Since its inception in 2015, the breakthrough medical trial between the Royal Free NHS Trust and Google’s AI division, Deepmind, has led to several advances in algorithmic-based applications. Now 2 years on, it’s come to light that the trial may have violated privacy laws when it was given access to patient records.
On July 3, the Information Commissioner’s Office (ICO) revealed that the Royal Free NHS Trust had broken UK privacy laws when it granted DeepMind access to the health records of 1.6 million patients. Elizabeth Denham, ICO Chief, said that whilst patients could potentially benefit from the AI-enriched trial, the price of innovation should not, in any way, result in “the erosion of fundamental privacy rights.”
As detailed in The Data Protection Act 1998, there are eight basic principles of data protection. The DeepMind medical trial violated four – ensuring data is processed fairly and lawfully, ensuring that any data processed is relevant to the objective and not excessive in quantity, and ensuring that there are adequate controls in place to protect it. ICO’s investigation found that many patients weren’t even aware that their medical records were being used as part of the trial.
Since the results of the investigation, the Royal Free NHS Trust has been asked to conduct an extensive third-party audit of the trial and for the results to be shared with the ICO (and the public, should it be deemed appropriate). The Trust has also been asked to change its protocols for the handling of patient data in further trials. Whilst the Royal Free NHS Trust has accepted ICO’s findings and is making progress in addressing the points raised, they are not set to face any fines.
Whereas ICO’s findings only relate to the NHS, Google DeepMind admitted that its AI division had underestimated the complexity of NHS infrastructure. DeepMind considered it’s focus to be on tools that would benefit medical personnel rather than technology that would be held accountable. Further improvements have been made to transparency and oversight, and Google DeepMind hopes that these steps will help to improve projects moving forward.
There is a clear line between the advancement of technology and the right to privacy – it’s why there are laws woven throughout our society. But should these laws change when it comes to something with the potential to save lives? That is a question that might soon require an answer as many companies continue to focus on the power of healthcare data. Whether it’s from wearables, biometric sensors or mobile phones, we could soon be living in an age where our healthcare data isn’t so much confidential but rather a commodity.