Royal Free hospital breached data protection in deal with Google's DeepMind
London's Royal Free hospital broke data protection laws when a deal was signed with Google's DeepMind to hand over 1.6million patient records, according to the Information Commissioner's Office.
As a result, the partnership created a healthcare app called Streams, which is a detection system for acute kidney injury. Patients were not made aware that their data was being used to test the app as the investigation found "a number of shortcomings" in the deal.
Elizabeth Denham, the information commissioner, said that the Trust "could and should have been far more transparent with patients as to what was happening."
However, the Trust and DeepMind have been allowed to continue in their development of the app and have welcomed a co-operative solution.
In a statement, the hospital commented: "This app is helping us to get the fastest treatment to our most vulnerable patients - potentially saving lives - so we are pleased the information commissioner has allowed us to continue using the app."
"We accept the ICO’s findings and have already made good progress to address the areas where they have concerns.
"We will also be keeping our patients informed about how their data is used and would like to reassure them that their information has been in our control at all times."
- RELATED STORIES
- Google is facing a €1bn fine from the EU over market dominance claims
- Waymo strikes deal for Avis to manage autonomous cars fleet
- New South Wales to revolutionize healthcare system with digital infrastructure
DeepMind has escaped criticism from the ICO as the Trust was viewed as the "data controller" whilst Google's AI company was merely seen as a processor. Therefore, the responsibility of data protection fell to the hospital.
The London-based firm did comment on a "thoughtful resolution" in a blog post and admitted that they needed to "reflect on [DeepMind's] own actions, as we underestimated the complexity of the NHS and the rules around patient data."
"We got that wrong. We need to do better."
Streams is an instant messaging app that is used to help detect warning signs of diseases like sepsis when a doctor or nurse can't get to the patient in time.
The app reviews test results before sending any information that may be needed to a clinician so they can make an immediate diagnosis.
China Takes Additional Step to Control Big Tech’s Data
China’s new Data Security Law will take effect on September 1st, allowing the government major control over the collection, use, and transmission of data. Tech companies have grown exponentially in terms of market size and overall power, and the Chinese government has no interest in alternative power hubs—especially those that belong to private enterprise.
With its Thursday legislation, companies will face extravagant fines if they export data outside of China without authorisation. The Chinese government claims that this will create a legal framework and help companies from taking advantage of citizens, but according to analyst Ryan Fedasiuk from Georgetown University’s Centre for Security and Emerging Technology, “China’s push for data privacy...is yet another move to strengthen the role of the government and the party vis-à-vis tech companies.”
How Do Other Countries Approach Data Privacy?
- Europe: The EU Charter of Fundamental Rights assures EU citizens the right to data protection. The bloc’s General Data Protection Regulation (GDPR), passed in May of 2018, put stringent restrictions on commercial data collection.
- Canada: 28 federal, provincial, and territorial laws govern consumer data privacy; DLA Piper ranks the country’s data protection legislation as heavy, in comparison to Russia (medium) and India (limited).
- The United States: As usual, the States doesn’t have a single comprehensive federal law for data privacy. Instead, its lawmakers have passed hundreds of local and state acts, many of which are seen by the Federal Trade Commission (FTC).
China, in contrast, thinks data should be a national asset and has written data collection into its five-year plan. Although its new legislation will help curtail private access to consumer data, the government may be the final beneficiary.
What Will China Do With the Data?
According to advisors, consumer data can mitigate financial crises and viral outbreaks. It can protect the interest of national security—no surprise—and help the government with criminal surveillance. Right now, Chinese regulators have summoned 13 major tech firms, including Tencent, JD.com, Meituan, and ByteDance, to meet with China’s central bank. Communist Party Chief President Xi Jinping can shut down any companies found violating the new privacy laws, as well as hit them with a fine of up to 10 million yuan—US$1.6mn.
How Will Laws Affect Foreign Firms?
Now, foreign firms must store data on Chinese soil, a practice that many companies protest will infringe on their proprietary data. So far, Tesla will comply: in late May, the electric car manufacturer promised to build more Chinese factories and keep the resulting information within Chinese borders. In fact, businesses hoping to start China-based businesses—such as Citigroup and BlackRock—will have to comply with the “data-localisation laws”.
The Chinese government has framed data as a critical source of intelligence for the party and central government. “You have the most sufficient data, then you can make the most objective and accurate analyses”, Mr Xi told Tencent’s founder, Mr Ma. “The...suggestions to the government in this regard are very valuable”.
Greater digital control is coming, that’s for sure. Mr Xi has named big data as an essential part of China’s economy, right up there with land and labour. “Whoever controls data will have the initiative”.