Google’s DeepMind Faces Legal Action Over Data Misuse

Uploaded on 2021-10-12 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW, BUSINESS-Services-Law

Google's parent company and its AI business DeepMind are facing legal action for the way in which they obtained and processed over a million patient health records without consent in the UK. A legal case has been launched on behalf of more than a million people whose confidential medical records were obtained by Google.

DeepMind, a London artificial intelligence lab that was acquired by Google in 2014 and in 2015, Google's AI firm DeepMind was given the personal records of 1.6 million patients at the Royal Free London NHS Foundation Trust.

The current legal case is being led by law firm Mishcon de Reya and the lead plaintiff  Andrew Prismall said he had been "greatly concerned" about how his data had been used. Mishcon de Reya said it was launched to address public concerns about the use of private health data by tech firms. In a recent press release, Mishcon de Reya described the lawsuit as an “important step in seeking to address the very real public concerns about large-scale access to, and use of, private health data by technology companies... It also raises issues regarding the precise status and responsibility of such technology companies in the data protection context, both in this specific case, and potentially more generally,” the firm said.

When it became public that vast amounts of data had been tapped into by DeepMind, there was outrage, although the firm insisted that the patient records were being used to help create a life-saving app.

The Streams app was an alert, diagnosis and detection system that could spot when patients were at risk of developing acute kidney injury. It is in the process of being decommissioned, following DeepMind being incorporated into Google Health. There were several inquiries into the legality of the data use, and in 2017 the Information Commissioner's Office said that the hospital had not done enough to protect the privacy of patients when it shared data with Google.

In a statement in response to that ruling, DeepMind apologised and said that it had concentrated on building tools for clinicians, rather than thinking about how the project should have been shaped by the needs of patients.

Mishcon de Reya partner Ben Lasserson said: "This important claim should help to answer fundamental questions about the handling of sensitive personal data and special category data... It comes at a time of heightened public interest and understandable concern over who has access to people's personal data and medical records and how this access is managed."

There have been a number of class action suits launched in the UK, in which one plaintiff represents millions and these cases are known as opt-out representative actions because they include everyone that the case applies to, unless they specifically request not to be part of it.

In another group action a group calling itself  “Google You Owe Us” has been launched on behalf of four million iPhone users, alleging they were illegally tracked by Google.

New Scientist:      Decision Marketing:    CNBC:       BBC:      Techcrunch:      Business Insider:  

You Might Also Read:

Coronavirus Tracing Apps Conflict With Privacy:

« Don't Click On Pop-Ups
How To Use Transit Gateways To Monitor Traffic »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Chertoff Group

Chertoff Group

The Chertoff Group provide security advice and risk management services covering cyber security, insider threat, physical security and asset protection.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

Reed Smith LLP

Reed Smith LLP

Reed Smith LLP is an international law firm with offices in the USA, Europe, Middle East and Asia. Practice areas include Information Technology, Privacy & Data Security.

Military Cyber Professionals Association (MCPA)

Military Cyber Professionals Association (MCPA)

MCPA are a team of Soldiers, Sailors, Airmen, Marines, Veterans and others interested in the development of the American military cyber profession.

RangeForce

RangeForce

RangeForce delivers the only integrated cybersecurity simulation and skills analysis platform that combines a virtual cyber range with hand-on training.

CYE

CYE

Utilizing data, numbers, and facts, CYE helps security leaders know what business assets are at risk and execute cost-effective remediation projects for optimal risk prevention.

Authomize

Authomize

Authomize aggregates identities and authorization mechanisms from any applications around your hybrid environment into one unified platform so you can easily and rapidly manage and secure all users.

Noventiq

Noventiq

Noventiq (the brandname of Softline Holding plc) is a leading global solutions and services provider in digital transformation and cybersecurity.

Cythereal

Cythereal

Cythereal is the leader in predicting and preventing advanced malware attacks. Security Automation for the Overwhelmed Administrator.

Interos

Interos

Interos is the operational resilience company — reinventing how companies manage their supply chains and business relationships — through a breakthrough AI SaaS platform.

Identity Management Institute (IMI)

Identity Management Institute (IMI)

Identity Management Institute (IMI) provides professional training and certification in cyber security with a focus on identity and access management, identity theft, and data protection.

Etisalat and (e&)

Etisalat and (e&)

Etisalat Group is one of the world’s leading telecom groups in emerging markets.

LAVAAT

LAVAAT

At LAAVAT, our goal is to make it easy for our customers to build secure IoT devices without a need to invest considerably in embedded security and cryptography expertise.

ACI Learning

ACI Learning

ACI Learning - Training tomorrow’s industry leaders with formats for all types of learners in Audit, Cybersecurity, and IT.

Spera Security

Spera Security

Spera helps identity security professionals effectively and confidently measure, prioritize and reduce identity risk to better protect the organization from identity-based attacks.

Resillion

Resillion

Resillion (formerly Eurofins Digital Testing) is a global leader in quality engineering and cyber security services with operations in Europe, US, UK, India and China.