Towards responsible, lawful and ethical data processing: patient data in the UK

Tess Johnson; Konrad Kollnig; Pierre Dewitte

doi:10.14763/2022.1.1638

Towards responsible, lawful and ethical data processing: patient data in the UK

Tess Johnson^*, Konrad Kollnig, Pierre Dewitte

^*Corresponding author for this work

Research output: Contribution to journal › Article › Academic › peer-review

Abstract

In May 2021, the UK National Health Service (NHS) proposed a scheme—called General Practice Data for Planning Research (GPDPR)—for sharing patients’ data. Under that system, a patient who does not wish to participate must actively opt out of their data being shared with third parties for research and other purposes. In this paper, we analyse the lessons that can be learned for the responsible and ethical governance of health data from the NHS’ new scheme. More specifically, we explore the extent to which the opt-out within the planned scheme complies with the requirements stemming from the General Data Protection Regulation (GDPR), particularly in relation to the principles of lawfulness and transparency. We then evaluate, from an ethical perspective, this opt-out ‘nudge’ and whether it is sufficiently resistible, reversible, and has appropriate goals. In light of the above, we then propose improvements for the scheme’s legal and ethical acceptability.

Original language	English
Pages (from-to)	1-25
Number of pages	25
Journal	Internet Policy Review
Volume	11
Issue number	1
DOIs	https://doi.org/10.14763/2022.1.1638
Publication status	Published - 2022
Externally published	Yes

Keywords

Big data
Data protection
Ethics
Health
United Kingdom

Access to Document

10.14763/2022.1.1638Licence: CC BY

Cite this

@article{22bdf623ab954d7f8e748cb3b18277eb,

title = "Towards responsible, lawful and ethical data processing: patient data in the UK",

abstract = "In May 2021, the UK National Health Service (NHS) proposed a scheme—called General Practice Data for Planning Research (GPDPR)—for sharing patients{\textquoteright} data. Under that system, a patient who does not wish to participate must actively opt out of their data being shared with third parties for research and other purposes. In this paper, we analyse the lessons that can be learned for the responsible and ethical governance of health data from the NHS{\textquoteright} new scheme. More specifically, we explore the extent to which the opt-out within the planned scheme complies with the requirements stemming from the General Data Protection Regulation (GDPR), particularly in relation to the principles of lawfulness and transparency. We then evaluate, from an ethical perspective, this opt-out {\textquoteleft}nudge{\textquoteright} and whether it is sufficiently resistible, reversible, and has appropriate goals. In light of the above, we then propose improvements for the scheme{\textquoteright}s legal and ethical acceptability.",

keywords = "Big data, Data protection, Ethics, Health, United Kingdom",

author = "Tess Johnson and Konrad Kollnig and Pierre Dewitte",

year = "2022",

doi = "10.14763/2022.1.1638",

language = "English",

volume = "11",

pages = "1--25",

journal = "Internet Policy Review",

issn = "2197-6775",

publisher = "Alexander von Humboldt Institut f{\"u}r Internet und Gesellschaft",

number = "1",

}

TY - JOUR

T1 - Towards responsible, lawful and ethical data processing

T2 - patient data in the UK

AU - Johnson, Tess

AU - Kollnig, Konrad

AU - Dewitte, Pierre

PY - 2022

Y1 - 2022

N2 - In May 2021, the UK National Health Service (NHS) proposed a scheme—called General Practice Data for Planning Research (GPDPR)—for sharing patients’ data. Under that system, a patient who does not wish to participate must actively opt out of their data being shared with third parties for research and other purposes. In this paper, we analyse the lessons that can be learned for the responsible and ethical governance of health data from the NHS’ new scheme. More specifically, we explore the extent to which the opt-out within the planned scheme complies with the requirements stemming from the General Data Protection Regulation (GDPR), particularly in relation to the principles of lawfulness and transparency. We then evaluate, from an ethical perspective, this opt-out ‘nudge’ and whether it is sufficiently resistible, reversible, and has appropriate goals. In light of the above, we then propose improvements for the scheme’s legal and ethical acceptability.

AB - In May 2021, the UK National Health Service (NHS) proposed a scheme—called General Practice Data for Planning Research (GPDPR)—for sharing patients’ data. Under that system, a patient who does not wish to participate must actively opt out of their data being shared with third parties for research and other purposes. In this paper, we analyse the lessons that can be learned for the responsible and ethical governance of health data from the NHS’ new scheme. More specifically, we explore the extent to which the opt-out within the planned scheme complies with the requirements stemming from the General Data Protection Regulation (GDPR), particularly in relation to the principles of lawfulness and transparency. We then evaluate, from an ethical perspective, this opt-out ‘nudge’ and whether it is sufficiently resistible, reversible, and has appropriate goals. In light of the above, we then propose improvements for the scheme’s legal and ethical acceptability.

KW - Big data

KW - Data protection

KW - Ethics

KW - Health

KW - United Kingdom

UR - http://www.scopus.com/inward/record.url?scp=85136384537&partnerID=8YFLogxK

U2 - 10.14763/2022.1.1638

DO - 10.14763/2022.1.1638

M3 - Article

AN - SCOPUS:85136384537

SN - 2197-6775

VL - 11

SP - 1

EP - 25

JO - Internet Policy Review

JF - Internet Policy Review

IS - 1

ER -

Towards responsible, lawful and ethical data processing: patient data in the UK

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this