Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ross Anderson Cambridge

Published byBrice Fowler Modified over 7 years ago

Similar presentations

Presentation on theme: "Ross Anderson Cambridge"— Presentation transcript:

1 Ross Anderson Cambridge
Big Conflicts: The ethics and economics of privacy in a world of Big Data Ross Anderson Cambridge OII Feb

2 The Nuffield Biodata report
What happens to medical ethics in a world of cloud-based health records and pervasive genomics? 12 authors: from IT, medicine, ethics, insurance, pharma … OII Feb

3 ‘Big Data’ comes to the NHS
Cameron policy announced January 2011: make ‘anonymised’ data available to researchers, both academic and commercial, but with opt-out We’d already had a laptop stolen in London with 8.63m people’s ‘anonymised’ records on it In September 2012, CPRD went live – a gateway for making anonymised data available from secondary care, run by the MHRA (the regulator) They refused to answer a FOI request about anonymisation mechanisms! OII Feb

4 Can an NHS patient opt out?
Cameron had promised in 2011 that our records would be anonymised, and we’d have an opt out The Secretary of State for Health, Jeremy Hunt, assured us in March 2013 that existing opt-outs would be respected In July this was reversed by the NHS England CIO NHS opt-out defaults are wrong; the privacy mechanisms are obscure; and they get changed whenever too many people learn to use them OII Feb

5 The care.data scandal Hospital Episode Statistics (HES) has records going back 15 years (about a billion in total) Apr 2014: HSCIC reveals that HES data sold to 1200 universities, firms and others since 2013 HESID usually contains postcode, dob Even if the HESID were encrypted, what about cardioversion, Hammersmith, Mar ? Yet the DoH described pseudonymised HES data as “non-sensitive” and the ICO agreed! OII Feb

6 Advocating anonymisation
OII Feb

7 … and transparency OII Feb

8 Now add DNA The UK Department of Health is launching a ‘100,000 genomes’ project to use genetic analysis in both direct care and research All sequence data centralised; consent to unlimited research use (including sharing with 23andme) or you can’t join The FDA just stopped 23andme from offering health advice to new customers After the election: 50 million genomes! OII Feb

9 The PCAST report Presidential Council of Advisers on Science and Technology (Craig Mundie, Eric Schmidt…) Big data has three components, they say Collection (e.g. your kid’s teddy bear) Aggregation (Microsoft / Facebook / Google) Use (the firms that buy ads) Claim: only the third should be regulated! ECJ response in González, the very same week OII Feb

10 An ethical approach It’s long been accepted in medicine that the law’s boundaries are way too wide If you do everything you can’t be jailed or sued for, you’ll quickly lose patients’ trust So what is an ethical approach to medical practice, and medical research, in a world of cloud-based health records and genomics? Nuffield Bioethics Council set up a project … OII Feb

11 Problem (1) There’s lots more data
Cloud-based primary and secondary care records Genomics: from 100,000 patients to 50 million? Patient-generated stuff like fitbit Comms data, lab data, all sorts of other stuff … And lots more capability to store & process it This leads to all sorts of initiatives that mash up data from previously siloed applications OII Feb

12 Problem (2) Huge ‘Big Data’ hype bubble – policymakers terrified of looking technophobic Shortage of money drives innovation in public sector, just as plentiful VC in the private sector Centralising tendency of every bureaucracy ‘Open data’ promise to big pharma and to nonprofit research communities Anonymisation – a ‘broken promise of privacy’ (see my book and ODI, RSS talks) OII Feb

13 Moral values and interests
Distinction between public and private evolved over millennia – before history Norms of disclosure are important for formation and maintenance of identity and relationships Consent is how patient relationships work Public interests exist such as public health and research but these are not just in opposition to private interests in confidentiality OII Feb

14 Law and governance Laws reflect emerging social consensus (albeit with a time lag and a big lobbying bias) Common law duty of confidence Data protection law Human-rights law: s8 ECHR, I v Finland Usual take: ‘consent or anonymise’ But anonymisation doesn’t work, and consent is becoming steadily harder! What should an ethical researcher do? OII Feb

15 Principle 1 – Respect for persons
The set of expectations about how data will be used in a data initiative should be grounded in the principle of respect for persons This includes recognition of a person’s profound moral interest in controlling others’ access to, and disclosure of, information relating to them held in circumstances they regard as confidential OII Feb

16 Principle 2 – Human rights
The set of expectations about how data will be used in a data initiative should be determined with regard to established human rights This will include limitations on the power of states and others to interfere with the privacy of individual citizens in the public interest (including to protect the interests of others) OII Feb

17 Principle 3 – Participation
The set of expectations about how data will be used (or re-used) in a data initiative, and the appropriate measures and procedures for ensuring that those expectations are met, should be determined with the participation of people with morally relevant interests Where it is not feasible to engage all those with relevant interests, the full range of relevant interests and values should nevertheless be fairly represented OII Feb

18 Principle 4 – Accounting for decisions
A data initiative should be subject to effective systems of governance and accountability that are themselves morally justified This should include both structures of accountability that invoke legitimate judicial and political authority, and social accountability arising from engagement of people in a society Maintaining effective accountability must include effective measures for communicating expectations and failures of governance, execution and control to people affected and to society more widely OII Feb

19 How do existing initiatives add up?
HES/care.data – treating data as an industrial raw material, for sale to all, and available with commercial reuse licenses CPRD – won’t say how data are ‘anonymised’ and push it for all sorts of research purposes 100,000 Genomes – at least GeL keep custody of the data but allow secret uses by firms Scotland – links local datasets using a central `safe haven’; some public engagement OII Feb

20 Application to security research?
Started thinking about this following Facebook app from our psychology department Our Device Analyzer runs on 23,000 Androids For user: personal analytics (best phone plan) For us: understanding smartphone use, energy consumption and much else See which has research papers etc OII Feb

21 Application to law enforcement?
Law enforcement at least has some focus on respect for persons (even if intel doesn’t) It’s bound by human-rights law ( ditto ) Thanks to Edward Snowden, we have a more truthful account of state surveillance capabilities but are still not really consulted (see DRIP Bill, ISC mess, …) In an ideal world, we’d have an international treaty on warrants, transparency, jurisidiction OII Feb

22 Today’s ‘Economist’ “If citizens aren’t protected from prying eyes, some will suffer and others turn their backs. Societies will have to develop new norms and companies learn how to balance privacy and profit. Governments will have to define what is acceptable. But in eight short years smartphones have changed the world—and they have hardly begun.” OII Feb

23 Where’s it going? “The Ood, it is worth remembering, did not just have two brains, one in the head and one in the hand—they had a third, planetary brain, telepathically shared by all. It may yet be to such a world that, with phones in hand, pocket and purse, humanity makes its way.” OII Feb

24 Where’s it going? “The Ood, it is worth remembering, did not just have two brains, one in the head and one in the hand—they had a third, planetary brain, telepathically shared by all. It may yet be to such a world that, with phones in hand, pocket and purse, humanity makes its way.” “Democracies may be able to find acceptable solutions to some of the problems posed.” OII Feb

25 More … The report: see our blog or my website Our blog
My website Workshop on the Economics of Information Security, Delft, June 22–3 OII Feb

Download ppt "Ross Anderson Cambridge"

Similar presentations

Health Information Supplier Forum ‘Open data, a platform for change’ Garry Coleman, Health & Social Care Information Centre.

Health Information Supplier Forum ‘Open data, a platform for change’ Garry Coleman, Health & Social Care Information Centre.
Confidentiality new guidance from the GMC. Statutory power to advise The Medical Act 1983 gives the GMC power to provide, in such manner as the Council.

Confidentiality new guidance from the GMC. Statutory power to advise The Medical Act 1983 gives the GMC power to provide, in such manner as the Council.
Data Linkage Service Garry Coleman, Health and Social Care Information Centre.

Data Linkage Service Garry Coleman, Health and Social Care Information Centre.
1 The Engineer as a Professional Privacy. 2 After reading the articles please answer the following questions. 1) Is privacy a concern that engineers have.

1 The Engineer as a Professional Privacy. 2 After reading the articles please answer the following questions. 1) Is privacy a concern that engineers have.
The Nuffield Council on Bioethics Report : The collection, linking and use of data in biomedical research and health care: ethical issues. Martin Richards.

The Nuffield Council on Bioethics Report : The collection, linking and use of data in biomedical research and health care: ethical issues. Martin Richards.
Why anonymity fails Ross Anderson Cambridge University Open Data Institute, 4/4/2014.

Why anonymity fails Ross Anderson Cambridge University Open Data Institute, 4/4/2014.
Dealing with confidential research information and consent agreements in research Louise Corti Associate Director UK Data Archive University of Glamorgan.

Dealing with confidential research information and consent agreements in research Louise Corti Associate Director UK Data Archive University of Glamorgan.
1 Identity and Transparency ( Bridging the GAPS of Governance Bridging the GAPS of Governance in eGov Initiatives in eGov Initiatives )‏ Badri Sriraman.

1 Identity and Transparency ( Bridging the GAPS of Governance Bridging the GAPS of Governance in eGov Initiatives in eGov Initiatives )‏ Badri Sriraman.
Making the information revolution come true: THE ROLE OF PSEUDONYMISATION Ian Herbert Vice chair (Partnerships), BCS Health.

Making the information revolution come true: THE ROLE OF PSEUDONYMISATION Ian Herbert Vice chair (Partnerships), BCS Health.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.

OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
Access to data for local authority public health AGW Public Health Network Training Event: Public Health Data, Information and Intelligence 11 th November.

Access to data for local authority public health AGW Public Health Network Training Event: Public Health Data, Information and Intelligence 11 th November.
John McGeagh, PhD | NIHR CLAHRC West Collaboration for Leadership in Applied Health Research and Care The power and potential pitfalls of working with.

John McGeagh, PhD | NIHR CLAHRC West Collaboration for Leadership in Applied Health Research and Care The power and potential pitfalls of working with.
Privacy, data protection and connected cars Lilian Edwards, Professor of Internet Law University of Strathclyde Researcher in Residence, Digital Catapult.

Privacy, data protection and connected cars Lilian Edwards, Professor of Internet Law University of Strathclyde Researcher in Residence, Digital Catapult.
Principles of medical ethics Lecture (4) Dr. HANA OMER.

Principles of medical ethics Lecture (4) Dr. HANA OMER.
Presentation on Mechanisms for Reducing Corruption through Private Sector Monitoring and Enforcement by Essa Faal / Thomas F. McInerney General Counsel.

Presentation on Mechanisms for Reducing Corruption through Private Sector Monitoring and Enforcement by Essa Faal / Thomas F. McInerney General Counsel.
PD233: Design of Biomedical Devices and Systems (Lecture 3 - Bioethics) Dr. Manish Arora CPDM, IISc Course Website:

PD233: Design of Biomedical Devices and Systems (Lecture 3 - Bioethics) Dr. Manish Arora CPDM, IISc Course Website:
ETHICAL ISSUES IN HEALTH AND NURSING PRACTICE CODE OF ETHICS, STANDARDS OF CONDUCT, PERFORMANCE AND ETHICS FOR NURSES AND MIDWIVES.

ETHICAL ISSUES IN HEALTH AND NURSING PRACTICE CODE OF ETHICS, STANDARDS OF CONDUCT, PERFORMANCE AND ETHICS FOR NURSES AND MIDWIVES.
Dr.Amira Yahia, Ph.D (N), M.Sc (N), B.Sc (N).  By the end of this session the student will be able to:  Define some terms related to ethic  Explain.

Dr.Amira Yahia, Ph.D (N), M.Sc (N), B.Sc (N).  By the end of this session the student will be able to:  Define some terms related to ethic  Explain.
Page 1 Procurement and Probity Issues that Impact on the School Environment Presentation to the Tasmanian Schools Administrators’ Association (TSAA) Hobart.

Page 1 Procurement and Probity Issues that Impact on the School Environment Presentation to the Tasmanian Schools Administrators’ Association (TSAA) Hobart.

Similar presentations

Ads by Google