The CLOUD Act: NHS data must be safeguarded from US interests

🇬🇧 BMJ News (GB) —

AI Summary

The UK's NHS is advancing toward integrating a federated data platform combined with AI, aiming for a more coordinated and efficient health system. Concerns arise due to the US CLOUD Act which potentially allows US authorities to access data held by US companies, even if hosted on UK servers, raising issues of data control and privacy.

The NHS is on the brink of something important. The federated data platform (FDP), combined with the accelerating use of artificial intelligence (AI), offers the possibility of a health system that’s more coordinated, predictive, and efficient. Although this is the right direction of travel, one question isn’t receiving enough attention: who ultimately controls the data?That question matters because of a little-known piece of US legislation: the CLOUD Act. The Clarifying Lawful Overseas Use of Data Act allows US authorities to compel US companies such as Palantir, the technology company currently contracted to deliver the FDP, to provide data within their “possession, custody, or control.” This is required regardless of where the data are physically stored.This means that data held on UK servers may still fall under US legal jurisdiction if controlled by a US company. This doesn’t mean arbitrary access to NHS patient records, but it does establish a lawful...

Politics Health AI & Tech NHS CLOUD Act data privacy AI federated data platform US legislation UK-US relations

Read original source →