While GDPR is right to provide individuals with greater control over how their information is used, the benefits of sharing data should not be overlooked, believes Rose Lasko-Skinner of Reform

Last week marked the rollout of the General Data Protection Regulation. The new EU legislation aims to improve transparency and increase people’s control over personal data. 

This is a welcome shift. 

In the context of a growing information economy, people’s data is a valuable resource in need of governance. It has been estimated that “the annual value of [NHS] records is of the order of £50 billion”– equivalent to around 30% of annual funding. 

However, the debate thus far has focused heavily on the individual, sometimes overlooking the collective value of data to society. In public services, especially the NHS, the latter is key.

Citizens are increasingly aware of the value of their data. In the wake of Cambridge Analytica, there is concern that individual autonomy and privacy are threatened by organisations holding citizen data. In reaction, some have called for organisations profiting from people’s data to give digital dividends in return.  

Related content

• The ten key questions – and nine answers – facing the public sector on GDPR
• The government needs a department for data
• PM moves government data function from GDS to DCMS

While individual autonomy and privacy are key, we should also consider the positive value of citizens’ data when aggregated. 

There is no better example of this than in the NHS. 

With improvements in computing power and the availability of digital data, there is a greater opportunity to derive actionable insights. Connected Yorkshire uses a variety of data—from weight at birth to child measurements taken in schools—to understand the patterns and development of childhood obesity. The long-term goal is to help doctors and families predict and prevent childhood obesity. Last week, Theresa May claimed that data and AI could help “diagnose at a much earlier stage the lung, bowel, prostate or ovarian cancer of at least 50,000 more people a year”. 

The first step to tapping into these healthcare benefits is fostering a better dialogue between public services and citizens. The introduction of GDPR coincides with a new opt-out system in the NHS, allowing patients to opt out of their data being used for secondary research. 

Ipsos MORI found that 25% would rather that research did not happen if commercial organisations had to have access to the data. However, the majority (61%) of people would rather allow commercial access to health data than lose out on the health benefits. 

Citizens need transparency and clear information about how their personal data is used to increase public confidence in sharing data. 

In Finland, a law ensures that citizens are aware of how their data is being used and have the right to prohibit its use at any time. Improving dialogue can increase trust and help realise the value of patient data.

The second step is creating clearer frameworks for using NHS data, including models for collaboration between different stakeholders such as patients, universities, and industry. The partnership between Drayson Technologies, the University of Oxford, and the Oxford University Hospitals NHS Foundation Trust has created and commercialised medical technologies from patient data to a global market, while reinvesting in the university and the NHS trust. Benefits must be equitable, and partnerships should be both transparent and led by ethical frameworks.

GDPR is right to focus on improving transparency and increasing personal control over data. However, conversations—especially in the public sector—about personal privacy and security should be coupled with discussions concerning the collective value to society of sharing data. The value of citizen data in healthcare is one example. 

Harnessing citizen data could bring about a better resourced and more innovative healthcare system, fit to meet challenges in the future.