Covid-19 is leading to a rise and change in the way we use and process data. As organisations are looking for better solutions to address the negative impact of Covid-19 on health and well-being, we’re seeing more discussion arise surrounding the way data is now used or shared.
More than ever, companies are now using either existing data to develop new services in response to digitisation needs or are seeking access to third party data to inform new and tailored solutions. At the same time, the NHS is developing its own app designed to help track the spread of coronavirus.
Of course, the widespread 'commercial' use of data is nothing new. For example, late 2019, Google bought the health records of over 50 million Americans (faced with much scrutiny) while one in seven GP practices in the UK are selling clinical data to International pharmaceutical companies, raising over £10 million annually. These practices have always been met with a lot of scrutiny regarding security and privacy, and in a time where health-care and data are "hot topics", now more than ever it's important to understand the opportunities and precautions surrounding the use of this data.
The Pro: Open Innovation
Marketing 101: In order to develop the most value-driven solutions, organisations need to understand their audiences' most pressing pains and needs.
In regards to healthcare, data often resides within large protected databases. Open innovation is an innovation concept which encourages data-sharing between the institutions who hold this data, and organisations who can use the data to develop solutions. In this scenario, data-sharing could help organisations make more informed choices and develop better solutions.
A recent EU funded innovation programme demonstrated this concept by exploring the use of sharing data within the private sector. The programme found that:
"Open innovation allows companies to apply external ideas and technology to help address challenges. Sharing data is an essential part of effective collaboration between businesses.
Sharing operational data provides the necessary insights into business challenges, allowing collaborators to analyse and use that data to deliver better insights and demonstrate the value of new technologies."
The Con: Data Rights, Consent & Security
The use of data needs to be specific, secure, and transparent, particularly in terms of what is or isn't covered by consent.
While the NHS has openly supported the use of open data to spur new innovations, it also rightly differentiates between the type of information that can and cannot be shared. Safeguards are put in place to protect the privacy of data subjects, and transparency notices clearly outline what data is and isn’t made public. An example of such a transparency notice is the Covid-19 response page which outlines how the NHS may be using data in its response to coronavirus.
When using data to develop or tailor a new solution, organisations need to understand what data is or is not covered by consent (or legitimate interest where appropriate). This includes using existing data for new services. While it might be tempting to assume that data subjects are OK with their data being used for health-care reasons, this might actually not be the case. A recent You Gov Poll showed that 80% of people in the UK supported tighter regulation on how data is used by large tech organisations, indicating the level of scrutiny surrounding the way their data is used.
This means that, to justify the sharing of health data, there must be a very clear and transparent case for the use of data. Furthermore, companies need to demonstrate they gather the minimum amount of (anonymised) data needed for their solutions. This also ensures systems stay as secure as possible. More data stored means more data is at risk of being leaked. The topic of data security has gained more attention in the news earlier this week, following the scrutinisation of the NHS tracking app. The organisation was questioned on the app's security following the decision to use centralised systems instead of decentralised systems recommended by Apple and Google.
While the use of appropriate health data can help organisations develop more effective solutions, they must first assess what information is needed to develop that solution (avoiding the gathering of unnecessary data), and they must evaluate consent for new use of data. There are other things to consider and this blog is by no means an exhaustive list. But it’s something to get you thinking.
If you are thinking of using data to develop a new service, you can sign up for one of our monthly legal drop-ins with Muckle LLP who’re able to provide legal advice on the use of data by digital and tech companies: