Google DeepMind, Royal Free London NHS data sharing

Released: 2016

Can you improve this page?
Share your insights with us

Google's DeepMind AI unit and the Royal Free London NHS Foundation Trust are sharing sensitive data, including mental health records and HIV diagnosis, of 1.6 million patients, according to the New Scientist

The patient records had been used to create, test and run Streams, a diagnosis and detection system initially developed by the NHS and wrapped into a Deepmind smartphone app that detects when patients are at risk of developing acute kidney injury.

The New Scientist later revealed that the two parties had failed to secure approval from the Confidentiality Advisory Group of the Medicines and Healthcare Products Regulatory Agency. 

The reports prompted a furore about patient privacy and data security.

Regulatory, legal actions

In July 2017, the UK Information Commissioner's Office ruled that the Royal Free hospital had failed to comply with the UK Data Protection Act when it shared the data, though it did not issue a fine on the basis that there was a lack of guidance for the sector. 

Law firm Mishcon de Reya announced it was to bring a class action lawsuit against Google on behalf of the 1.6 million individuals whose medical records were shared in September 2021. 

The action was later discontinued and resurrected in May 2022 as a legal action against Google for using the NHS data of 1.6 million Britons 'without their knowledge or consent'. The case was again (pdf) dismissed in May 2023.

Operator: Royal Free London NHS Foundation Trust
Developer: Alphabet/Google/Deepmind; NHS
Country: UK
Sector: Health
Technology: Prediction algorithm
Purpose: Detect & predict acute kidney disease
Issue: Privacy; Security; Ethics
Transparency: Governance; Black box; Privacy


Legal, regulatory

Research, advocacy

Investigations, assessments, audits

News, commentary, analysis

Page info
Type: System
Published: November 2021
Last updated: May 2023