AI, big data, and the future of consent

AI, big data, and the future of consent
Open Forum
Adam J. Andreotta, Nin Kirkham, Marco Rizzi
AI & Society, 30 August 2021
Open Access
Abstract
In this paper, we discuss several problems with current Big data practices which, we claim, seriously erode the role of informed consent as it pertains to the use of personal information. To illustrate these problems, we consider how the notion of informed consent has been understood and operationalised in the ethical regulation of biomedical research (and medical practices, more broadly) and compare this with current Big data practices. We do so by first discussing three types of problems that can impede informed consent with respect to Big data use. First, we discuss the transparency (or explanation) problem. Second, we discuss the re-repurposed data problem. Third, we discuss the meaningful alternatives problem. In the final section of the paper, we suggest some solutions to these problems. In particular, we propose that the use of personal data for commercial and administrative objectives could be subject to a ‘soft governance’ ethical regulation, akin to the way that all projects involving human participants (e.g., social science projects, human medical data and tissue use) are regulated in Australia through the Human Research Ethics Committees (HRECs). We also consider alternatives to the standard consent forms, and privacy policies, that could make use of some of the latest research focussed on the usability of pictorial legal contracts.

Rebooting consent in the digital age: a governance framework for health data exchange

Rebooting consent in the digital age: a governance framework for health data exchange
Analysis
Nivedita Saksena, Rahul Matthan, Anant Bhan, Satchit Balsari
BMJ Global Health, 22 July 2021; 6(5)
Abstract
    In August 2020, India announced its vision for the National Digital Health Mission (NDHM), a federated national digital health exchange where digitised data generated by healthcare providers will be exported via application programme interfaces to the patient’s electronic personal health record. The NDHM architecture is initially expected to be a claims platform for the national health insurance programme ‘Ayushman Bharat’ that serves 500 million people. Such large-scale digitisation and mobility of health data will have significant ramifications on care delivery, population health planning, as well as on the rights and privacy of individuals. Traditional mechanisms that seek to protect individual autonomy through patient consent will be inadequate in a digitised ecosystem where processed data can travel near instantaneously across various nodes in the system and be combined, aggregated, or even re-identified.

In this paper we explore the limitations of ‘informed’ consent that is sought either when data are collected or when they are ported across the system. We examine the merits and limitations of proposed alternatives like the fiduciary framework that imposes accountability on those that use the data; privacy by design principles that rely on technological safeguards against abuse; or regulations. Our recommendations combine complementary approaches in light of the evolving jurisprudence in India and provide a generalisable framework for health data exchange that balances individual rights with advances in data science.

Is presumed consent enough for sharing medical data?

Is presumed consent enough for sharing medical data?
Views And Reviews
Helen Salisbury
BMJ, 29 June 2021; 373
Open Access
Excerpt
…Just how formal we need consent to be depends on the situation; asking for written consent before every interaction would be cumbersome and impractical. But whether it’s written, verbal, or implied, for consent to be valid it needs to be informed. Patients must understand what they’re agreeing to, although the depth of the explanation required will vary. If I arrange to take a blood test, I’ll paraphrase what I’m looking for: “I’m going to check that you’re not anaemic and that your liver and kidneys are working normally” is probably enough for most patients. But my surgical colleagues, embarking on something more serious and irrevocable, need to be formal and detailed in their discussions, so that the patient understands the risks and benefits before going under an anaesthetic and the knife… As data controllers, GPs must be sure that patients have given valid consent for their data to be processed by NHS Digital before we can hand it over, at a date currently scheduled for 1 September 2021. As it remains unclear what safeguards will be in place to guarantee the security of personal medical information, we’re not yet in a position to explain to patients the risks and benefits of sharing their data…

Rebooting consent in the digital age: a governance framework for health data exchange

Rebooting consent in the digital age: a governance framework for health data exchange
Nivedita Saksena, Rahul Matthan, Anant Bhan, Satchit Balsari
BMJ Global Health, 4 May 2021
Open Access
Abstract
In August 2020, India announced its vision for the National Digital Health Mission (NDHM), a federated national digital health exchange where digitised data generated by healthcare providers will be exported via application programme interfaces to the patient’s electronic personal health record. The NDHM architecture is initially expected to be a claims platform for the national health insurance programme ‘Ayushman Bharat’ that serves 500 million people. Such large-scale digitisation and mobility of health data will have significant ramifications on care delivery, population health planning, as well as on the rights and privacy of individuals. Traditional mechanisms that seek to protect individual autonomy through patient consent will be inadequate in a digitised ecosystem where processed data can travel near instantaneously across various nodes in the system and be combined, aggregated, or even reidentified. In this paper we explore the limitations of ‘informed’ consent that is sought either when data are collected or when they are ported across the system. We examine the merits and limitations of proposed alternatives like the fiduciary framework that imposes accountability on those that use the data; privacy by design principles that rely on technological safeguards against abuse; or regulations. Our recommendations combine complementary approaches in light of the evolving jurisprudence in India and provide a generalisable framework for health data exchange that balances individual rights with advances in data science.

How and why does the mode of data collection affect consent to data linkage?

How and why does the mode of data collection affect consent to data linkage?
Annette Jackle, Jonathan Burton, Mick P. Couper, Thomas F. Crossley, Sandra Walzenbach
Understanding Society Working Paper Series, April 2021
Abstract
We use experimental data to examine why respondents are less likely to consent to data linkage in online than face-to-face interviews. We find that respondents are less likely to understand the data linkage request, less likely to process the consent request thoroughly, and more likely to be concerned about privacy and data security when answering online rather than in a face-to-face interview. Verbal behaviours of interviewers do not explain the mode effects, and neither do the devices respondents use to complete the web survey. Simplifying the wording of the consent request increases understanding of the request, but does not reduce the gap in consent rates between modes.

Managing Consent for Data Access in Shared Databases

Managing Consent for Data Access in Shared Databases
Osnat Drien, Antoine Amarilli, Yael Amsterdamer
IEEE Xplore, 22 June 2021
Abstract
Data sharing is commonplace on the cloud, in social networks and other platforms. When a peer shares data and the platform owners (or other peers) wish to use it, they need the consent of the data contributor (as per regulations such as GDPR). The standard solution is to require this consent in advance, when the data is provided to the system. However, platforms cannot always know ahead of time how they will use the data, so they often require coarse-grained and excessively broad consent. The problem is exacerbated because the data is transformed and queried internally in the platform, which makes it harder to identify whose consent is needed to use or share the query results. Motivated by this, we propose a novel framework for actively procuring consent in shared databases, focusing on the relational model and SPJU queries. The solution includes a consent model that is reminiscent of existing Access Control models, with the important distinction that the basic building blocks – consent for individual input tuples – are unknown. This yields the following problem: how to probe peers to ask for their consent regarding input tuples, in a way that determines whether there is sufficient consent to share the query output, while making as few probes as possible in expectation. We formalize the problem and analyze it for different query classes, both theoretically and experimentally.

Trust, but Verify: Informed Consent, AI Technologies, and Public Health Emergencies

Trust, but Verify: Informed Consent, AI Technologies, and Public Health Emergencies
Brian Pickering
Future Internet, 18 May 2021; 13 (132)
Open Access
Abstract
To use technology or engage with research or medical treatment typically requires user consent: agreeing to terms of use with technology or services, or providing informed consent for research participation, for clinical trials and medical intervention, or as one legal basis for processing personal data. Introducing AI technologies, where explainability and trustworthiness are focus items for both government guidelines and responsible technologists, imposes additional challenges. Understanding enough of the technology to be able to make an informed decision, or consent, is essential but involves an acceptance of uncertain outcomes. Further, the contribution of AI-enabled technologies not least during the COVID-19 pandemic raises ethical concerns about the governance associated with their development and deployment. Using three typical scenarios— contact tracing, big data analytics and research during public emergencies—this paper explores a trust-based alternative to consent. Unlike existing consent-based mechanisms, this approach sees consent as a typical behavioural response to perceived contextual characteristics. Decisions to engage derive from the assumption that all relevant stakeholders including research participants will negotiate on an ongoing basis. Accepting dynamic negotiation between the main stakeholders as proposed here introduces a specifically socio–psychological perspective into the debate about human responses to artificial intelligence. This trust-based consent process leads to a set of recommendations for the ethical use of advanced technologies as well as for the ethical review of applied research projects.

A systematic literature review of attitudes towards secondary use and sharing of health administrative and clinical trial data: a focus on consent

A systematic literature review of attitudes towards secondary use and sharing of health administrative and clinical trial data: a focus on consent
Research
Elizabeth Hutchings, Max Loomes, Phyllis Butow, Frances M. Boyle
Systematic Reviews, 4 May 2021; 10(132)
Open Access
Abstract
Background
We aimed to synthesise data on issues related to stakeholder perceptions of consent for the use of secondary data. To better understand the current literature available, we conducted a systematic literature review of healthcare consumer attitudes towards the secondary use and sharing of health administrative and clinical trial data.
Methods
EMBASE/MEDLINE, Cochrane Library, PubMed, CINAHL, Informit Health Collection, PROSPERO Database of Systematic Reviews, PsycINFO and ProQuest databases were searched. Eligible articles included those reporting qualitative or quantitative original research and published in English. No restrictions were placed on publication dates, study design or disease setting. One author screened articles for eligibility and two authors were involved in the full-text review process. Conflicts were resolved by consensus. Quality and bias were assessed using the QualSyst criteria for qualitative studies.
Results
This paper focuses on a subset of 47 articles identified from the wider search and focuses on the issue of consent. Issues related to privacy, trust and transparency, and attitudes of healthcare professionals and researchers to secondary use and sharing of data have been dealt with in previous publications. Studies included a total of 216,149 respondents. Results indicate that respondents are generally supportive of using health data for research, particularly if the data is de-identified or anonymised. The requirement by participants to obtain consent prior to the use of health data for research was not universal, nor is the requirement for this always supported by legislation. Many respondents believed that either no consent or being informed of the research, but not providing additional consent, were sufficient.
Conclusions
These results indicate that individuals should be provided with information and choice about how their health data is used and, where feasible, a mechanism to opt-out should be provided. To increase the acceptability of using health data for research, health organisations and data custodians must provide individuals with concise information about data protection mechanisms and under what circumstances their data may be used and by whom.

Informed consent for linking survey and social media data

Informed consent for linking survey and social media data
Johannes Breuer, Tarek Al Baghal, Luke Sloan, Libby Bishop, Dimitra Kondyli, Apostolos Linardis
IASSIST Quarterly, 2021; 45(1) pp 1-27
Open Access
Abstract
Linking social media data with survey data is a way to combine the unique strengths and address some of the respective limitations of these two data types. As such, linked data can be quite disclosive and potentially sensitive, it is important that researchers obtain informed consent from the individuals whose data are being linked. When formulating appropriate informed consent, there are several things that researchers need to take into account. Besides legal and ethical questions, key considerations are the differences between platforms and data types. Depending on what type of social media data is collected, how the data are collected, and from which platform(s), different points need to be addressed in the informed consent. In this paper, we present three case studies in which survey data were linked with data from 1) Twitter, 2) Facebook, and 3) LinkedIn and discuss how the specific features of the platforms and data collection methods were covered in the informed consent. We compare the key attributes of these platforms that are relevant for the formulation of informed consent and also discuss scenarios of social media data collection and linking in which obtaining informed consent is not necessary. By presenting the specific case studies as well as general considerations, this paper is meant to provide guidance on informed consent for linked survey and social media data for both researchers and archivists working with this type of data.

Rethinking Informed Consent in the Context of Big Data

Rethinking Informed Consent in the Context of Big Data
Anna Bruvere, Victor Lovic
Cambirdge Journal of Science & Policy, 2021; 2(2)
Open Access
Abstract
A widely accepted method for addressing digital privacy concerns is the use of informed consent: asking users to agree to privacy policies and consent to the use of their personal data. This approach has come under strain with the emergence of “big data” in which large datasets are collected and analysed. This paper argues that since individuals do not understand or even read the privacy policies they agree to, informed consent ultimately fails to protect privacy. Following the work of Solon Barocas and Helen Nissenbaum, this paper proposes an updated definition of informed consent and argues that the responsibility of protecting privacy should be shifted from individuals to organisations.