Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
squidbeak 2 hours ago

The government provided data to a private company. The private company sold resold access to a third party for AI ingestion. it's a plain case of tough titties to the private company.

That said I don't know why the hell the service concerned isn't provided by the government itself.

dash2 2 hours ago | parent [-]

Perhaps that is true, but the response linked by GP claims exactly the opposite:

"We hired a specialist firm to build, in a secure sandbox, a safety tool for journalists. They are experts in building privacy-preserving AI solutions - for people like law firms or anyone deeply concerned with how data is held, processed, and protected. That’s why we chose them. Their founders are not only respected academics in addition to being professionals, they have passed government security clearance and DBS checks in the past, and have worked on data systems for the National Archives, the Treasury, and other public agencies. They’ve published academic papers on data compliance for machine learning.

"The Minister says we ‘shared data with an AI company”... as if we were pouring this critically sensitive information into OpenAI or some evil aggregator of data. This is simply ridiculous when you look at what we do and how we did it.

"We didn’t “share” data with them. We hired them as our technical contractor to build a secure sandbox to test an idea, like any company using a cloud provider or an email service. They worked under a formal sub-processor agreement, which means under data protection law they’re not even classified as a “third party.” That’s not our interpretation. It’s the legal definition in the UK GDPR itself. ... "And “for commercial purposes”? The opposite is true. We paid them £45,000 a year. They didn’t pay us a penny. The money flowed from us to them. They were prohibited, in writing, from selling, sharing, licensing, or doing anything at all with the data other than providing the service we hired them for.. and they operated under our supervision at all times. They didn’t care what was in the data - we reviewed, with journalists, the outputs to make sure it worked."

If this is true, it does seem that the government has mischaracterized what happened.

squidbeak an hour ago | parent [-]

It sounds very reasonable. But it's also directly contradicted by the government information about this case, which was very specific even about the number of breaches:

> Our understanding is that some 700 individual cases, at least, were shared with the AI company. We have sought to understand what more may have been shared and who else may have been put at risk, but the mere fact that the agreement was breached in that way is incredibly serious.

> ... the original agreement that was reached between Courtsdesk and the previous Government made it clear that there should not be further sharing of the data with additional parties. It is one thing to share the data with accredited journalists who are subject to their own codes and who are expected to adhere to reporting restrictions, but Courtsdesk breached that agreement by sharing the information with an AI company.

(from https://hansard.parliament.uk/Commons/2026-02-10/debates/037...)