Richard Smith: Selling your personal data

Richard Smith“The government wants to sell our personal data to the highest bidder, and it stinks,” said somebody, making her position very clear, at a meeting at the House of Commons organised by the Industry and Parliament Trust on making anonymised NHS data widely available. (I can’t tell you who made the statement as the meeting was under Chatham House rules.) David Cameron, who wasn’t at the meeting, takes a much more positive view, arguing that making data available will make “every patient a research patient.” It should also give a boost to British industry and science, which may interest him more.

Nobody objected to making data available if patients give fully informed consent, but what is proposed at the moment is an “opt out” system, meaning that your anonymised data would be for sale unless you specifically said no. Opting out is not acceptable to some because it depends on misunderstanding, ignorance, and apathy. Some people, probably not many, who would not have opted in will find their data sold because they did not manage to opt out, perhaps because they weren’t aware of what was happening.

It may be that opt out systems are illegal—because European Law insists that consent must be “free, informed, and specific.” These words do not appear in English law on data protection, but, said a lawyer, European law automatically takes precedent over English law—so a legal challenge might be successful. The stern critic said that she was sure that an opt out system was “unethical, immoral, and unlawful.”

But, said a professor, systems of opting in dramatically reduce the value of datasets because outliers are lost and critical mass is not achieved.

Then anonymisation is an issue—because it may not be easy to achieve. One legislator said that he couldn’t understand why anybody should object to their data being made available if it couldn’t possibly be linked to them. Some might object, I suggested, because they saw failing to seek consent as an abuse in itself. But might a data set that includes, for example, age and disease, allow breaches of confidentiality. I thought of one of the first papers on new variant CJD that allowed the identification of an Indian woman as having eaten meat, an unacceptable act within her community.

Trust in doctors, said the professor who uses a panel to measure public opinion, is at its lowest level ever and falling rapidly. (He also said intriguingly that trust falls as you go further north. I don’t think that he included Scotland in this statement.) This is thus not a good time to be selling peoples’ data,  and, continued the professor, what are data to researchers are stories to patients—and people feel that they are losing control of their stories. People also see loss of data as a big problem and are “wholly negative” about their data being sold to make profits.

Nevertheless, most people, and especially young people, are comfortable with anonymised data being released if it means better drugs and treatments. And certainly most of those at the meeting, which included legislators from both the commons and the lords, supported the idea, although one legislator said that there should be a “quid pro quo” in that if people allowed their data to be used they ought to have access to better data on the performance of doctors, hospitals, and GP practices.

A television journalist at the meeting made the point that people making television programmes had to get consent from everybody on film but that news and current affairs programmes were exempt—because the public interest in the story outweighed the possible harm that might arise from, for example, an adulterer being inadvertently exposed. So the utilitarian argument supports making anoymised data widely available if they will produce more public good than harm.

What is clear, said the chair of the meeting summing up, is that the issue is emotive. With skilful handling the government should be able to make anonymised data available, but a determined campaign by a newspaper or a high profile loss of data could block the whole enterprise.

Richard Smith was the editor of the BMJ until 2004 and is director of the United Health Group’s chronic disease initiative.

Competing interest. RS was at the meeting wearing his hat as chair of Patients Know Best and got a free dinner and a few glasses of (moderate) red wine.

  • I am concerned with the momentum which has gathered behind this initiative.

    It is clear that a large base of medical records would be of great value to the global pharmaceutical industry. I am less clear how this benefits the public good. To equate the benefits to international corporations with the good of individuals in the UK is problematic. Unfortunately Amazon, Google et al have exemplified these issues rather starkly. The large Pharmas objectives are to maximise share holder value not to maximise the well being of the UK residents who are providing free resources to the companies.

    Of course the two may not be mutually exclusive, but there is a long way to go in the current climate to convince the UK population that this is the case.

    My other concern is with data use. Data collected for one purpose may not be fit for another and will give misleading results. Secondly if an individual gives permission for data to be held for medical treatment it is unreasonable to use that data for other purposes without obtaining express permission. Finally it is virtually impossible to fully anonymise large data sets, so intrusion into that most private of data, our medical records, would be inevitable.

    It is clear that a fully informed public debate on this matter is needed.

  • Seems like you guys have a more effective system for medical data sharing then we do in the US. I was listening to a TED Talk about how to solve this issue the other day–that data is so crucial. I think if the Brits just ran a commercial to raise public awareness around the fact that this rule was now in place, no. 1 you could say in good faith that people knew their rights around this issue and no. 2 almost no one would opt out Here’s the TED Talk I was referring to:

  • A great post. I’ve never really understood why anonymised health
    data should be treated any differently to anonymised crime and census data which is already made available for the greater good.

  • Sally

    I have a real problem with this idea. Patient data is protected by data protection laws and it is easy to make the assumption that personal patient information would be divorced from data sets. Given the number of ‘lost’ memory sticks, laptops and other data storage devices, it only takes one weak link in the whole chain for a huge number of patients to have their privacy violated. Brian Parkinson makes several valid points, not least of which is providing free resources of information to pharmaceutical companies who have no incentive beyond their balance sheets.

    My other concern is the opt out process. I assume that all NHS patients will be individually and personally notified about this option and will be given opt out details in clear English, as were patients notified by their GP’s surgeries regards the Patient Electronic Records System (the SPINE). In my case, I had to inform my GP’s surgery of their obligation to give patients the option to opt out of the SPINE, and I did so. I was mortified to later learn that my medical records were actually uploaded to the Patient Electronic Records System despite my GP’s surgery having my opt out letter on file and making note of its receipt in my medical records.

    Perhaps it is true that a fully informed public debate on this matter is needed. But the UK is not a democracy and public debate has never altered those in Downing Street from their chosen course.