DeepMind—DeepMind obtained 1.6 million NHS patient records without consent for Streams app
In 2015, DeepMind signed a deal with the Royal Free London NHS Foundation Trust gaining access to 1.6 million identifiable patient records including HIV status, drug overdoses, and abortions, ostensibly for a kidney injury detection app called Streams. The ICO ruled in 2017 that the Royal Free failed to comply with the Data Protection Act. No privacy impact assessment was conducted, and the scope of data access far exceeded what was needed for clinical safety testing.
Scoring Impact
| Topic | Direction | Relevance | Contribution |
|---|---|---|---|
| Corporate Transparency | -against | secondary | -0.50 |
| Healthcare Access | -against | contextual | -0.20 |
| User Privacy | -against | primary | -1.00 |
| Overall incident score = | -0.750 | ||
Score = avg(topic contributions) × significance (critical ×2) × confidence (0.66)
Evidence (2 signals)
Class-action lawsuit filed against DeepMind over unauthorized use of 1.6M NHS patient records
In September 2021, law firm Mishcon de Reya filed a representative action on behalf of approximately 1.6 million individuals whose medical records were obtained by DeepMind without consent. The lawsuit was ultimately dismissed by a London court in May 2023, with Google claiming the proceedings were 'unfounded and without merit.'
ICO ruled Royal Free NHS Trust broke data protection law in DeepMind data-sharing deal
The UK Information Commissioner's Office ruled in July 2017 that the Royal Free NHS Foundation Trust failed to comply with the Data Protection Act when it shared 1.6 million patient records with DeepMind. The ICO questioned why such a significant volume of records was needed for clinical safety testing and found no privacy impact assessment had been conducted.