Category Archives: News

Covid 19: “massive data-sharing contracts”

Making the rounds on Twitter is news of the UK government’s release of the “massive data-sharing contracts” that it has entered into with various tech companies, relating to Covid 19.

According to the OpenDemocracy website, this release occurred only after pressure from openDemocracy, and “hours before” they were due to issue legal proceedings to demand their release.

The web page linked above has on it links to what are said to be the contracts that the UK government released. The contracts are with Google, Faculty, Palantir and Microsoft, respectively. According to openDemocracy, the contracts are concerned with an:

‘unprecedented’ transfer of personal health information of millions of NHS users to these private tech firms.

IP Draughts thought it would be interesting to take a look at these contracts and consider what, if anything, they tell us about the processing of health data, and more generally what they tell us about government contracts.

IP Draughts’ first reaction, having downloaded the four contracts, is “where’s the beef”?


The first contract is with Google, and is described as a “confidentiality and consultancy agreement”. It is 3 pages, plus signatures. It says that Google will:

provide technical, advisory and other support (the ‘Support’) to NHSX [two national NHS bodies and the Department of Health] regarding efforts to tackle COVID-19 (the ‘Project’).

No further details of the Support are given. Clause 5 states, inter alia:

The parties acknowledge and agree that it is not their intention to collect, access, share, use or otherwise process any personal data…

Much of the rest of the contract consists of boilerplate clauses, eg on anti-bribery , disclaimer of warranties, etc.

If there is a scandal associated with this contract, it is not evident from the text of the contract.


Faculty is allegedly a company that has connections with Dominic Cummings, and has received several government contracts. OpenDemocracy alleges that the disclosed contract is worth £1M.

The contract is headed with the “Crown Commercial Service” name and logo, and is described as a “G-Cloud 11 Call-Off Contract (version 4)” – whatever that means. It appears to be a typically turgid form of government contract, running to 48 pages. Most of it is boilerplate language.

The “call-off contract value” is stated to be “£930,000 excluding VAT”, and the “call-off contract description” is “provision of strategic support to the NHSX AI Lab”.

The main reference to data in the service description is a phrase (the 7th bullet point of 12 that describe the services) that reads:

Modelling and simulation: using data from across the healthcare system to model scenarios to better understand that impact of the spread of CODIV-19 on healthcare resources

This may or may not involve obtaining personal data from NHS records.

A later [template?] Schedule 1 – Services includes a narrative description of the NHS AI Lab and what it will do, and states that the NHSX “are looking for a partner to help share and deliver the NHS AI Lab”.

These brief descriptions certainly raise the possibility that, in helping to develop the AI Lab, the contractor will have access to personal data, but so far the contract does not say so in terms.

Part B – Terms and Conditions, sets out detailed boilerplate terms for the contract. Clause 12.1 requires the Supplier to

comply with the Buyer’s written instructions and this Call-Off Contract when Processing Buyer Personal Data… [and to] only Process the Buyer Personal Data as necessary for the provision of the G-Cloud Services…

Schedule 6 is a glossary and defines Buyer Personal Data as:

The personal data supplied by the Buyer to the Supplier for purposes of, or in connection with, this Call-Off Contract.

Schedule 7 is headed “GDPR Information” and sets out a familiar table that sets out the parties’ legal roles and responsibilities in relation to data processing. It states that NHX is the Controller and the Supplier is the Processor. Under the heading “Type of Personal Data” it includes:

  1. Pseudonymised personal data
  2. Aggregated personal data

Under the heading “Categories of Data Subject” it includes “members of the public” and “patients”.

So, the framework contract contemplates the possibility that the supplier may have access to personal data from NHS patients, but does not explain in detail what the data is and in what circumstances it will be provided and processed.


This contract is in a similar form to the Faculty contract. In the interests of saving a few Norwegian forests, IP Draughts printed out only the Statement of Work that appeared at the end of the contract. But he did check the contract value, in case this was evidence of a scandal. Disappointingly, the contract value is stated to be £1.

The Statement of Work is written in almost impenetrable jargon, but some phrases look as if they might refer to accessing personal data, including:

Ingestion of mutually agreed data sources and further integration into a data ontology

The Customer is required to provide:

Timely access to or provisioning of relevant data


The “contract” that has been disclosed appears to be a set of standard Microsoft contract terms for various types of standard service, including “Azure Services” and Office 365 Services”. The document is headed “Volume Licensing: Online Services Terms April 2020”.

The document is only 16 pages long, but this is misleading: they have reduced the font of the text to about 8 point. IP Draughts now has a headache. [Correction: IP Draughts’ printer ran out of paper. The full document is much, much longer!]

IP Draughts is suprised to hear himself say this, but it was refreshing to turn to Microsoft’s turgid contract prose, after wading through the UK government’s very different turgid contract prose.

These terms are very light on the subject of personal data, but they do include a link to a web page where can be found Microsoft’s “Data Protection Addendum”.


Nothing in the Google or Microsoft documents appears to be evidence of a scandal.

Both Faculty and Palantir appear to have been engaged to support the development of a national AI Laboratory. One may speculate that the development of machine learning techniques in relation to Covid 19 – e.g. assessing how patients with a particular genetic sequence are likely to react to infection – could well involve processing personal data. One may also speculate that the UK population would mostly be happy for their personal data to be used, in a suitably controlled way, to support this important work.

Just looking at the contracts, there is very little about the nitty-gritty of GDPR compliance, and one might hope that other documents exist that will address in more detail what information is to be disclosed and how compliance will be ensured.

Is there a public scandal, and are these contracts “massive”? IP Draughts will leave that for others to decide.


Leave a comment

Filed under Databases, Legal policy, News

Thank you, health service workers

The Covid 19 pandemic has brought out the best, and sometimes the worst, in people. While this is happening all over the world, IP Draughts is most conscious of it in his home country, the UK. He thanks the thousands of UK-based doctors, nurses and other healthcare professionals who are putting themselves in danger to help the millions of people who either have contracted the disease, or are at risk of doing so.

He is particularly proud of his sister, who has been a nurse for 40 years, and whose duties have recently changed as a result of her hospital’s new role in the pandemic. She is on shift today, and he hopes that she will continue to get the personal protective equipment that she needs.

Next, he would like to thank the individuals among his firm’s clients who are medically-qualified and have gone back into medical practice during the pandemic. He also applauds individuals who are doing voluntary work with hospitals and research organisations. Equally commendable are those individuals who are raising money to support medical treatment, including 99-year-old Captain Tom Moore, who has raised £13 million for the NHS.

He is proud of his colleagues in Anderson Law who have been providing legal support to urgent projects related to Covid 19, including drafting agreements and advising on related issues such as GDPR compliance. The subject-matter of those projects has included funding agreements for the research and development of vaccines, (free) licensing of the design of ventilators, and the creation of a population tracking app.

When the pandemic is over, we may find that people have become used to new ways of doing things. Yesterday, IP Draughts saw a routine injection being administered in the car park of a doctor’s surgery, with the patient sticking their arm out of the window of the car for the practice nurse to apply the needle. Drive-through medicine! Court cases are now being conducted remotely, with judges suddenly learning how to use Skype, after years of institutional resistance to innovations of this kind.

IP Draughts hopes that, once the immediate crisis is over, there will be increased funding and recognition of essential services, including healthcare, education, and the courts.



1 Comment

Filed under GDPR, Intellectual Property, News

Reminder: next IP Draughts’ Zoom meeting

Following on from our first Zoom meeting, we will be holding another IP Draughts’ Late Lunch, this Thursday at 2 pm (UK British Summer Time).

We had around 13 people attend the last one, and we hope to have at least a similar number this time. All readers of this blog are welcome, as are others who work in IP, law, contracts, or technology transfer, and wherever you are located.

The conversation is likely to move around different topics, including how we are coping with the lock-down and its effect on how we work. IP Draughts will also introduce the topic of Building Relationship Remotely, and see where this takes us.

As before, dial-in details will be posted on this blog around an hour before the meeting is due to start.


Leave a comment

Filed under &Law Updates, News

It’s all go, in the IP world…

On the day after the night before – when the UK left the EU – there are too many distractions for IP Draughts to get maudlin. A small sign is the more than 50 work-related emails which came into his inbox yesterday.

  1. Technology Transfer, 4th edition: the final proofs of our ‘flagship’ book went off to the typesetters yesterday morning. It is now over 1,000 pages – a real tome. It is 10 years since the last edition, and much has changed in the law surrounding TT agreements. While you are waiting for it to be published, you could always read one of our other books.
  2. IP Transactions course: Or, you could book on our annual, 5-day course on IP transactions, which has its 8th outing at UCL Laws in April. Or, on one of our one-day courses at UCL, most of which can also be run as in-house courses.  Applications for the 5-day course are now coming in thick and fast – IP Draughts approved several applications yesterday.
  3. Consequences of Brexit for IP registrations. This is a huge subject, which we hope will be fully and appropriately addressed as part of the negotiations over the UK’s future relationship with the EU. One point of difficulty emerged last week – it seems that the European Plant Variety Office has a notice on their website, alerting organisations who have plant breeders’ rights that that they need to have a representative based in the EU, (i.e. not the UK) from the end of January 2020. Colleagues assure me that this is incorrect and that UK representatives are acceptable until the end of the transition period, i.e. the end of December 2020. Thanks to PraxisAuril for alerting IP Draughts to this issue.
  4. Model term sheet for spin-out transactions. While on the subject of PraxisAuril, IP Draughts is disappointed (to put it mildly) that certain members of the Board of PraxisAuril have delayed adoption of the model term sheet for university spin-out transactions that a working group of PraxisAuril finalised last year, after many months of work. The Board was consulted at various stages in the development of the term sheet, as were representatives of universities and the investment community. It is frustrating that there is an issue at this late stage in the process, but he hopes it can be resolved soon. Disclosure: IP Draughts and Paula Alessandro of QMUL co-chaired this working group.
  5. Mediation of IP agreements. Flushed with his success in passing the CEDR assessment to become an Accredited CEDR Mediator, IP Draughts has produced a Profile or flyer for his mediation services, and may in due course dedicate part of his firm’s website to ADR services. The Profile is available here: msa mediator profile 2020. Please consider naming IP Draughts as your chosen mediator in the dispute resolution clause of your contracts.
  6. Negotiation techniques – great book: IP Draughts is grateful to Gill Mansfield, whom he met when attending a mediation course at WIPO in Geneva several years ago, for her recommendation of the following book: Never Split the Difference: Negotiating As If Your Life Depended On It. The book is written by a former FBI hostage negotiator, Chris Voss. It is very readable, and IP Draughts thoroughly recommends it. Many of the techniques described in the book, such as active listening and asking open questions, overlap with the techniques that CEDR teaches on its mediation skills course. But the analogy shouldn’t be taken too far. Working as an outsider – mediator – to get two parties to agree is ultimately a different skill to working as a participant in a negotiation to get a good deal.

Finally, IP Draughts hopes that his friends and colleagues in the EU will continue to think of the UK as a reliable partner. More than half the population seems to want to be in the EU, and far more than half of business people and professionals do.


Leave a comment

Filed under &Law Updates, News