...until they're inevitably sold.
But once your data has been digitized even if it is under your control the likelihood that it gets leaked is still high. Specially now with AI agents running everywhere, or people just asking AI services for medical advice.
Today the choice for advice is between low quality local AI advice or higher quality advice but lose your data control, the rational choice is probably losing your data control even if if will almost certainly comes back to bite you.
I personally would like data like this to simply be published, together with a law that says using the data to make personalized decisions affecting those individuals is punishable with life in prison.
Basically, this data is 'opensource', but not for use to decide insurance premiums, job offers, or the contents of news articles.
Like a clean room implementation requirement.
This works well in theory but is basically unenforceable. It's barely possible, if possible at all, to audit how FB or google make ad targeting decisions - but once stuff gets into the fragmented ecosystem of data brokers and market intelligence consultancies all hope is lost.
To say nothing of state actors, like countries who might deny you a visa based on adverse medical info or otherwise use your information against you.
licensing it to researchers allows you to create, monitor, and enforce policies like the one you describe
stealing it does not
As a researcher who regularly deals with such data there is a MASSIVE difference. Yes, I have access to the data but I am restricted on how it can be stored (no cloud), what I can and can't do with it, and for some of it I'm even mandated to destroy it once the research project is over. I have the informed consent of every participant, some of which withdrew halfway throughout the collection without any penalty to them. I also don't need a new law because I'm already bound by existing ones, by the contract I signed when I joined, and by the confidentiality agreement I signed when the project started. While I don't know that the leaker(s) will be identified, the existence of the data itself already calls for legal action while giving a starting point for investigation.
Your suggestion, on the other hand, seems to be "let's put this data out there without people's consent and make companies pinky promise that they won't use it in their black boxes in a way that's virtually impossible to detect or prosecute". Those two things are definitely not equivalent.
yes
I don’t get this trend of seeing bad thing happen and then commenting that other bad thing exists and therefore “in fairness” we should downplay it.
Bad things are bad. Comparing them to other things we don’t like doesn’t make them less bad. I don’t like Palantir either but they’re not intentionally leaking health details so this comparison doesn’t even make any sense.
To many, they are. They're leaking information that has been trusted to the NHS to their own databases.
The fact that it's being done under government contract and (arguably) within the law shouldn't immediately make it any less bad.
If this is not traceable back to individuals, it would probably good to be made public. But I assume the UK Biobank only gives access to trusted partners since - as we know in our 'data analytics' day and age - with enough general data quantity you can trace back anything to anyone if you have the resources. And the capitalist-surveillance econonmy certainly provides the profit-motive.
UK Biobank health data keeps ending up on GitHub
https://news.ycombinator.com/item?id=47875843
UK Biobank health data listed for sale in China, government confirms
WalterGR•2h ago
blitzar•1h ago
Given the whack-a-mole takedowns, its pretty clear everyone involved knew what was going on.