The report warns that if people's preferences and values are not taken into account and are instead picked by government elites, projects that could deliver significant public good may continue to be challenged and fail to secure public confidence. Recent health data projects, such as care.data, 100K Genomes, UK Biobank and the Scottish Informatics Programme (SHIP) have each, in their own way, raised ethical questions surrounding the use of data. The report recommends the introduction of criminal penalties for misuse of data.
The report addresses issues of privacy and public interest and how developments in data science have put considerable pressure on conventional means of protecting privacy, including privacy rights, data protection and duties of confidence. It concludes that good governance that involves public participation and accountability is essential to maintain public trust.
"We now generate more health and biological data than ever before. This includes GP records, laboratory tests, clinical trials and health apps, and it is becoming easier and cheaper to collect, store and analyse this data," says Professor Martin Richards, Chair of the Nuffield Council on Bioethics Working Party and Emeritus Professor of Family Research at the University of Cambridge. "There is a strong public interest in the responsible use of data to generate knowledge, drive innovation and improve health. However, people understandably have concerns about their privacy. If we don't get this right, we risk losing public trust in research, and ultimately missing out on the benefits this type of research can bring."
Opportunities and risks
The use of data offers significant opportunities to generate knowledge, drive innovation and improve health. However, the report finds that the possible harms of data misuse are poorly understood and many are not recognised under UK regulation. For instance, there is the distress caused by a loss of privacy; loss of trust in the medical profession; and, if data are not shared appropriately within health services, people might receive poorer care.
Among a number of recommendations, the report says that health authorities should track how data are used; that people should be told if and when there have been breaches of data security; and recommends the introduction of robust penalties, including imprisonment, for the deliberate misuse of data, whether or not it results in harm to individuals.
As well as the protections offered under the UK Data Protection Law and the Human Rights Act, data projects typically use one of two approaches to protect the privacy of individuals: they either seek individuals' consent to use data; or they de-identify data to make them anonymous.
The report argues that as data sets are increasingly linked or re-used in different contexts to generate new information, it becomes increasingly difficult to prevent the re-identification of individuals. On its own, consent cannot protect individuals from the potentially harmful consequences of data misuse, nor does it ensure that all their interests are protected. Therefore, good governance is essential to ensure that systems are designed to meet people's reasonable expectations about how their data will be used, including their expectations about a sufficient level of protection.
Professor Michael Parker, Member of the Nuffield Council on Bioethics Working Party and Professor of Bioethics and Director of the Ethox Centre, University of Oxford, says: "Compliance with the law is not enough to guarantee that a particular use of data is morally acceptable - clearly not everything that can be done should be done. Whilst there can be no one-size-fits-all solution, people should have say in how their data are used, by whom and for what purposes, so that the terms of any project respect the preferences and expectations of all involved."
Private and public interests
The use of data involves negotiating a complex range of interests - we all have a personal interest in protecting our privacy and promoting the public good, but there is also a public interest in respecting individual privacy and promoting the public good.
Decisions informed by the use of data can affect how people are treated. The report argues that decisions about the use of data are social choices that will involve a number of different people including regulators, commercial firms, doctors, researchers, patients and the wider public. Each will bring their own preferences and expectations about how data should be used. An inclusive process of deliberation will help identify the best approach in each data project.
The report makes a number of recommendations including that any data project should produce a clear, public statement about how data will be used, who will have access to it, and should continue to report on how it has, in fact, been used.
"Data is increasingly seen as a commodity to exploit and there are often strong political, economic or scientific interests that try to set the terms of a data project prior to any wider public debate", says Dr Susan Wallace, Member of the Nuffield Council on Bioethics Working Party and Lecturer of Population and Public Health Sciences, University of Leicester. "We say that any data project should first take steps to find out how people expect their data to be used and engage with those expectations through a process of continued participation and review."
The collection, linking and use of data in biomedical research and health care: ethical issues report was produced by an expert Working Party. In coming to its conclusions, the Working Party invited contributions from a wide range of people, including by holding an open consultation that ran from October 2013 to January 2014. Responses to the consultation will be available alongside the report on the Council's website once the embargo liftshttp://nuffieldbioethics.org/project/biological-health-data/
Members of the Working Party were appointed for their personal knowledge and expertise, and do not necessarily represent the views of their organizations.
Martin Richards (Chair)
Emeritus Professor of Family Research, University of Cambridge (Chair)
Professor of Security Engineering, University of Cambridge
Former Head of Information Governance and Group Caldicott Guardian for the Bupa Group (retired December 2013)
Professor of Health, Law and Policy, Nuffield Department of Population Health and Director of the Centre for Law, Health and Emerging Technologies, University of Oxford
Member of the Nuffield Council on Bioethics, Consultant Clinical Geneticist and Professor of Clinical Genetics, University of Southampton
Edmond and Lily Safra Professor of Translational Neuroscience and Therapeutics and Head, Division of Brain Sciences, Department of Medicine, Imperial College London
Professor of Bioethics and Director of the Ethox Centre, University of Oxford
Member of advisory panels for medicines and research, including UK Biobank EGC
Member of the Nuffield Council on Bioethics, science writer and broadcaster
Lecturer of Population and Public Health Sciences, University of Leicester
Executive Director, Pistoia Alliance and Programme Coordinator, PRISME Forum