AI and Privacy Constraints

March 23, 2022
AI and Privacy Constraints
Artificial intelligence holds out the promise of revolutionizing medical research. But this field of scientific study also raises a number of crucial questions, not least about data protection. 

Artificial intelligence opens up enormous opportunities for healthcare, from decision support to smart prostheses, robot-assisted remote surgery and personalized treatment. Exciting prospects indeed!

The collection and sharing of increasingly massive volumes of health data is the essential precondition for implementation of this technology in healthcare environments.

The problem is that these technical developments raise a number of questions around methodology, data protection, data access and sharing, and consent.  

At the same time, the regulatory and legislative framework around these issues is also changing significantly. 

The GDPR & Life Sciences

The EU General Data Protection Regulation was introduced on 25 May 2018 to increase the level of protection around personal data collection and access. In practice, the regulation requires patients to be informed of any processing of their health data.

This obligation, which also applies to research involving the reuse of data, poses a number of challenges for medical research. These include ethical issues around patient feedback, unknown patient identity as a result of pseudonymization, administrative and logistical problems, multiplicity of information media, etc.

Nevertheless, healthcare companies have no choice but to learn the fundamental principles of the GDPR as it applies to medical research and its interaction with other applicable regulations, such as local regulations, the European Clinical Trials Regulation, etc. 

Failure to comply with the rules set out in the GDPR can be costly, with violations attracting fines of up to €20 million, or as much as 4% of global annual revenue for international companies. In 2021, the authorities responsible for overseeing correct application of the EU General Data Protection Regulation imposed fines totalling around €1.1 billion, according to an annual report published by law firm DLA Piper.

A European framework for AI

In addition to this specific data protection framework, other regulations are currently being considered and drafted by the EU with the aim of setting out the conditions governing the use of artificial intelligence. Published by Brussels in 2017, the draft ePrivacy Regulation introduces rules to protect the fundamental rights and freedoms of individuals regarding the provision and use of electronic communications content for end users in the European Union. This legal text could therefore have important consequences for artificial intelligence providers with plans to offer such electronic communications content. 

The Artificial Intelligence Act (AI Act) published by the European commission in April 2021 proposes a risk-based (unacceptable risk/high risk/limited risk/minimal risk) approach to regulating the use of artificial intelligence systems and facilitating the emergence of innovative solutions that respect individual rights and freedoms. 

Data privacy is therefore an important contributory factor in ensuring the long-term use and success of AI-based products. Because without the trust of patients and doctors, advances in AI could be short lived.