Artificial intelligence holds out the promise of revolutionizing medical research. But this field of scientific study also raises a number of crucial questions, not least about data protection. 

Artificial intelligence opens up enormous opportunities for healthcare, from decision support to smart prostheses, robot-assisted remote surgery and personalized treatment. Exciting prospects indeed!

The collection and sharing of increasingly massive volumes of health data is the essential precondition for implementation of this technology in healthcare environments.

The problem is that these technical developments raise a number of questions around methodology, data protection, data access and sharing, and consent.  

At the same time, the regulatory and legislative framework around these issues is also changing significantly. 

The GDPR & Life Sciences

The EU General Data Protection Regulation was introduced on 25 May 2018 to increase the level of protection around personal data collection and access. In practice, the regulation requires patients to be informed of any processing of their health data.

This obligation, which also applies to research involving the reuse of data, poses a number of challenges for medical research. These include ethical issues around patient feedback, unknown patient identity as a result of pseudonymization, administrative and logistical problems, multiplicity of information media, etc.

Nevertheless, healthcare companies have no choice but to learn the fundamental principles of the GDPR as it applies to medical research and its interaction with other applicable regulations, such as local regulations, the European Clinical Trials Regulation, etc. 

Failure to comply with the rules set out in the GDPR can be costly, with violations attracting fines of up to €20 million, or as much as 4% of global annual revenue for international companies. In 2021, the authorities responsible for overseeing correct application of the EU General Data Protection Regulation imposed fines totalling around €1.1 billion, according to an annual report published by law firm DLA Piper.

A European framework for AI

In addition to this specific data protection framework, other regulations are currently being considered and drafted by the EU with the aim of setting out the conditions governing the use of artificial intelligence. Published by Brussels in 2017, the draft ePrivacy Regulation introduces rules to protect the fundamental rights and freedoms of individuals regarding the provision and use of electronic communications content for end users in the European Union. This legal text could therefore have important consequences for artificial intelligence providers with plans to offer such electronic communications content. 

The Artificial Intelligence Act (AI Act) published by the European commission in April 2021 proposes a risk-based (unacceptable risk/high risk/limited risk/minimal risk) approach to regulating the use of artificial intelligence systems and facilitating the emergence of innovative solutions that respect individual rights and freedoms. 

Data privacy is therefore an important contributory factor in ensuring the long-term use and success of AI-based products. Because without the trust of patients and doctors, advances in AI could be short lived. 

Seamus Larroque

CDPO / CPIM / ISO 27005 Certified


Discover our latest articles

View All Blog Posts
April 23, 2024
No items found.

iliomad is deligthed to have supported the ICM - Institut du Cancer de Montpellier in their CNIL's authorization process

We are delighted to share that the ICM - Institut du Cancer de Montpellier was authorized by the French Data Protection Authority (CNIL) to conduct APAD-ECO study. The CNIL granted authorization to conduct a medico-economic study on the effects of physical activity in women treated for breast cancer on April, 19th. This groundbreaking study involves combining data from two clinical trials with that of the Caisse nationale de l’Assurance Maladie, covering the period from 2009 to 2022. The study aims to assess the long-term impacts of physical activity in patients who have undergone treatment for breast cancer. We are proud to have contributed to this project by providing the ICM - Institut du Cancer de Montpellier with a compliant Data Protection Impact Assessment (DPIA), a crucial step in obtaining CNIL approval.