Editorial: Continuous consent to,or discreet control over,sharing digital data?

Computer technology has provided new opportunities for science and for health. At the same time as promising powerful analysis of big datasets, it provides new ways of personalizing healthcare. It thus seems to benefit each and every one. However, there is a recurring issue of privacy which cannot easily be resolved without compromising one or other sets of interests above.

Policy-makers for the English Department of Health have recently come at this problem from two directions. To foster science and innovation, they proposed to share identifiable health data with researchers through a scheme called care.data (NHS England, 2015). However, the proposal stalled last year after the UK government concluded that the public had not been adequately informed about it so failed to meet the first traditional data protection principle of ‘fair processing’ or transparency of use. Failure to inform meant that the opportunity to opt out of the scheme was meaningless.

Far from abandoning the proposal, the possibilities of adopting digital technology have seemingly become more attractive for the individual patient, with the promise of online access to one’s own records by 2018 and an increase in personalized facilities, of which there is no opportunity to opt out (HM Government, 2014). However, the compulsory benefits of online access do nothing to protect the privacy interests of patients against unauthorized use of their personal data.

There are now two points of increasing concern for privacy advocates: one is familiar, and the other seemingly new and prompted by the recent rise of telemedicine and remote monitoring.

Firstly, by not opting out of the scheme, care.data, one would have to accept all uses of one’s personal data (limited only by the nominated intermediary, the National Health and Social Care Information Centre or HSCIC). Anticipated European regulations are thought to threaten this position on two fronts (European Commission, 2012). The Commission does not approve of researchers benefiting by default at the expense of patients’ active and expressed engagement. In any case, the Commission is uncomfortable with the notion that any active consent can be so general or ‘broad’ as to cover all research endeavour without violating implicit social norms and personal expectations (or without becoming a hostage to the evolving arrangements of the HSCIC). For example, HSCIC is already allowing researchers (some from industry) to access some personal records obtained from hospital settings and from primary care under the Health and Social Care Act 2012 (although not yet through care.data). However, to insist on patients authorizing each and every person’s specific use of their personal data (by opting in rather than opting out), there is a pragmatic limit on what researchers might ask of patients.

Secondly, the now ubiquitous adoption of mobile devices, along with the increasing use of telemedicine, presents privacy purists (of which the European Commission may be one) with further difficulty. Personal data, such as blood pressure, can now be processed continuously and remotely in real time, which makes expressed and specific consent (opting in to a use) a conceptual as well as a pragmatic challenge. We might try conceptually to shoehorn continuous permission from patients, seemingly required to protect privacy in light of these technologies, into the traditional discrete expressed consent (opt in) with a continuous opportunity to withdraw (or opt out). There may only be one time period within which the patient may want to keep her activity private. This could include data associated with stress of a particular activity, e.g. increase in blood pressure. However, as data collection may happen in real time, the burden of planning ahead to protect privacy would lie with the patient to opt out beforehand; depending on the technology, withdrawing may not be as easy as pressing the off button. And then there is the business of opting back in afterwards. Additionally, many mobile devices and online services do not provide users with any choice at all over processing their digital data, making it difficult to see how to harness such technological power without abandoning all pretence to protecting privacy (Landau, 2015).

We therefore need to avoid both wasting technological opportunities for science and the patient in a new digital world, and losing privacy altogether, perhaps legislating separately for any ensuing discrimination against other human rights or critical interests. With this in mind, the UK government has sought to foster public trust in its wider research activities. A National Data Guardian has recently been appointed (in addition to the regulator under Data Protection legislation), and identifiable patient data are shared by researchers only within more or less technologically secure and socially accredited environments or ‘safe havens’ (Academy of Medical Sciences, 2014). Such measures, however, may not be nearly enough to safeguard the public interest. As Landau points out, new technologies could be the answer, e.g. the system (accountable http), developed at MIT, allows individuals not only to track who is using their data and for what purposes but also to place restrictions on access (Landau, 2015). A similar, yet technologically less sophisticated, system is being used in the UK by researchers of the Rare UK Bone, Joint and Blood Vessel Study (RUDY). Patients are offered many layers of control over who has access to their data and their tissue samples by logging onto the trial website and tracking all requests for access. At the same time, researchers are aware that the system only works while the patients’ trust is maintained (Couzin-Frankel, 2015). It is then incumbent on them to use the data wisely.