personal data sharing | digi.me blog

The NHS Deepmind deal has been heavily criticised by the Information Commissioner’s Office (ICO) for serious privacy erosion that fell foul of the Data Protection Act

The deal, which shared NHS patient data of 1.6m people with Google’s AI company Deepmind, had “several shortcomings” including that patients were not adequately informed that their data would be used as part of the tests on an app designed to diagnose serious kidney injury.

Elizabeth Denham, Information Commissioner, said in a statement: “There’s no doubt the huge potential that creative use of data could have on patient care and clinical improvements, but the price of innovation does not need to be the erosion of fundamental privacy rights.

“Our investigation found a number of shortcomings in the way patient records were shared for this trial. Patients would not have reasonably expected their information to have been used in this way, and the Trust could and should have been far more transparent with patients as to what was happening.

“We’ve asked the Trust to commit to making changes that will address those shortcomings, and their co-operation is welcome. The Data Protection Act is not a barrier to innovation, but it does need to be considered wherever people’s data is being used.”

Deepmind has admitted that: “We were almost exclusively focused on building tools that nurses and doctors wanted, and thought of our work as technology for clinicians rather than something that needed to be accountable to and shaped by patients, the public and the NHS as a whole. We got that wrong, and we need to do better.”

There are two fundamental lessons here – and they will be applicable going forward as they are today.

The first is that privacy and innovation can live hand-in-hand. Access to better quality data is a huge boon for innovation across all sectors, but it has to be permissioned and not just handed over. That’s a fundamental human right of the people involved, as well as best practice for ensuring fully accurate data that has the most value. Greater transparency benefits us all.

The second is that users need to be in control of their data, not third parties. This is how situations like this are avoided – by giving individuals control over the data that is about, or created by, them.

In the digi.me world, it then becomes their choice, and theirs alone, what happens to that data. And that’s exactly as it should be.

The loss of control over personal data sharing is one of the three biggest threats to the world wide web as it currently exists, according to its founder.

Writing an open letter in The Guardian to mark the 28th anniversary of his creation, when he wrote the initial proposal for what became the web, Sir Tim Berners-Lee said he has become increasingly worried over the past year about three new trends, which he believes “we must tackle in order for the web to fulfill its true potential as a tool that serves all of humanity.”

And he is keen to see personal data control put back in the hands of those who create it as a major step to solving the first one.

Regarding this first point, loss of personal control of data, he wrote: “The current business model for many websites offers free content in exchange for personal data. Many of us agree to this – albeit often by accepting long and confusing terms and conditions documents – but fundamentally we do not mind some information being collected in exchange for free services.

“But, we’re missing a trick. As our data is then held in proprietary silos, out of sight to us, we lose out on the benefits we could realise if we had direct control over this data and chose when and with whom to share it.

“What’s more, we often do not have any way of feeding back to companies what data we’d rather not share – especially with third parties – the T&Cs are all or nothing.”

This, of course, chimes 100 per cent with the Internet of Me vision (image above), where individuals at the centre of their connected world are in charge of their data and what is shared and with whom.

This ideal world, as well as being at the heart of our personal data and company mission, will also be front and centre of the next version of our app, which will allow both more streams of data to be collected in a private library, and the capability for sharing slices of data with directly with companies for personalised rewards.

Sir Tim goes on to point out that this widespread data collection by companies has other impacts, notably increasingly giving goverments the ability to watch our every move online, which creates a chilling effect on free speech.

Combined with the two other major issues of the web making it too easy to spread misinformation and the need for greater transparency in online political advertising, he writes: “These are complex problems, and the solutions will not be simple. But a few broad paths to progress are already clear.

“We must work together with web companies to strike a balance that puts a fair level of data control back in the hands of people, including the development of new technology such as personal “data pods” if needed and exploring alternative revenue models such as subscriptions and micropayments.”

Ultimately, he said: “It has taken all of us to build the web we have, and now it is up to all of us to build the web we want – for everyone.”