Jeon Heon-Kyun | Getty Images
Demis Hassabis, co-founder of Google’s artificial intelligence (AI) startup DeepMind.
The Information Commissioner’s Office (ICO), which is the U.K.’s data protection watchdog, launched its probe into the DeepMind-NHS deal in May 2016. On Monday, the ICO released its conclusion and found that the agreement “failed to comply with data protection law”.
“Our investigation found a number of shortcomings in the way patient records were shared for this trial. Patients would not have reasonably expected their information to have been used in this way, and the Trust could and should have been far more transparent with patients as to what was happening,” Information Commissioner Elizabeth Denham said in a statement.
“We’ve asked the Trust to commit to making changes that will address those shortcomings, and their co-operation is welcome. The Data Protection Act is not a barrier to innovation, but it does need to be considered wherever people’s data is being used.”
In essence, the ICO has taken issue with the fact that patients were not informed about how their data would be used.
“The processing of patient records by DeepMind significantly differs from what data subjects might reasonably have expected to happen to their data when presenting at the Royal Free for treatment,” the ICO’s letter to the Trust said.
“For example, a patient presenting at accident and emergency within the last five years to receive treatment or a person who engages with radiology services and who has had little or no prior engagement with the Trust would not reasonably expect their data to be accessible to a third party for the testing of a new mobile application, however positive the aims of that application may be.”