Should your personal health data be available worldwide?
That’s the question that has experts concerned as U.K.-based mobile health app Streams is moved under the Google Health umbrella.
The move would mean the app, which was riddled with privacy missteps, could be accessible worldwide.
Experts are worried the privacy missteps made by Streams will expand worldwide as the app does.
Streams, made by Google-owned (but separately operated) DeepMind, was found in 2017 to be using 1.6 million people’s personal, clinical data without their consent.
DeepMind officials previously promised that no data would be shared with the technology giant — but the official move into the Google Health umbrella has privacy experts worried.
“It completely erodes trust,” former Ontario privacy commissioner Ann Cavoukian told Global News.
She explained that Streams, which was created to help British doctors diagnose patients quicker, used personal clinical data that hasn’t been “de-identified,” which means a person’s name is attached to data.
“Now that the data is available to Google Health in personal identifiable forms, then that raises all kinds of concerns,” Cavoukian said.
In Ontario, your personal, clinical data is only available within the “circle of care,” which is the doctors and workers who are treating you. As soon as it’s being shared outside that circle, it’s illegal, Cavoukian explained.
There’s a similar law in the U.K., but a U.K. watchdog found that Streams was illegally sharing the data outside the circle. There’s no guarantee a similar thing won’t happen in other countries — including Canada.
WATCH: Should the government intervene with Google’s privacy issues?
Cavoukian says because of Google’s massive size and influence, the company can’t be trusted.
“Health data is the most sensitive form of data that exists … and when the company using it is Google, which has no privacy credibility, then you place yourself at risk.”
Cavoukian has previous experience with Google; she recently resigned as a consultant on the company’s Toronto-based Sidewalk Labs project when officials refused to de-identify the data collected on that project.
“There’s no transparency,” she warned.
A DeepMind spokesman told the Telegraph that “all patient data remains under our partners’ strict control, and all decisions about its use lie with them.”
But other privacy experts say DeepMind’s broken promise to stay separate from Google Health is a concerning trend.
“Technology companies are too used to having terms and conditions which they can change as they please. The latest developments (with Google, Facebook, and others) suggest that we cannot trust tech companies’ promises,” Oxford University’s Carissa Veliz told the Telegraph.
“DeepMind said it would never connect Streams with Google. The whole Streams app is now a Google product. That is an atrocious breach of trust,” privacy researcher Julia Powles wrote on Twitter.
Health benefits vs. privacy concerns?
In a statement from DeepMind, officials say they’ve made major advancements in AI research, including “detecting eye disease more quickly and accurately than experts; planning cancer radiotherapy treatment in seconds rather than hours; and working to detect patient deterioration from electronic records.”
Google aims to turn Streams into an “AI-powered assistant for nurses and doctors everywhere.”
While there’s no question that there are enormous benefits to this type of innovation, Cavoukian stressed that it’s not an either-or scenario — developers just need to make sure the data is anonymous.
“Once data is no longer personally identifiable, there’s no privacy concerns because it’s not linked to an individual,” she explained.