Google—Google DeepMind accessed 1.6 million NHS patient records without consent, UK regulator found data deal unlawful
In 2015, DeepMind signed a deal with the Royal Free London NHS Foundation Trust gaining access to identifiable medical records of 1.6 million patients — including HIV status, drug overdoses, and abortions — without patient consent. The data was used to develop Streams, a kidney disease detection app. In 2017, the UK Information Commissioner's Office ruled the data-sharing agreement failed to comply with data protection law. New Scientist revealed the full scope of identifiable data accessed. A class-action lawsuit on behalf of 1.6 million affected patients was filed in 2021 but dismissed in 2023 on procedural grounds.
Scoring Impact
| Topic | Direction | Relevance | Contribution |
|---|---|---|---|
| Data Security | -against | secondary | -0.50 |
| Healthcare Access | -against | primary | -1.00 |
| User Privacy | -against | primary | -1.00 |
| Overall incident score = | -0.737 | ||
Score = avg(topic contributions) × significance (high ×1.5) × confidence (0.59)
Evidence (1 signal)
UK ICO ruled DeepMind-Royal Free NHS data deal failed to comply with data protection law
The UK Information Commissioner's Office ruled in 2017 that the data-sharing agreement between Google DeepMind and the Royal Free London NHS Trust failed to comply with data protection law. DeepMind had accessed identifiable records of 1.6 million patients — including HIV status, drug overdoses, and abortions — without patient consent to develop the Streams kidney disease detection app.