Views, thoughts, and opinions expressed in the text belong solely to the author, and do not represent the views of the Support Centre for Data Sharing or the European Commission.
Data sharing has many advantages and can offer companies and governments enormous opportunities. For example, it can accelerate and raise the accuracy of the research, improve the reliability of risk/benefit analysis, strengthen collaborations, boost sales, give a competitive edge, and provide insights into different systems and procedures.1 Due to these benefits, a lot of businesses and government bodies have entered – or are entering – data sharing agreements to share specific datasets with one another to further their analysis or to contribute to a service.
However, though most institutions have noble ideas and intentions when entering a data sharing agreement, that doesn’t mean it always equivocates to a good outcome. Or, at least, an outcome that is respectful to the people’s whose data is being shared and used. One recent (and infamous) example is Google and Ascensions new venture: project Nightingale. In November 2019, Google and one of the largest health-care networks in the United States (US), Ascension, began project Nightingale.2 The project follows a classic business-to-business (B2B) data sharing model where Ascension shares their health care data, including names and other identifiable data, to Google. More specifically, Ascension is sharing the data from tens of millions of people from 21 states with Google, without patients’ explicit consent and knowledge.3 This patient health data is then analysed to give health care providers new insights and care suggestions for patients.
Ascension and Google argue that they are abiding by US law to protect health care data, such as the Health Insurance Portability and Accountability Act of 1996.4 However, the lack of patient knowledge and explicit consent that their medical data is being shared, and the fact that it is identifiable data that can be traced back to an individual patient, has caused the US lawmakers and citizens to fight back. The project has raised questions about patient privacy and highlights the lack of regulations surrounding corporate use of personal (and identifiable) data.
Where does this leave us? This leads to a deeper ethical question about the importance of intention vs. outcomes in evaluating our actions – what is more important, the intention at the beginning of the venture or its outcome?5 It’s believable that at the beginning of this venture, Ascension and Google had people’s best interest at heart. By sharing health data, it would have been possible for them to have evaluated the current health care system and procedures, and they could have found ways to improve it in a cost-effective and efficient manner. However, even if they could have achieved this, does it justify that it was done in a way that made people feel violated? Could Ascension and Google have shared data in a way that would have achieved the same results in a way where no one felt uncomfortable?
So, I pose the question: does the intent of doing good justify the outcome?
- 1. https://www.nap.edu/read/18267/chapter/3
- 2. https://www.wsj.com/articles/google-s-secret-project-nightingale-gathers-personal-health-data-on-millions-of-americans-11573496790
- 3. https://www.nature.com/articles/d41586-019-03574-5
- 4. https://www.cdc.gov/phlp/publications/topic/hipaa.html
- 5. https://foundational-research.org/should-we-base-moral-judgments-on-intentions-or-outcomes/