The Information Commissioner’s Office, in a press release:
The ICO has ruled the Royal Free NHS Foundation Trust failed to comply with the Data Protection Act when it provided patient details to Google DeepMind.
The Trust provided personal data of around 1.6 million patients as part of a trial to test an alert, diagnosis and detection system for acute kidney injury.
But an ICO investigation found several shortcomings in how the data was handled, including that patients were not adequately informed that their data would be used as part of the test.
Elizabeth Denham, Information Commissioner, weighs in on the findings on the ICO blog:
But what stood out to me on looking through the results of the investigation is that the shortcomings we found were avoidable. The price of innovation didn’t need to be the erosion of legally ensured fundamental privacy rights. I’ve every confidence the Trust can comply with the changes we’ve asked for and still continue its valuable work. This will also be true for the wider NHS as deployments of innovative technologies are considered.
Denham makes this point specifically regarding health information, but it should be applied to all kinds of data, particularly when multiple streams of data are collected and connected. It may be harder to innovate in a big data way without collecting information on a big data scale — much like how it may be more difficult to investigate crimes when everyone’s phone isn’t being wiretapped at all times. But we should ensure that we are vigilant about reducing the erosion of our privacy protections in both the public and private sectors, even if that means waiting longer for innovative new technologies.