Google DeepMind, Royal Free London rapped for patient data sharing
Occurred: April 2016
Report incident 🔥 | Improve page 💁 | Access database 🔢
Google's DeepMind AI unit and the Royal Free London NHS Foundation Trust shared sensitive data, including mental health records and HIV diagnosis, of 1.6 million patients.
In 2015, Google’s AI firm DeepMind was given the personal records of 1.6 million patients at the Royal Free London NHS Foundation Trust to help create Streams, an alert, diagnosis, and detection system that could spot when patients were at risk of developing acute kidney injury.
However, the deal was the focus of public outrage following a New Scientist report that vast amounts of data had been accessed by DeepMind.
The incident raised questions about Google/Deepmind ethics and the legality of its actions.
➕ May 2016. The New Scientist revealed that Deepmind had failed to secure approval from the Confidentiality Advisory Group of the Medicines and Healthcare Products Regulatory Agency.
➕ July 2017. The UK Information Commissioner's Office ruled that the Royal Free hospital had failed to comply with the UK Data Protection Act when it shared the data, though it did not issue a fine on the basis that there was a lack of guidance for the sector.
➕ September 2021. Law firm Mishcon de Reya announced it was to bring a class action lawsuit against Google on behalf of the 1.6 million individuals whose medical records were shared.
➕ October 2021. DeepMind apologised and stated that it had focused on building tools for clinicians, rather than considering how the project should have been shaped by the needs of patients.
➕ May 2022. The action was later discontinued and resurrected as a legal action against Google for using the NHS data of 1.6 million Britons 'without their knowledge or consent'.
➕ May 2023. Mischon de Reya's lawsuit was again (pdf) dismissed.
System 🤖
Streams
Documents 📃
Royal Free London (2019). Information Commissioner’s Office (ICO) investigation
Royal Free London (2018). Royal Free London publishes audit into Streams app
Google Deepmind (2018). Scaling Streams with Google
Google Deepmind (2017). The Information Commissioner, the Royal Free, and what we’ve learned
Operator: Royal Free London NHS Foundation Trust
Developer: Alphabet/Google/Deepmind; NHS
Country: UK
Sector: Health
Technology: Prediction algorithm
Purpose: Detect & predict acute kidney disease
Issue: Accountability; Privacy; Security; Transparency
Legal, regulatory 👩🏼⚖️
Prismall v Google (pdf)
Mishcon (2022). New claim against Google and DeepMind Technologies for unauthorised use of confidential medical records
Litigation Capital Management (2022). Litigation Finance Agreement for new representative claim against Google and DeepMind Technologies
UK Information Commissioner's Office (2017). Royal Free London undertaking (pdf)
UK Information Commissioner's Office (2017). ICO letter to Royal Free London (pdf)
Investigations, assessments, audits 🧐
Linklaters (2018). Audit of the acute kidney injury detection system known as Streams (pdf)
Research, advocacy 🧮
Shaping AI - University of Warwick (2023). Shifting AI controversies (pdf)
Powls P., Hodson H. (2017). Google DeepMind and healthcare in an age of algorithms
News, commentary, analysis 🗞️
https://www.digitalhealth.net/2016/11/google-deepmind-and-royal-free-in-five-year-deal/
https://www.insider.com/nhs-discloses-how-much-its-paying-google-deepmind-2017-6
https://uk.news.yahoo.com/uk-class-action-style-suit-150419945.html
https://techcrunch.com/2022/05/16/google-deepmind-nhs-misuse-of-private-data-lawsuit
Page info
Type: Incident
Published: November 2021
Last updated: June 2024