Aiming to provide better, more personalised care, by harnessing the power of digitalisation, the National Health Service (NHS) has employed a strategy of sharing its patients’ information with the private sector, raising questions as to whether it can be trusted as a custodian of its patients’ data. The development of the Streams application by DeepMind, a subsidiary of Google Health UK, illustrates the dichotomy between, on the one hand, the need to use innovative technologies to provide effective direct care and, on the other hand, the obligation to protect patients’ rights and interests in their health data.
This paper focuses on an under-explored aspect of the Streams debate: the NHS’s processing of health data in direct care. It argues that the data protection framework is best viewed as an architecture of custody, where all participants in the framework have a custodial role to play and should collaborate to ensure the balance between the free flow of data and the data subjects’ rights and interests.
Guinchard, Audrey, Restoring Trust into the NHS: Promoting Data Protection as an ‘Architecture of Custody’ for the Sharing of Data in Direct Care (February 5, 2020).