ICO Rules Google DeepMind And Royal Free NHS Trust Data Sharing Deal Was Illegal

Data sharing between the Royal Free NHS Trust and Google’s DeepMind artificial intelligence (AI) division was illegal, according to a ruling by the Information Commissioner’s Office.

The ICO declared that a deal between the two organisations that saw the transfer of 1.6 million patient records to DeepMind without patient knowledge or approval was deemed to be a breach of the Data Protection Act.

As a result of an investigation by the ICO, Royal Free NHS Trust has been asked to sign an undertaking which commits it to acting in accordance to data protection laws with the assistance of the ICO.

DeepMind data dilemmas

The data sharing deal with the hospital trust and DeepMind had been aimed at using patient data to facilitate the creation of a smart app called Streams, which was designed to facilitate faster kidney patient diagnosis for clinicians and alert them to changes in the patients condition.

However, the deal was lambasted in an academic paper published in Health and Technology for failing to be clear over privacy and data use, which in turn helped prompt the ICO investigation, alongside complaints from the general public.

Thee ICO also took issue with how the data was shared; while sensitive patient details such as names, NHS numbers and dates of birth are sent to DeepMind as encrypted data, there was nothing in the agreement that would prevent the AI organisation from decrypting the data at a non-NHS location. As such, the ICO deemed patient privacy was further at risk and the data sharing deal was in breach of the Data Protection Act.

Information Commissioner Elizabeth Denham acknowledged that the tests Royal Free and DeepMind were carrying out with the data were worthy and had generated positive results, which some may say justifies the breach of data protection rights.

However, she noted that the shortcomings in the data sharing were avoidable, such as Royal Free carrying out an assessment of impact the data sharing had to privacy only after it had already passed the data on to DeepMind.

“The price of innovation didn’t need to be the erosion of legally ensured fundamental privacy rights.,” she said.

“I’ve every confidence the Trust can comply with the changes we’ve asked for and still continue its valuable work. This will also be true for the wider NHS as deployments of innovative technologies are considered.”

While the ICO focused  and levied blame for the breach of data protection on Royal Free, DeepMind also admitted it may have been hasty in its acceptance and use of the shared data.

“We were almost exclusively focused on building tools that nurses and doctors wanted, and thought of our work as technology for clinicians rather than something that needed to be accountable to and shaped by patients, the public and the NHS as a whole. We got that wrong, and we need to do better,” said DeepMind.

This is just as well given DeepMind has deepened its ties with the NHS further by aiming to launch a range of clinical mobile apps in partnership with Imperial College Healthcare NHS Trust.

Are you a Google expert? Take our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Bill Gates Officially Divorced From Melinda

Marriage of 27 years between Microsoft's co-founder and former CEO Bill Gates and Melinda officially…

59 mins ago

Boeing Postpones Starliner Launch Over Glitch

Test launch on Tuesday of Boeing's uncrewed Starliner astronaut capsule to the ISS has been…

3 hours ago

Nvidia Acquisition Of ARM In Doubt Over Government Concerns – Report

Worrying national security concerns for the Britsih government may reportedly scupper Nvidia's controversial acquisition of…

4 hours ago

Accelerating AI: Managing the Machines

As the Biden administration creates a national AI task force, how will AI develop over…

4 hours ago

Dropbox Data Centres Achieves 100 Percent Renewable Energy Goal

Going green. Dropbox achieves a lower carbon footprint with news its data centres now run…

20 hours ago

UK Considers Response After Fatal Drone Strike – Report

After Iranian drone strike on Israeli ship kills a Briton and a Romanian sailor, UK…

22 hours ago