Author Archives: medcon

medConfidential Bulletin, 22nd May 2026

Hello again! It’s been a busy few months since our last Bulletin, and with so much noise in the news we wanted to send an update.

What just happened – Streeting is gone

Mr Streeting, protégé of Peter Mandelson, admirer of Palantir, is now the former Secretary of State for Health. Yay! That doesn’t mean tomorrow will necessarily be better, but it does mean that patient views – and rational, coherent argument underpinned by evidence – stand a better chance of affecting decision making, rather than the main factor being the effect on a bid to get into Number 10.

You may have seen that UK Biobank has been in the news several times over the last few months. They made a series of promises to their members, and to the NHS, and then failed to keep them. They also loudly advocated for the “pandemic only” GP dataset to be used for anything the Secretary of State decides he wants to do with the data. Mr Streeting decided he liked that idea, and in February he tore up the pandemic-only promise.

Mr Streeting’s last act in office was to lay his Health Bill in Parliament. The Bill proposes that you must have his Single Patient Record in Palantir (aka Single Palantir Record) and that politicians will decide how it is then used – any protections you and your data receive being in the gift of the politicians of the day.

Hmm. How’d that go for the pandemic dataset?

Current chatter in the corridors of Government suggests you’ll have fewer choices about how your and your family’s medical information is used than you’ve had for the Summary Care Record for the last two decades.

What’s next – more talk, not change

Your opt out works today as it always has, but Mr Streeting has announced it will be less effective after his Bill comes into effect.

That won’t happen immediately, so you still have time to act – but Mr Streeting wants it to be this year. (And he’s quit to have a run at PM, so who knows what will happen…)

www.medConfidential.org/how-to-opt-out

Labour may speedrun the lessons of the 2006-2010 Summary Care Record roll out, where you finally got a choice – either at GP registration time, or later. NHSE has worked for over a decade to walk this back, just in time for a previous Labour health secretary to reappear on the national scene. Hello again Andy, my old chum!

What you can do

Nothing has changed yet. Your choices are still there today, but the new Secretary of State may follow through on the threats of his predecessor and take away your ability to opt out in future. Before that, a day may come when the opt out will do less than it does today.

Politicians may also make you opt out again, because they dislike that you did so already.

The rules and standards around access to the Single ~~Patient~~ Palantir Record, as with the Federated Data Platform on which it’ll be built, will be whatever the Secretary of State wants.

You may wish to write to your MP – the Bill applies UK-wide, not just in England – pointing out that the Health Bill they may vote for will impose a Single Palantir Record on every single one of their constituents, whether they want one or not. (You may also wish to point out that while most people are currently unaware of that fact, MPs cannot rely on no-one finding out.)

We’ll be here.

Phil Booth & Sam Smith
22^nd May 2026

coordinator@medConfidential.org

If you want to hear from us more frequently than our irregular bulletins – they’ll probably be a bit more frequent this year while the Health Bill flounders around – you can join our free Substack, which sends you an email whenever we post something to our website.

P.S. medConfidential currently has zero grants to support our work, so we appreciate every small donation.

Wes Streeting’s final Bill

One day it was named the NHS Modernisation Bill; the next it was published as the Health Bill, with this funny line in Hansard: “Secretary Wes Streeting, supported by the Prime Minister”… oh.

Clause 1 is wonderful: “NHS England is abolished”, but they didn’t stop there.

Below is a short and more technical than normal summary. We’ll go through things a bit more slowly over time (added 28/5: we have some draft amendments for now).

The public engagement process on data has been so distorted by NHS England (which is also being abolished by the Bill) that the purposes that least concern the public will have the most opt outs applied (bona fide academic research), yet the purposes that most concern the public are likely to have no opt outs applied (privatisation, commercialisation, and Government uses).

In Parliament, MPs can vote against the programme motion to give more time for assessment and discussion – none of that happened before the Bill was published. Voting down the programme motion is to wait for Andy Burnham to reassess this process, and do the work Mr Streeting never did.

There is no obligation in the Bill for all uses of NHS data to be consensual, safe, or transparent – indeed, many of the provisions allow the opposite.

The main announcement is that you will have a Single Palantir Record containing all of your medical notes, all your prescriptions, and your DNA sequence – all controlled by a politician, accessible and sold to whoever he sees fit. This wasn’t in the briefing Wes gave to make his plans sound good, but if the SPR regulations are unchanged, your GP opt out will be wiped away so he can sell your data.

To those who think going private will help them, there are powers to demand data from regulated private entities in a range of circumstances – which will become a chew toy of the Secretary of State. Registered medical professionals will be told they are unfit to practice if they don’t use the Single Palantir Record, and if they do use it they’ll be forced to write your private health details back into it.

Andy Burnham’s Greater Manchester NHS has repeatedly shown how FDP would be a step backwards for them – and this is Wes Streeting using his last vestige of political power (for now) to take a system that works for others, and replace it with a product whose supplier paid his mentor.

Any good intentions are obscured by the power grab and the complete lack of protections for patients. Indeed, there are more protections in this Bill for the ‘Federated Data Platform’ (i.e. Palantir) to burrow deeper into the NHS than there are protections for the patients’ data within it. How very Wes Streeting, who, when introducing the Bill, knew he wouldn’t be the one to wield those powers himself.

Your medical notes, prescriptions, and DNA will be used however a politician decides; you’ll have no say and no choice.

Line 20 on page 100 is the key: it says the NHS must do whatever politicians decide, with any medical records they have anywhere. The Secretary of State for Health can take any data (s)he chooses and punish those who complain or push back. Patients will have no rights and no choice. [added 28/5:] For clarity: that clause largely continues existing weak limits what the NHS does about publication – any “sharing” or “access” that is not “publication” is entirely outside of the scope of that clause

The Bill also strips away all of the existing statutory processes, and forces all current data flows to happen through Single Palantir Record. The usual requirement of adulthood for social care uses of data is missing – this also applies to vulnerable children. It’s a very Peter Mandelson Bill.

Clauses 47-57 are all about Data. You will have a Single Palantir Record, and you will not have a choice about your data being in the (former) NHS England data platform, known as the Federated Data Platform, that is provided by Palantir.

The test to be met for the Secretary of State to take a copy of your medical notes is if it is “expedient”, or when “the Secretary of State considers that disclosing the information is a proportionate means of achieving a legitimate aim” [Schedule 7 clause 11 (261) (2) (g) & (j)]
Secretary of State will collect all data he wishes about you, and share it as he wishes, and only Secretary of State’s views matter [Schedule 7 clause 5, plus Sch 7 cl 6-10]
You may choose not to look at your Single Palantir Record [Sec State can’t make you]
You may choose not to look at who in the British Isles has accessed your Single Palantir Record, to the extent that Secretary of State chooses to show you (there’s no punishment if they creep on you) [cl 250E(5)]
You shall have a Single Patient Record, and you shall have no opt out [none in the Bill]
Your Record will be updated how the Secretary of State or someone else decides. [cl 49(3) & 49(4)]
When you talk to one part of the health and care system, the Single Palantir Record will reach into your notes and records at other providers you receive care from, and rewrite those records [page 7 of the impact assessment]
Your ability to opt out of research appears to be taken away [Sch7 cl 11(261)(2)(d)]
Commercial users are fine, and you’ll have no choice about that either [cl 48(5)(7)(a)]
Read and write access reaches “anywhere in the British Islands;” [cl 47(2)205E(c)(ii), also cl 50 & 52]
And if your doctors don’t like this, they’ll be fined or punished by regulators [cl 47(2)205E (2)(d), 250F]
The “British Islands” reach also applies to research, so a corrupt cartel outside of England – hence outside England-only enforcement powers – can resell any/all of the data placed in Palantir (i.e. every English patient’s data) under the custom rules of a “British Island” but off-shore tax haven. England also takes over a lot of decision making about anything on the platform, overriding devolution by not simply not caring about others’ views and making it a ‘take it or leave it’ offer [53-56]
All duties of confidence relating to your records are set aside for whatever purposes the Secretary of State decides [“may” in cl 47(2)250E(3) vs 250E(4) & (5)]
There should be rules against abuse, but there’s no legal basis for any punishment [cl 47 (2)250E(2)(5)]
All of the existing data flows around the NHS shall be merged into the Single Palantir Record powers above, as has already begun under ‘faster data flows’ [cl 49(3)251ZF & cl 49(4)277G]
The Bill extends the scope of NHS data, but does not expand the remit of the National Data Guardian to match. There will be no Guardian with remit over the expansions. {line added 16/5}

Clause 47(2) covers all health and social care – including both adult and children’s social care, despite children’s social care not being a function of the Department of Health. (We assume the Department for Education will have something to say about this.)

Sharing data across government (or beyond) would be covered by it being either “expedient” or a “proportionate means of achieving a legitimate aim” – the lowest of low bars. This is the sort of test that Peter Mandelson and Tony Blair would love.

References to “the British Islands” are weird. This means that data about English patients can be processed in Scotland under Scottish rules – which is an entirely different mess, which we’ll pick up again soon – and the entire Bill ‘goes GB’; it’s UK-wide, with hooks for Northern Ireland too. The so-called “Secure Data Environments” in England are trying to harmonise themselves so that decisions by one are binding upon them all, but now data can flow over the border and into UK Biobank-style messes enabled by Scotland on English-only data – not forgetting that HDRUK and UK Biobank share a culture. (The tax haven clauses suggest Mr Streeting was assuming his allies would have control in both Scotland and Wales after the recent elections – an assumption that couldn’t have been more wrong, and which undermines other of his recent actions.)

After this Bill passes – if it passes – then cancer care in the NHS will be limited to a false choice of either ‘all your DNA goes into Palantir’ or ‘you die, US style’. Any promises made risk repeating the precedent of allowing UK Biobank to use “pandemic only” GP data however they cho(o)se, which meant it was all for sale in China and freely available on the internet. Any promises made in the next claim of emergency will get broken, and data once taken in an emergency will be retained – because Wes already decided that can happen.

At this point, and given the Bill was published to surprise everyone, the Bill as introduced is so blunt and far reaching that MPs should vote against the programme motion, to allow sufficient time for notification and responses from those bodies who will be obliged to comply with the Bill.

Mr Streeting took lessons from his political mentor Mr Mandelson in trying to ram this through by imposition. The House of Commons can tell the new Secretary of State to take some more time.

Because fixing this mess will take time.

Other clauses

medConfidential and others will pick up clauses 2-46 over time, which are most of Wes’s top-down reorganisation written into law – taking even more powers to himself.

Clauses 4-7 of this Bill will throw Clauses 1 of the NHS Act 2006 into an utter mess. One of the many organisations jockeying for influence should convene a process to take all of the different clause 1 additions to NHSA 2006, and promise an amendment which leaves something coherent after this Bill – there are 4 clauses to play with, and it might turn chaos into some form of order…

[added 28 May: there has been some (seemingly unpublished) suggestion that “SPR proposals move data sharing from local discretion towards national coordination” and that “The SPR is being introduced for direct care, but there is a need to future-proof wider use”. The Bill is explicitly not just for direct care, so wider use is already in scope, and supposed “national coordination” is local areas, including potentially areas outside of England, making decisions about national datasets of all patients in England.]

Bill work

medConfidential currently has zero funding for this work. Very few funders care about the NHS and protecting data – unless it’s reducing the protections, which is extremely profitable. Can you help?

medConfidential’s newsletter is infrequent – we won’t waste your precious time. We also have a free substack for notifications when we post new information.

Streeting resigns

[if you are looking for opt out instructions, they’re on our how to opt out page]

medConfidential welcomes Wes Streeting’s realisation and admission that he cares more about himself than about NHS patients. Mr Streeting has yet again picked himself, as almost every decision he made in the last 2 years implied he would – the Biobank data scandals being just the latest example.

The forthcoming NHS Half-Measures Bill could be improved by putting on the face of the Bill measures to show patients how the NHS respects their choices on the reuse of their medical records; to see who has accessed their records, and from where; and to use transparency to protect everyone from the next protégé of Mr Mandelson who decides to put himself first.

The NHS Bill could have protected patient data at its announcement – it was a Ministerial decision that it doesn’t, and an amendment can change that.

We would welcome a new Secretary of State who will reassess such decisions, and others like them, unconstrained by their political mentor’s commercial choices.

(we’ll update as the replacement is announced)

Find out what happens next: Sign up for our newsletter (we don’t email often) or get small frequent updates via Substack — free to follow, and we are grateful to all those who can donate to help more of this work.

King’s Speech

We’ll have comments on the Single Palantir Record, the NHS Modernisation Bill, and the King’s Speech when we’ve seen the Bill.

That a now-resigned Minister announced an England only scheme to solve a problem he had in… Glasgow (not in England!)… suggests that a Secretary of State, Mr Mandelson’s political protege adding services to a customer of Mr Mandelson’s consultancy service, who even doesn’t want to have his current job when this Bill passes, might not have cared about all the details.

Will you be forced to have a Palantir Record, or will it be optional?

Will you be able to see who has accessed your notes, your prescriptions, and then your DNA?

Will those and other safeguards be on the face of the Bill, or will they be up to the whim of a Secretary of State on any given day?

[they’re not in the King’s Speech notes, so we might find out next week…]

Biobank’s (April) Breach in Context

You may have seen, well, all over the news, that Biobank has done the emperor’s new clothes thing after losing data nearly 200 times that were counted (plus more that were not)…

Biobank have lost control of the data

These failures show that Biobank volunteers’ data is ‘out in the wild’ as researchers implied last year but Biobank did nothing about it.

Biobank itself doesn’t know who has got it and is being forced to resort to filing “take-down notices” on the various copies of (various amounts of) Biobank volunteers’ (medical and DNA/genomic) data that are popping up all over the place. Biobank aren’t very good at it.

Alibaba was just the latest incident, which Rory once again played down – both to the Biobank volunteers themselves, and to the British public. Biobank volunteers’ data should never have left Biobank’s (so-called) ‘Secure Data Environment’. Full stop. UK Biobank offered a download option from an environment they told their users was secure; this was after they told people they had ceased downloads. We’ve summarised the ongoing messes in various documents over years.

“De-identified” health data is eminently re-identifiable, as The Guardian proved a few weeks ago. It is not ‘anonymous’ data – it is sensitive personal data.

Did Biobank volunteers sign up to having their data sold to eugenicists, insurers, shell companies registered in the office that (also) serve as fronts for QAnon conspiracies, TikTok’s holding company in the Cayman Islands, or sending their DNA and medical history to an undergraduate course in China?

How did the people on that undergraduate course get approval for access? Did Biobank simply give access to anyone who the university said was on the course? Does it have any way to know any of that? UK Biobank has defended itself by saying Yale had a previous failure that it was sanctioned for. If you look at the Biobank project list there is no obvious project which has been closed for breaking the rules, but there are many ongoing projects as if there was no problem at all. Any sanction must have been so minor there’s no public disclosure of any of it, but Rory decided to pick on them to save his job (or NHS England can publicly confirm contemporaneous reports of breaches).

Is this behaviour what the public and patients should expect from the new Health Data Research Service?

HDRUK and Biobank share a culture

This systemic, cultural problem does not only apply to Biobank…

In their email to their participants, Biobank direct readers to this page which says protections are “within the ‘Five safes’ framework.” We know HDRUK and UK Biobank share a culture, which is to undermine the framework by reckless and unsafe changes.

Polly Toynbee might be happy to have her medical history and genome on the internet – that is her choice to give it to Biobank and her decision is informed by her close relationship with UK Biobank leadership who insist they never do anything wrong – but would the 499,999+ others make the same decision about their data and tissue and blood if Biobank had told them up front that “research” might include sending their data to all of these outfits? That Biobank knew their system allowed downloads, but didn’t want to talk about it because staff hoped no researcher would notice? Did they tell Polly that?

Biobank tells GPs that “Careful checks are in place to ensure confidentiality and data security” which clearly isn’t true. The same page has a GP quoted by Biobank saying: “With its internationally respected managed access model and robust data protection, UK Biobank ensures this enhanced resource will drive innovation responsibly”. It wasn’t true when Biobank published it in February, and isn’t true now.

UK Biobank has started talking publicly about another wave to their cohort, which is an opportunity to give all members the ability to give a fully informed consent to continue participating. (or, if they don’t respond, to have their data flows stopped? Or will people still have to beg the Biobank call centre for the secret form to fill out and return to end their participation? What will they be told about this debacle)

With Wes Streeting breaking ‘pandemic-only’ promises about uses of patients’ GP data (having been lobbied to do so by Biobank…) and with his intention to suck up everyone’s GP data into his ‘Single Palantir Record’, this is an issue that could (and will, if the government doesn’t stop steamrollering ahead) affect everyone in England.

Biobank insists that this time their catastrophes are different. We know how that always goes…

===

The latest Biobank Screwup (April 2026)

Unsurprisingly, little has changed since the data was last lost in March and is reidentifiable.

Today there was a ministerial statement in the House of Commons about a new breach (at noon exactly)

Biobank claim that the data is “deidentified” – all that means if that you can’t find someone you don’t know, if you know anything about someone you can read off the rest of their health record.

A series of terrible decisions by Biobank’s outgoing leadership have all come together at once.

That UK Biobank have referred themselves to the Information Commissioner shows they know this was personal data. it was personal data.

Biobank told their funders, their members and others that they operated a secure data environment, while allowing their users to download whatever data they wanted.

Will the “Biobank Direction” be rescinded?

They lost a lot of data

“In its statement, Biobank said the type of data offered for sale included:

• Population characteristics such as gender, age, month and year of birth;

• Assessment centre data including attendance date, socioeconomic status, lifestyle habits, mental health, self-reported medical history, cognitive function and physical measures;

• Measures from biological samples including haematology, biochemistry, metabolomic and proteomic;

• Online questionnaire data on sleep, diet, work environment and mental health;

• Health outcomes data on ICD-coded diseases, cancer diagnosis date etc.”

(source)

There’s more in our next blog post

===

Why the Biobank breaches matter to you

[if you are looking for opt out instructions, they’re on our how to opt out page]

[This was written in March, before it emerged UK Biobank data was for sale on e-commerce sites]

The “pandemic-only” promise about uses of GP data has been torn up in favour of Biobank.

The Guardian then found the full patient-level NHS hospital data given to UK Biobank about its volunteers had been posted to the internet on several occasions – with signs of hundreds of instances of rule breaking and smaller breaches. UK Biobank insists that the NHS hospital records of their cohort are not personal data, despite The Guardian being able to reidentify individuals’ full hospital histories from other information in the dataset.

Why does this matter if you’re not one of the half million people in Biobank? It matters to you because the data leaked by UK Biobank is the same linked, patient-level NHS hospital data that is routinely sold (in full or in part) to hundreds of other organisations. And, even if you have opted out, your data is usually included.

Continue reading →

Mr Streeting is breaking promises, you still have choices

For details on Biobank Direction that “betrays” the “covid-only” promise about GP data, please for now see this page, or read how to opt out. There are many moving parts, and this page will be updated shortly.

Find out what happens next: Sign up for our newsletter (we don’t email often) or get small frequent updates by joining our free Substack.

Dog Cancer – is cancer treatment for your dog becoming better than treatment for your grandma, or your kids?

In 2024, we looked ahead to treatments at the end of this Parliament. In 2025, we said: “Mr Streeting knows that by the end of this Parliament in 2029/2030, it’ll be increasingly normal for you to be able to take your cat to the vet to have your cat’s cancer effectively cured.”

As things turn out, it’s a dog that got famous for a custom mRNA vaccine to treat some cancers.

Continue reading →

The latest (March 2026) Biobank mess (and consequences for everyone else)

Even before these new revelations, UK Biobank had a very long list of unanswered questions (that PDF was published earlier this week and now needs extending). At the same time, Mr Streeting has decided to give Biobank data from GP records that was collected under a promise it would be used only for the pandemic.

What did the Minister know when he signed the Biobank direction? What did those who publicly supported the Direction know? Did Biobank tell them everything?

Why this matters even if you’re not in Biobank:

The Biobank direction means “pandemic only” dataset can now be reused however Mr Mandelson’s political protégé decides – GPs have been given no choice because NHS England already has the data and uses it however they are told. This action already destroys trust for the next pandemic, and undermines promises being constructed for Mr Streeting’s Single Patient Record plans where he’ll make political promises around becoming data controller for your medical notes. Apparently this is the acceptable approach and standards for where your data will go in the National Data Library.

Biobank data ~~is still~~ was published on the internet

The Guardian has reported that the NHS hospital data of UK Biobank participants was repeatedly published by Biobank users, and some of it ~~is still~~ publicly available months after Biobank was first told that Biobank patient level data was published online. This notification was before the Direction was signed which will allow “pandemic only” GP data to flow to Biobank to be used like the rest of the Biobank data.

The statement on the Biobank website completely omits that this happened ~~and this remains the case.~~

Biobank admit they don’t know who their users are

Biobank have sent many legal notices to have material taken down from the internet.

UK Biobank admits that, in every case where they send a legal notice, that is because Biobank’s attempts to identify and contact the researcher have failed. Either Biobank don’t know who the researcher is, or the researcher doesn’t care enough to reply to the Biobank email.

It is clear that Biobank does not know who their active researchers are, because if Biobank did know who the users were, Biobank would not have to resort to takedown requests for accounts they can not identify.

In any event, Biobank gave them (or someone) access to that data in the first place – the application form is short and woefully insufficient, but it does have a space for an email address. Emails from Biobank that researchers ignore alongside ignoring the Biobank rules that Biobank say protect the NHS data they share.

Since Biobank resorted to these legal means, did Biobank notify NHS England they were doing this over NHS sourced data?

That’s before we consider approved data use in Chinese undergraduate teaching – the lecturer is granted access, but the students get it too and Biobank has no way to know who they are.

Biobank blame their victims for Biobank’s failings
UK Biobank simply claims that no Biobank member has been harmed, and if they have, then it’s their own fault.

If you’re in Biobank, and if anyone knows anything about your medical history, they can potentially read it all. Apparently the bland text on page 23 of this newsletter was Biobank telling you about the risks you had chosen to take, and Biobank would allow researchers to take.

Given the nature of researcher conduct, it is not possible to guarantee that there are no further examples.

NHS England did a “consent audit” of Biobank, which Biobank says they passed. Is this victim blaming what NHS England’s audit found and approved?

To quote Biobank’s newsletter “In everything we do, we ask, what would participants expect from us?” so are the Biobank statements what one would reasonably expect?

Biobank’s [ public statements ] are incompatible with their [ redacted ]

[redacted until Biobank fix it or decide they’re willing to take that particular risk with their cohort]

The Guardian work shows how easily NHS patient data is re-identifiable

The Guardian’s efforts confirm that if you know one health event for a person, you can read off all the others through the linking pseudonym, the EID that Biobank’s response argues is so immaterial that it can be published repeatedly on the internet without consequence.

The Biobank response also argues that if data they have lost control of leaks (as it has), then that’s that if anyone knows anything about your health, and uses their lost data to find out more, then that’s your fault.

The Department of Health in England makes the same self-serving argument – they take risks with your data and will blame you when they go wrong. Everyone treated in an NHS hospital is in the hospital datasets that NHS England sells, usually without respecting the National Data Opt Out.

UK Biobank’s sole remaining defence is that it’s difficult for someone you’ve never met and who knows nothing about you to reidentify you – which doesn’t address the fact that you have met many people who know something about you and your health and can now potentially read everything; or the Department of Health in England can stop making stupid mistakes.

None of this is new, the flaws and risks were discussed at length in Chapter 4 of the 2022 Goldacre Review.

For Biobank participants who now wish to withdraw

We have heard that participants have withdrawn from Biobank because of their failings over recent years. Biobank claims privately no one has told them they’ve withdrawn for this reason, but then, participants don’t have to give Biobank a reason for withdrawing.

If you’re in Biobank and wish to withdraw, they make you email them for the form. You are required to know your Participant ID, which Biobank probably told you 20 years ago, you can find on some communications from them, or simply download it from the internet with most of your hospital record if you know where to look…

You can withdraw from Biobank, you won’t be allowed to withdraw from the National Data Library.

Biobank’s reckless disregard for personal data has infected the “National Data Library”

The HDR/Sudlow Review which argues that all public sector data should be linked (one topic in the ID cards consultation) and used like Biobank. At the Review launch, the former Chief Scientist of Biobank said Biobank has “one of the best systems” for data access, and Biobank data should be “used as widely as possible”, and has now been rewarded with a seat on the National Data Library advisory board.

Biobank’s actions exemplify Mr Mandelson culture being applied to NHS data (increasingly so via the Biobank direction), and it will cover everyone everywhere in the UK via the National Data Library.

Unless DSIT agrees that the UK Biobank approach to those in their dataset as covered above will be that of the National Data Library, DSIT should remove Prof Sudlow from the advisory board. Biobank’s public response is the responsibility of the current Biobank senior leadership (most of whom should also resign in disgrace, but won’t as they blame the victims rather than accepting responsibility for their decisions; and wisely no one appointed them to an NDL seat). Responsibility is known and admitted for how Biobank ended up in the mess they have put their cohort in, the only question is whether there will be any consequences for that.

In addition to our annual-ish newsletter, you can also join our free substack to get emailed whenever we post some news or commentary.