fbpx

0151 459 5850

Search
Close this search box.

DeepMind Data Breach

THIS ACTION IS NOW CLOSED

In 2015, DeepMind Technologies entered a data sharing arrangement with the NHS for patient data. This data was then used illegally, with 1.6 million patients affected by this privacy violation. This page explains how this breach happened. 

The DeepMind Data Breach

The Royal Free NHS Foundation Trust shared the personal data of patients with AI company Google DeepMind. The transfer of data was done to test a new medical app (called Streams). But the use of data by Google DeepMind eroded patient rights and breached the Data Protection Act (DPA).

Patients who attended The Royal Free Hospital, Barnet Hospital or Chase Farm Hospital between 2010- 2016 might have had their data privacy rights breached. In total, 1.6 million people may have been affected.

The ICO's Investigation

According to an investigation by the UK’s data protection watchdog (the ICO), there were several failings in the processing of patient records. The then  Information Commissioner, Elizabeth Denham, said that lessons should be learnt from this case.

  • Patients were not adequately informed that their data would be used as part of the test
  • Patient data was identifiable and not anonymised
  • Patients could not object to how their data was being used
  • Patients could not opt-out of the trial
  • The number of patient records shared was excessive, unnecessary, and out of proportion.

Deep concerns over medical data sharing

Many people are happy for their data to be used to improve patient care and make clinical advancements. But laws exist to ensure this is done in a way that does not harm patients. People should also be told how their records will be shared and be asked for their consent.

Despite these laws, there are real worries about how medical data is being used (and might be used in the future). For example, what would happen if an insurance company got hold of your medical data and increased your life insurance premium or refused you cover?

  • According to the Financial Times, the NHS has shared a wealth of data with 43 commercial businesses. Organisations that received this data include the world’s largest management consultancy, pharmaceutical groups, and data companies.
  • Government plans to pool and share the NHS data of 55 million patients raised concerns. Not least because, rather than opting into the scheme, people in England had to opt-out. If they did not, it is no longer possible to remove their information from the new database
  • Data about millions of NHS patients has been sold to the US according to The Guardian newspaper.

Were you affected by the Google DeepMind data protection failure?

Anyone who attended The Royal Free Hospital, Barnet Hospital or Chase Farm Hospital between 2010- 2016 could have been affected by this data violation.

 

What personal data was shared with Google DeepMind

Admissions, discharge and transfer data, accident and emergency, pathology and radiology, and critical care data were all passed to Google DeepMind.

This sensitive patient data included details such as whether patients had been diagnosed with HIV, suffered from depression, or had ever undergone an abortion.

This information was not anonymised.

What does the law say?

Any organisation can apply for access to NHS patient data, but there are strict controls on how companies can use this information. For example, personally identifiable patient data (anything that can be used to identify you) can only be shared if there is a health benefit. Personal data must also be processed under the UK’s data protection laws.

Despite this, questions remain about who our medical records are being shared with and why. There are also concerns about what happens to our patient data when it leaves the NHS.

DeepMind Data Protection Breach Timeline

  • 2010
    British artificial intelligence (AI) company DeepMind Technologies is founded.
  • 2014
    Google buys DeepMind for $500 million. As part of this deal, Google agrees to set up an ethics and safety board to ensure that AI technology is not abused. Questions are subsequently raised after DeepMind refuses to say who is on the board, or even confirm whether it has officially met.
  • 2010-2016
    The Royal Free NHS Foundation Trust shares the personal data of patients with Google DeepMind to test an alerting system for acute kidney injury.
  • 2018
    DeepMind announces that its health division and the Streams app will be absorbed into Google Health.

Recent awards, shortlistings, and listings

KP Law has some of the most skilled data breach lawyers in England and Wales. Here are just some of our success stories.

Previous
Next
Read more about our success and recognition
CONTACT US
  • 0151 459 5850
  • enquiries@kpl.co.uk
  • 316 - 319 Cotton Exchange Old Hall Street, Liverpool, L3 9LQ
  • 81 Chancery Lane, London, WC2A 1DD
  • Two Snowhill, Birmingham, B4 6GA
  • 3 Hardman Square, Spinningfields, Manchester, M3 3EB
USEFUL LINKS
START A CLAIM

KP Law is a founding member of the Collective Redress Lawyers Association (CORLA). CORLA aims to improve access to justice for claimants by way of collective redress.  

FOLLOW US
Facebook Linkedin

Disclaimer | Privacy Policy | Cookies |  Complaints | Equality & Diversity