The chief executive of the UK Biobank, one of the world’s largest biomedical databases, recently wrote to over 500,000 participants telling them that some of their data had been made available for sale online through a Chinese website. This wasn’t a data breach or hack, but rather researchers who had legitimately accessed the data trying to sell it.
Although it was stated that participants could not be identified, and there was no sign that the data had actually been bought by anyone, the fact that someone could even try to sell parts of the dataset is extremely concerning. Unfortunately, the failure was unlikely to be in the protection set up by the biobank itself, but rather in the honesty of the researchers accessing the data.
This raises the wider question of whether data – any data – can ever really be protected. Many databases, including the UK Biobank, operate secure research environments where restrictions are put on those accessing the information. This can be through secure computer portals or platforms (as used by the UK Biobank), or limiting researchers to only downloading the results of their analyses rather than the raw data itself.
But the problem is that once data exists, there is always a chance that it can be leaked through either accident or dishonesty. Legal restrictions, such as data protection laws, can give power to police or governments to try to stop this happening, or to subsequently prosecute. But in a world of international computer networks, and very different national views on privacy, even laws can only do so much. For instance, it has been claimed that data has been exposed accidentally from the UK Biobank 198 times before.
If this isn’t bad enough, the increasing availability of sophisticated AI tools means that even anonymised data can be de-anonymised. This is because AI tools are able to find complex patterns or links in data that no human would ever be able to discover.
So what is the answer? Do we revert to using pen, paper and filing cabinets, or do we need to keep evolving the way we think about our data and its security?
Harms v benefits
Possibly the main fear that people have with their data being made widely available is becoming the victim of fraud, bribery or perhaps a commercial organisation using it to make large profits or using it in other ways that we would not approve of. But the possibility of this depends on the type of data.
For instance, there are very clear reasons to keep data on personal finances, telephone records, or many other details about our personal lives confidential. However, when considering health data, including the types held in biobanks, does the potential for significant societal benefits change the way we think about risks and harms?
Medical confidentiality is considered a human right, certainly in Europe and the UK. This is because of the possibility of coercing or manipulating people if you have inside knowledge about their health. Doing this for nefarious gain is clearly wrong and must remain illegal.
Giving health data access to insurers or employers is less clear cut. While we all accept that their business practices mean that they do need to know a certain amount of information about us, many people feel uncomfortable with the idea of giving companies all of our healthcare information. This is where data protection laws come in that limit what and how commercial organisations use our data, albeit such laws require ongoing scrutiny as they are not always as effective as we may like.
However, looking beyond the individual, the real value of health data is at a group level. Humans are complex both biologically and psychologically, meaning that researchers need to look across a lot of people before patterns start to emerge. So how can this be balanced with personal privacy?
Veil of ignorance
The philosopher John Rawls proposed a thought experiment for considering issues of justice and society. His idea was to suggest people adopt a “veil of ignorance” by trying to forget their own personal position – including, race, gender, class, intelligence and health – when thinking about what might be best for society. So what would adopting a veil of ignorance mean when considering health data?
Aggregating health data is certainly not a new idea, and is the reason why organisations like UK Biobank exist, which to date has resulted in more than 18,000 research publications. So from the position of a veil of ignorance, the more data from the more individuals the better, as it does seem to lead to more research possibilities.
Second, research is very complex and now involves a wide range of disciplines, individuals and skills. Data from the UK Biobank has been used by 22,000 researchers in more than 60 countries. Again, from the veil of ignorance position, making data freely available to the widest range of researchers seems to be a good thing as the more people looking at it, in different ways, the higher the likelihood of discovering something useful.
Of course, safeguards do need to be in place to stop information being shared too widely, but these safeguards are becoming harder to implement as data processing software and AI is making it increasingly easy to identify individuals from otherwise “anonymous” data. Perhaps the issue is therefore focusing efforts less on controlling the availability of data, and instead increasing our focus on controlling how it is subsequently used.
This latest incident, alongside the wider context of daily cyber-attacks and leaks from other databases, seems to show that sooner or later most attempts at protecting data will fail. As a consequence, rather than trying to protect data, maybe we should start to accept that this type of data could now be considered a type of public good.
As with other public goods, the ethical obligation is to ensure how they are used. Yes, this may mean that commercial organisations, or even foreign governments, could use our data in ways we may not individually approve of, but disapproval of the actions of companies or other countries is hardly a new thing.
Political and international agreements regulate how all sorts of resources are used, and health data should now be included. Similarly, laws already exist to dictate what businesses can and can’t do with data.
It could be argued that if the potential benefits of fully open data sharing are truly enormous, and this incident among many others has shown we cannot protect such datasets, maybe we need to stop focusing on the futile task of trying to protect the data, and instead focus on working out how to ensure it is used in the right way.
Comments are closed.