Abstract
Current practices for regulating the processing of personal data are oriented principally towards notions of governance, risk management, and regulatory compliance - based on data protection laws that have, in some jurisdictions, been in place for decades. Despite this framework, individuals are likely to encounter uses of their personal data which, while legal, may appear to lack fairness or legitimacy. Such uses may lead us to conclude that third parties are failing to take due account of our wishes and preferences. An organisation’s handling of personal data might fall short of our expectations in a number of ways, such as through over collection, insufficient care, unexpected or unwelcome use, or excessive sharing. For data controllers, greater focus on ethics (beyond legal compliance), might align them more closely with the expectations of their users and customers. Ethics has been core to the practice of medicine at least since the formulation of the Hippocratic oath [1], but the digital era introduces new risks which require ethical responses. Guidance for data controllers should be based on a clear understanding of digital privacy and its complexities, so that abstract notions of trust and ethics can be transformed into applicable principles and practical measures, while reflecting the diverse stakeholder motivations and interests. This article explores the trust-related factors and challenges that arise from the digital and online processing of personal data, particularly in the context of healthcare. The article proposes ethical principles, and approaches and resources for putting those principles into practice.
Similar content being viewed by others
Notes
A reference to Donald Rumsfeld’s epistemological taxonomy, in a 2002 briefing.
For the purposes of this paper, by “data controller” I mean an entity which collects and uses (personal) data in ways covered by data protection legislation; by “data subject” I mean an individual to whom personal data relates (I use “subject” in the grammatical sense, rather than in the sense of subordination to the data controller).
An analogous example: Blackmailers threaten to delete organisations’ data unless ransom is paid.
An illustrative but far from exhaustive sample of privacy violations and resulting harms, from a relatively privacy-conscious province.
References
North M. On nlm.nih.gov "Greek Medicine - The Hippocratic Oath" U.S. National Library of Medicine, 02 July 2012. 2012. http://www.nlm.nih.gov/hmd/greek/greek_oath.html. Accessed 19 June 2017.
Albanesius C. On ukpcmag.com. 2013. http://uk.pcmag.com/tv-home-theaters/11794/news/lg-to-fix-unwanted-smart-tv-data-collection. Accessed 16 Dec 2016.
Komando K. On usatoday.com. 2014. http://www.usatoday.com/story/tech/columnist/komando/2014/11/14/free-apps-privacy/18759109/. Accessed 16 Dec 2016.
Raiche R. On wptv.com. 2015. http://www.wptv.com/news/science-tech/angry-birds-2-camscanner-apps-stealing-personal-data-raises-questions-about-iphone-security. Accessed 16 Dec 2016.
Hope C. On telegraph.co.uk. 2007. http://www.telegraph.co.uk/news/uknews/1570258/5000-would-have-made-HMRC-discs-safe.html. Accessed 16 Dec 2016.
Kende M. Global internet report. 2016. https://www.internetsociety.org/globalinternetreport/2016/. Accessed 16 Dec 2016.
Hill K. On forbes.com. 2012. http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/#2f7c6a3934c6. Accessed 16 Dec 2016.
Singer S. In nytimes.com. 2012. http://www.nytimes.com/2012/06/17/technology/acxiom-the-quiet-giant-of-consumer-database-marketing.html. Accessed 16 Dec 2016.
McCullagh M. In cnet.com. 2013. https://www.cnet.com/news/how-web-mail-providers-leave-door-open-for-nsa-surveillance/. Accessed 16 Dec 2016.
Nissenbaum H. Privacy as contextual integrity. Wash Law Rev 2004.
Author. Four Ethical Issues In Online Trust. Internet Society. 2014. https://www.internetsociety.org/sites/default/files/Ethical%20Data-handling%20-%20v2.0.pdf.
Christl W, Spiekermann S. Networks of control. 2016. http://crackedlabs.org/en/networksofcontrol.
Lee R, Carlisle A. Detection of falls using accelerometers and mobile phone technology. 2011. https://oup.silverchair-cdn.com/oup/backfile/Content_public/Journal/ageing/40/6/10.1093/ageing/afr050/2/afr050.pdf.
Yoshida T et al. Gait analysis for detecting a leg accident with an accelerometer. 2006. https://www.researchgate.net/publication/4238356.
Rumsfeld D. US Department of defense news briefing transcript. 2002. http://archive.defense.gov/Transcripts/Transcript.aspx?TranscriptID=2636. Accessed 19 June 2017.
Hasselbalch G, Tranberg P. Data ethics, the new competitive advantage. Libris, Copenhagen; 2016.
Ramesh R. NHS disregards patient requests to opt out of sharing medical records. 2015. https://www.theguardian.com/society/2015/jan/22/nhs-disregards-patients-requests-sharing-medical-records. Accessed 20 Dec 2016.
Cavoukian A. Privacy by design - applying the 7 foundational principles. 2011. https://www.iab.org/wp-content/IAB-uploads/2011/03/fred_carter.pdf. Accessed 19 Dec 2016.
CNBC. 2016. Hackers blackmail US Police Departments http://www.cnbc.com/2016/04/26/ransomware-hackers-blackmail-us-police-departments.html. Accessed 1 Oct 2016.
Ontario Star. Hospital privacy violations go unreported. 2015. https://www.thestar.com/life/health_wellness/2015/01/13/hundreds_of_hospital_privacy_violations_go_unreported.html. Accessed 1 Oct 2016.
Helsinki Declaration. World medical association. 1964. http://www.wma.net/en/30publications/10policies/b3. Accessed 1 Oct 2016.
Mitscherlich, A., & Mielke, F. Doctors of infamy: The story of the Nazi medical crimes. New York: Henry Schuman; 1949.
Belmont. US Dept of Health and Human Services, The Belmont Report. 1978. https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/index.html.
Menlo. US Dept of Homeland Security, The Menlo Report - Ethical Principles Guiding Information and Communication Technology Research. 2012.
Narayanan A, Shmatikov V. Robust de-anonymization of large sparse datasets. 2006. https://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf. Accessed 1 Oct 2016.
Dwork C, Roth A. The algorithmic foundations of differential privacy. Foundations and Trends in Theoretical Computer Science. 2014;9(3–4):211–407.
Spiekermann S. Ethical IT. Innovation: Auerbach; 2016.
Dennedy M. The privacy Engineer's manifesto. Springer; 2014.
Cavoukian A. Twitter. 2016. https://twitter.com/anncavoukian/status/803566281190424577.
Warren S, Brandeis L. Harvard Law Review. 1890. http://faculty.uml.edu/sgallagher/Brandeisprivacy.htm. Accessed 1 Oct 2016.
Cooley T. A treatise on the law of torts. Chicago: Callahan & Co.; 1888.
European Commission. Directive 95/46 Article 1, and Preamble para. 2. 1995.
Internet Society. Why privacy matters. 2017. http://www.internetsociety.org/what-we-do/internet-technology-matters/privacy-identity.
Kobie N. Why the cookies law wasn't fully baked. 2015. https://www.theguardian.com/technology/2015/mar/19/cookies-how-to-avoid-being-tracked-online. Accessed 20 Dec 2016.
Doliner M. Safari invalid certificate handling sucks. 2016. https://kingant.net/2016/08/safari-invalid-certificate-handling-sucks/. Accessed 20 Dec 2016.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The author declares no conflict of interest.
Funding
There is no funding source for this article.
Ethical approval
This article does not contain any data, or other information from studies or experimentation, with the involvement of human or animal subjects.
Informed consent
Not Applicable.
Additional information
This article is part of the Topical Collection on Privacy and Security of Medical Information
Rights and permissions
About this article
Cite this article
Wilton, R. Trust and ethical data handling in the healthcare context. Health Technol. 7, 569–578 (2017). https://doi.org/10.1007/s12553-017-0206-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12553-017-0206-2