A law firm in the United Kingdom is suing Google's artificial intelligence (AI) subsidiary DeepMind Technologies over an alleged breach of data protection laws.
Mishcon de Reya is bringing a representative suit against DeepMind pertaining to the company’s data-sharing deal with the Royal Free London National Health Service (NHS) Foundation Trust.
A five-year partnership between the Trust and DeepMind was announced in 2015 to "build on the successful year-long joint project to build a smartphone app called Streams, which alerts clinical teams as soon as test results show that a patient is at risk of developing acute kidney injury."
The Jurist reports that "when the data-sharing agreement was made public, it was revealed that DeepMind was gaining access to a wide-ranging scope of data including admissions, discharge and transfer, accidents, emergencies, critical care, pathology and radiology data."
In July 2017, the Information Commissioner’s Office (ICO) ruled the Royal Free NHS Foundation Trust failed to comply with the Data Protection Act when it provided patient details to DeepMind.
"The Trust provided personal data of around 1.6 million patients as part of a trial to test an alert, diagnosis and detection system for acute kidney injury," said the UK data protection regulator.
"But an ICO investigation found several shortcomings in how the data was handled, including that patients were not adequately informed that their data would be used as part of the test."
On September 30, Mishcon de Reya announced that it was bringing an action against DeepMind "on behalf of Mr Andrew Prismall and the approximately 1.6 million individuals whose confidential medical records were obtained by Google and DeepMind Technologies in breach of data protection laws."
Mr. Prismall said: “Given the very positive experience of the NHS that I have always had during my various treatments, I was greatly concerned to find that a tech giant had ended up with my confidential medical records.”
Lawyer Ananaya Agrawal wrote in The Jurist that Mishcon’s representative suit resembles a class-action lawsuit in the United States and “will have important ramifications for large-scale access and use of health data by tech companies in a post-pandemic, post-Brexit UK.”