been hacked before (if i'm not mistaken google has already been hacked before, so the claims that its "Secure" are bollocks)
Not to mention google can now sell it on LEGALLY to third parties
"(Google drive terms (from 2012, i might add)
"Your Content in our Services: When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide licence to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content."
The rights that you grant in this licence are for the limited purpose of operating, promoting and improving our Services, and to develop new ones. This licence continues even if you stop using our Services (for example, for a business listing that you have added to Google Maps)."
------
The last sentence makes all the difference. While these rights are limited to essentially making Google Drive better and to develop new services run by Google, the scope is not defined and could extend far further than one would expect.
Simply put: there's no definitive boundary that keeps Google from using what it likes from what you upload to its service."
Hopefully this farce goes no further, I genuinely hope the hammer drops on this
Krazeh
Part of the furniture
- Joined
- Dec 30, 2003
- Messages
- 950
Other than the fact that any servers operated by Google within the EU would be subject to relevant data protection legislation in whichever EU country Google is operating from. And for any servers operated outside the EU there would need to be contracts in place to govern the transfer and use of the data to provide similar safeguards to those in EU data protection legislation, or Google would have to be signed up to something like the US Safe Harbor programme which would again provide safeguards similar to those in EU data protection legislation.
And to be honest, given the Guardian have previously reported that the new Care.Data system would allow the police to obtain patient data without a warrant as if it was something new that hadn't been possible before, I'm going to hold off on getting all worked up for the time being.
BloodOmen
I am a FH squatter
- Joined
- Jan 27, 2004
- Messages
- 18,676
- Thread starter
- #20
Yes, which arguably means absolutely nothing for Google, if they have agreed to this when uploading said data (which they will have had to) i'd say Google could argue they have every right to redistribute said data now that its essentially been signed off on by which ever cock badger uploaded it.
Krazeh
Part of the furniture
- Joined
- Dec 30, 2003
- Messages
- 950
Oh yeah, there's also the tiny point that PA Consulting appear to be using Google's Cloud Platform, rather that Google Drive, which has a different set of terms. Ones which provide even more limited rights to Google for the use of customer data and only allow the use for the sole purpose of enabling Google to provide, maintain, protect, and improve the Services in accordance with the Agreement.
And how exactly do you figure that? They are in fact signed up to Safe Harbor which places certain obligations upon them, similar to those required by EU data protection legislation. I'm also not entirely sure they'd go around breaking contracts made with users of their cloud services because they felt like it, doesn't really seem to be good for business.
And how exactly do you figure that? They are in fact signed up to Safe Harbor which places certain obligations upon them, similar to those required by EU data protection legislation. I'm also not entirely sure they'd go around breaking contracts made with users of their cloud services because they felt like it, doesn't really seem to be good for business.
- Joined
- Dec 22, 2003
- Messages
- 38,671
Nope. The data protection requirement was on the NHS. Google is not required to abide by them.
This is an epic win for them commercially.
And plus, Krazeh, if you couldn't see the obvious before - why do you think whatever your thinking now isn't missing the point wholly and completely again (which you are). You advertised yourself as unable to grasp the basics earlier in the discussion after all...
Krazeh
Part of the furniture
- Joined
- Dec 30, 2003
- Messages
- 950
That's not quite how it works. If Google are operating in the EU and are the data controllers then they are required to comply with data protection legislation. However, it's likely that PA Consulting would be the data controller in this case and as they are based in the UK they would be required to comply with the Data Protection Act. This extends to the data on Google's servers. In short, a UK company using Google's cloud services doesn't mean that the data is no longer covered by the DPA.
And in what way would Google selling confidential information stored on their systems be an epic win for them? I'm sure that sort of stuff would just have people flocking to use their services... It's not in Google's interests to take data like that and sell it, not if it wants to continue to sell it's cloud services to anyone.
I'm not missing the point at all. I just don't jump into panic mode on the say so of a newspaper article. If Google had been sold the data without any sort of contractual safeguards put in place then I might begin to get concerned but that isn't what's happened is it?
- Joined
- Dec 22, 2003
- Messages
- 38,671
You are.
True. And they've likely breached the DPA.
PA consulting uploading data to google means that they've granted google the right to resell and use the data. The fact that PA consulting may not have the right to do that is immaterial to google - google are beholden to their own rules and it's not down to google to enforce the DPA beyond their own terms and conditions.
You upload to google, you grant them what it says in google's t's & c's. You upload to google, it ain't "confidential" no more.
Krazeh
Part of the furniture
- Joined
- Dec 30, 2003
- Messages
- 950
On what basis are you making that claim? How have they breached the DPA? What is it you know that their lawyers will have forgotten to consider?
And which bit of Google's T&Cs gives them the right to resell the data? Even if we assume it's been uploaded to Google Drive (which gives Google slightly wider rights than the T&Cs for the Cloud Platform) the T&Cs don't give Google carte blanche to sell the data. Nor does it give Google ownership over the data. As for Google's requirement to enforce the DPA, if they're a data controller in the EU then they are required to do so. If they're a data controller outside the EU then the transfer would have needed to be done in such a fashion as to ensure data subject rights are maintained, whether through contractual obligations, legislative measures in the destination country or things like the US Safe Harbor program. If they're not a data controller then they're a data processor and they would again need to be measures in place to ensure adequate protection for the data.
So in order to sell the data they would need to breach their own T&Cs as well as whatever measures were put in place to protect the data (contracts, Safe Harbor etc) and would very likely lose the faith of any organisation looking to use their services. Now how exactly is that a win for them?
- Joined
- Dec 22, 2003
- Messages
- 38,671
Krazeh
Part of the furniture
- Joined
- Dec 30, 2003
- Messages
- 950
Not really, because it misses the bits which state Google don't own the data and that their license to do things with the data are for the limited purpose of operating, promoting and improving our Services, and to develop new ones. So as I said before they don't have carte blanche to sell the data.
As it is, it's more likely the data was uploaded to Google's Cloud Platform, which has more restrictive T&Cs. And you've still not explained how Google breaching their own T&Cs and whatever measures they've agreed to in order to ensure the data is adequately safeguarded, and losing the faith of anyone looking to use their services would be a win for them. Or how PA Consulting have breached the DPA...
I know. But if it's anonymised, and therefore can't be traced back to a specific individual, why the fuss? Even if it's only been pseudonymised it's still likely to be very difficult to identify the actual individual it relates to so again why the fuss?
- Joined
- Dec 22, 2003
- Messages
- 38,671
They don't need to "sell the data". They can produce a host of new services with it and sell access to them*. Perfectly within their rights. After all - it's what our government intends to do with it anyway, so why wouldn't google do the same given the same dataset?
They'd be idiots not to tbfh.
*or give them away - distribute and display them publicly, should the whim take them.
Krazeh
Part of the furniture
- Joined
- Dec 30, 2003
- Messages
- 950
Can I assume from your imaginative reading of the T&Cs that you're not going to answer the questions about why it'd be a win for Google to fuck over their own business by using confidential data uploaded to their cloud services for their own purposes, or how PA Consulting have breached the DPA? Or why it's such an issue if the data has been anonymised/pseudonymised?
- Joined
- Dec 22, 2003
- Messages
- 38,671
Not imaginitive. Straight-up straightforward reading.
It's not "fucking over" anyone. You use google's services you grant them those rights. Don't like it, don't use them. Simple.
It's google's business model. You give them data, they use it.
Have/haven't breached the DPA is immaterial. Who gives a shit (other than you)? This is personal medical data being transported outside the NHS, never mind outside the UK to a company with form for indelicate data handling, a stated desire to abolish privacy and a legal grey area.
A number of reasons, but we'll leave the betrayal of trust in the doctor-patient relationship (you know, the really obvious one) out of it and simply state that anonymised data clearly isn't. Especially when it comes to medical records - which by their nature are as about as personal as they get - and, by admission, it's the "entire start-to-finish HES dataset across all three areas of collection". You cannot properly anonymise this data - and it's not been anyway.
Don't know about you Krazeh, but I want my doctor to be able to look at my medical records. Not anyone else.