Sooner or later, all data turns into health data
Anyone who owns a smartphone, uses social media or drives a “smart” car unwittingly reveals a lot about themselves. Even data that doesn’t seem sensitive today could in future allow unforeseen conclusions to be drawn about a person’s health, as ethicist Christophe Schneble of the Institute for Biomedical Ethics of the University of Basel explains in this interview.
Mr. Schneble, you explore ethical questions about indirect, inferred, and invisible health data. What does that mean?
When we think of health data, we usually think of digitized patient data that includes direct information about a person’s health status. But as the amount of data of all kinds constantly grows and becomes increasingly linked, even data that does not appear particularly sensitive can suddenly allow conclusions to be drawn about a person’s health and risk of disease. For example, smartphone location data combined with environmental data can be used to infer the risk of respiratory disease if someone frequently spends time in places with a lot of traffic and high particulate matter pollution.
So that would be inferred health data. But what’s invisible data?
“Big data” is on everyone’s lips and data analysis is making constant progress, especially in artificial intelligence. In the future, machine learning algorithms could use large, combined data sets to find correlations to risks of disease that are still completely unknown to us today. The point is that health data enjoys special protection under current legislation. But this protection is also necessary for all other data as soon as it can be used for health-related questions.
What would this protection need to look like?
Direct health data, for example from medical examinations, requires explicit consent from the affected person to be used further. But in the case of other data, the affected person is not even informed that it could be processed for health-related questions. That might be hidden in legalese in the terms and conditions, but usually these are far too long and too complex for the majority of users to read. There’s no way that’s informed consent.
How could it be done better?
There’s been some discussion about a nutrion lable like system or comics that give people who aren’t familiar with legal jargon a clear picture of the terms they’re agreeing to.
Informing people is one thing, but usually there’s no other option than to give your consent if you want to use a service.
That’s true. In addition, we’re under social pressure to use certain apps. Think of how many things are organized through WhatsApp groups by default nowadays, or the young people who use Instagram because all their friends are doing it, too. Informing them how their data is being used would be an important first step. Asking for consent especially needs to become more dynamic. It has to function retroactively and for the future.
What do you mean by that?
On the one hand, the digitization of paper archives is making new data sets accessible and the people affected could not possibly have imagined at the time how the data could be exploited by current analytical methods. In some cases, these people have died by now, but their living relatives could still be affected by the consequences of this data analysis. On the other hand, past and present data could still allow unforeseen conclusions to be drawn about health in the future. Mechanisms for obtaining consent must therefore cover past, present, and future data along with its present and future use.
That sounds like a difficult task to achieve.
The challenge is to regulate not only the collection of data, but also its use, in a more dynamic way. Even if private individuals agree to the terms and conditions for digital offers, providers should obtain their consent again if the providers want to analyze the data for new purposes, especially for health research.
From your perspective as an ethicist, what are the key points to bear in mind?
Especially when it comes to the big tech companies, we need better international coordination of laws that obligate corporations to create genuine transparency about the use of data and so ensure data subjects’ right to self-determination. From an ethical perspective, data privacy should actually be a human right: no one should suffer harm because of the use of their data. That’s why health data, whether direct or indirect, requires special protection.