Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Hostname: page-component-8448b6f56d-jr42d Total loading time: 0 Render date: 2024-04-23T12:39:38.075Z Has data issue: false hasContentIssue false

2 - How Private Individuals Maintain Privacy and Govern Their Own Health Data Cooperative

MIDATA in Switzerland

from Part I - Personal Information as a Knowledge Commons Resource

Published online by Cambridge University Press:  29 March 2021

By
Felix Gille  and
Effy Vayena
Edited by
Madelyn Rose Sanfilippo ,
Brett M. Frischmann  and
Katherine J. Strandburg
Madelyn Rose Sanfilippo
Affiliation:
University of Illinois, Urbana-Champaign
Brett M. Frischmann
Affiliation:
Villanova University School of Law
Katherine J. Strandburg
Affiliation:
New York University School of Law

Summary

Diverse and increasingly comprehensive data about our personal lives is collected. When these personal data are linked to health records or linked to other data collected in our environment, such as that collected by state administrations or financial systems, the data have huge potential for public health research and society in general. Precision medicine, including pharmacogenomics, particularly depends on the potential of data linkage. With new capacities to analyze linked data, researchers today can retrieve and assess valuable and clinically relevant information. One way to develop such linked data sets and to make them available for research is through health data cooperatives. An example of such a health data cooperation is MIDATA – a health data cooperative recently established in Switzerland and the main focus of this chapter. In response to concerns about the present health data economy, MIDATA was founded to provide a governance structure for data storage that supports individual’s digital self-determination by allowing MIDATA members to control their own personal data flow and to store such data in a secure environment.

Keywords

privacydata sharinghealth dataparticipationmedical research
Type
Chapter
Information
Governing Privacy in Knowledge Commons , pp. 53 - 69
Publisher: Cambridge University Press
Print publication year: 2021
Creative Commons
Creative Common License - CCCreative Common License - BYCreative Common License - NCCreative Common License - ND
This content is Open Access and distributed under the terms of the Creative Commons Attribution licence CC-BY-NC-ND 4.0 https://creativecommons.org/cclicenses/

2.1 Background

We as private individuals provide a wide range of data about our personal lives via our smartphones, loyalty cards, fitness trackers, and other digital health devices. These devices collect increasingly diverse and comprehensive data about us. Depending on the mobile applications we use, devices collect data about our daily routines, location, preferences, desires and interests, shopping behaviors, mood, illness, and more. When this personal data is linked to health records – including genome data and phenotype data – or linked to other data collected in our environment, such as that collected by state administrations or financial systems, the data has huge potential for public health research and society in general (Wellcome Trust, 2015; Reference Vayena and BlasimmeVayena and Blasimme, 2017). Precision medicine, including pharmacogenomics, particularly depends on the potential of data linkage (Reference Huang, Mulyasasmita and RajagopalHuang, Mulyasasmita, and Rajagopal, 2016). New advanced data processing techniques help researchers to make sense of data in a way that was not possible before. With this new capacity to analyze linked data, researchers today can retrieve and assess valuable and clinically relevant information (Reference Blasimme, Vayena and HafenBlasimme, Vayena, and Hafen, 2018). One way to develop such linked data sets and to make them available for research is through health data cooperatives. An example of such a health data cooperation is MIDATA – a health data cooperative recently established in Switzerland and the main focus of this chapter.

In practice, our society cannot yet fully exploit the potential of linked data sets, even though data cooperatives similar to MIDATA are slowly multiplying. This is because private people act as data sources, but they have minimal control over the data collected and do not know where the data is stored. Health apps are a case in point: these private services operate under a particular business model, that is to harvest a private individuals’ data and exploit it for the company’s own financial profit. In this business model, data is market capital (Reference SadowskiSadowski, 2019). This is a lucrative business, and with an estimated annual growth rate of 20 percent, by 2020 utilizing personal data could deliver an annual economic benefit of €330 billion to enterprises in Europe. Furthermore, the combined total digital identity value of individuals could comprise around 8 percent of the EU-27 gross domestic product (Boston Consulting Group, 2012). Despite these impressive figures, the pressing question is: to what extent do we as data providers and as a society benefit from these business models? One could argue, as ETH Zürich Professor Ernst Hafen does, that ‘the data economy is broken, because we do not have control over our data’ (SWISS RE, 2018). Ordinary individuals are dispossessed of control over their data and cannot access the revenue their data generates.

Exacerbating this sense of powerlessness for private individuals, several large companies recently used personal data in ways misaligned with public norms and values. These scandals led to public outcry against privacy breaches as well as abuse of power. Facebook has been a chief offender, with noteworthy failings such as providing the political consultancy firm Cambridge Analytica access to over 50 million user profiles, which they used to influence the 2016 USA election and the UK Brexit campaign (Reference Cadwalladr and Graham-HarrisonCadwalladr and Graham-Harrison, 2018). In the healthcare sector, the contract between the Royal Free NHS Foundation Trust, London, and Google Deep Mind breached the United Kingdom’s Data Protection Act with controversial implications for patient privacy. The Trust provided Deep Mind with about 1.6 million patients’ personal data as part of a study to test a detection and diagnosis system for acute kidney injury (Information Commissioner’s Office, 2018; Reference Powles and HodsonPowles and Hodson, 2017).

In addition to lack of control and privacy breaches, security breaches present a further challenge to the management of personal data. Whereas a privacy breach refers to a company inappropriately sharing data, a security breach occurs when hackers access data repositories, or data is leaked due to poor data security mechanisms. For example, think of the computer software updates that could have contained the WannaCry ransomware attack in 2017, had they been performed. Instead, staff neglected the updates, nefarious ransomware exploited the vulnerability, and the English NHS performance was compromised for days (National Audit Office, 2018).

These improprieties led to increased public skepticism over whether data-driven private (and to some degree, public) enterprises can be trusted, including within the healthcare system (Symantec, 2015; Reference HafenHafen, 2018). We can easily observe the uptake of the term “trust” as a prominent concept in the public sphere, which hints at a public need to discuss issues of trust. This is alarming evidence that healthcare systems need to be reformed, including the data economy within them (Reference Gille, Smith and MaysGille, Smith, and Mays, 2014). Prevailing public trust in the healthcare system is paramount for a healthcare system to function well (Reference 68Gille, Smith and MaysGille, Smith, and Mays, 2017). If the public does not trust organizations in the healthcare system to protect and appropriately manage the data entrusted to them, value generation is at risk. In particular, the healthcare industry depends on access to personal data, with an estimated 40 percent of the healthcare system’s benefit generated on the basis of personal identity data (Boston Consulting Group, 2012).

To complicate the picture, Mhairi Aitken and colleagues concluded that in fact conditional support for sharing and linking health data exists. This seems to contradict the concerns raised earlier. Public concerns pertain to issues such as confidentiality, individuals’ control over their data, uses and abuses of data, and potential harms that may ensue. However, the public also supports private companies’ research when actual or potential public benefits from research are foreseeable, as well as when the public trusts the individuals or organizations leading and overseeing the research, data linkage, and data sharing (Reference Aitken, Jenna, Pagliari, Jepson and Cunningham-BurleyAitken et al., 2016). Other studies in the field similarly highlight the importance of trust and clear public benefit of research (Wellcome Trust, 2015; Reference Audrey, Brown, Campbell, Boyd and MacleodAudrey et al., 2016).

To restore the data economy – that is, to build public trust toward data-rich enterprises, as well as trust for how data flow between different enterprises is managed; to establish individual control over personal data; and to ensure privacy as well as data security – we need to answer several practical, ethical, legal, and social questions. Ultimately, these issues can be addressed through an appropriate governance model, but this is no easy feat. What governance model do we need for aggregated personal data sets? Who should have legitimate control over personal data, and how can we foster digital self-determination? How can personal data be securely stored? How can we increase transparency about who uses people’s data, and how they use it? Who is accountable for aggregated data sets stored in research facilities?

In response to these questions, health data cooperatives can perhaps provide a suitable model to govern aggregated data sets. Private individuals in cooperatives democratically control the governance processes of the cooperative itself and the data stored within the cooperative. Health data cooperatives therefore may be able to provide a fair governance model for health data ecosystems that may benefit society through innovation, knowledge generation, improved quality of healthcare, or advances in diagnostics and therapy (Reference HafenHafen, 2019). Furthermore, health data cooperatives empower private people, as control of personal data shifts from corporate enterprises back to individuals who provide their data for research. This is of particular importance, as private individuals are the legitimate controllers of their own data, especially when it comes to health data (Reference Wilbanks and TopolWilbanks and Topol, 2016). Moreover, health data cooperatives uniquely combine a list of attributes that are crucial for legitimate data aggregation. Examples include open and collective governance principles; not-for-profit status, as revenues are re-invested into the cooperative itself; and the use of open-source software to simplify the creation of new data cooperatives (Van Reference Roessel, Reumann and BrandRoessel, Reumann, and Brand, 2018).

Prior to this chapter, examples of health-related cooperatives are presented in the previous volume in this series: Governing Medical Knowledge Commons (Reference Frischmann, Strandburg, Madison, Frischmann, Strandburg and MadisonFrischmann, Strandburg, and Madison, 2017). Among these, the authors of the book discuss health data commons, such as Genomic Data Commons (Reference Evans, Frischmann, Strandburg and MadisonEvans, 2017). Evans describes the legal and practical obstacles of aggregating genomic data in commons for the US context. In particular, these obstacles relate to decentralized data storage, consent alignment and data access, as well as aggregation (Reference EvansEvans, 2016). Evans encourages the professional community to overcome these obstacles and to find appropriate ethical governance mechanisms for such commons.

Also, in the 2014 volume Governing Knowledge Commons, both Contreras and Van Overwalle analyze the construction of genome commons (Van Reference Overwalle, Frischmann, Madison and StrandburgOverwalle, 2014; Reference Contreras, Frischmann, Madison and StrandburgContreras, 2014). However, in this example commons are constructed in a different format in which data is not aggregated, but a public network was built allowing data sets to be shared. They observe that the rapidly growing data volume, described by some as a data tsunami, will flood data cooperatives. Importantly, they observe that commons structures should be designed to fit the complex and highly specialized nature of genetic research structures:

Failing to appreciate the structural rules implemented to address these issues, or seeking to dispense with them in favor of a more broadly “open” public goods models … could have adverse consequences. In particular the elimination of rules regulating human subject protection could limit the willingness of individuals to participate in genomic research, and the elimination of data-generator priorities could weaken the incentives of data-generating scientists. Each of these effects could negatively impact the growth of the commons itself.

(Reference Contreras, Frischmann, Madison and StrandburgContreras, 2014, 130)

Taken together, the two examples present several structural, practical, ethical, and legal challenges that are inherent in the development of medical commons and likely also apply to the development of health data cooperatives, such as the example presented in this chapter. Tying in with the previous examples and in response to the societal challenges described earlier, the Data and Health Association, founded in 2012, aimed to establish a health data cooperative for Switzerland. As a result of these efforts, the health data cooperative MIDATA was co-founded by a group of researchers of ETH Zürich and the University of Applied Sciences Bern, in 2015 (MIDATA Genossenschaft, 2017; Reference Mòdol, Riemer, Schellhammer and MeinertMòdol, 2019). The basic idea behind MIDATA is conceptually similar to a bank account. A person can open an account to deposit copies of her data (which was collected and stored elsewhere), and then she can choose to make the data accessible to researchers to advance science. This is shown in Figure 2.1.

Figure 2.1 Simplified overview of the MIDATA cooperative (MIDATA Genossenschaft, 2019c)

In addition, people can become formal cooperative members, in contrast to those who only open an account. Eventually, each individual’s account will contain a wide range of different data sets that belong to that one person. The data stored by MIDATA on servers located in Switzerland is encrypted and can only be accessed by the account owner, unless they release it for a specific purpose. To access this rich data source, external parties can submit a proposal for data use. If the proposal is positively reviewed by the ethics committee, each account holder can consent to release her data to the specific project. Account holders need to release their data for each project individually, as this action is a central privacy control mechanism of the data cooperative.

Culturally, MIDATA is embedded in a society with a cooperative tradition in many fields apart from healthcare. This is arguably an advantage for the implementation of MIDATA, as the Swiss society is well familiar with the basic principles of cooperatives. Nowadays, some of the most prominent enterprises in the Swiss public sphere are cooperatives. Two notable examples are the grocery chain Migros and the car sharing platform Mobility, run by the Swiss Federal Railways (SBB). Migros is one of the most recognized grocery stores in Switzerland. The Migros cooperative comprises 2.1 million members (growth rate 0.7 percent in 2016), about 50 enterprises that are linked to the Migros group, and the Mirgos group had total sales of 27738 million CHF in 2016. Migros’ roots stretch back to 1925, when five Ford Model T cars started selling groceries in Zürich. Gottlieb Duttweiler (1888–1962), the founder of Migros and a well-known Swiss personality, aimed to build a direct link between producers and consumers, similar to the health data cooperative described in this chapter. Also, Duttweiler with his wife formulated fifteen theses that make up the moral spirit of Migros. To highlight a few key theses, Duttweiler pointed out the importance of transparency, accountability, and the involvement of women in the decision-making and governance of the cooperative. The cooperative is present in the public sphere, and Migros recently broadcasted a TV advertising campaign called the “Migros Besitzer” – the Migros owner – showing the benefits of membership in the Migros cooperative (Migros, 2017). Similarly, Mobility started as a cooperative in 1987, and is now the largest car sharing platform in Switzerland. Mobility is present in every village with more than 10,000 inhabitants. Today, Mobility has more than 50,000 cooperative members and over 120,000 customers. The declared goal is to minimize the traffic burden in Switzerland and contribute to a more efficient and individualized mobility solution for customers (Mobility, 2019). Mobility’s signature red cars help distinguish Mobility as a highly visible and recognizable cooperative within the Swiss public sphere. Mobility and Migros are just two prominent examples among many that indicate the cooperative idea is already well established in the Swiss media landscape and public sphere.

Given that people in Switzerland are familiar with the concept of cooperatives, and in light of the pressing need to find an alternative governance model for the use of personal data in research, the founders of MIDATA currently have high hopes that MIDATA is a platform that could resolve the challenges raised earlier.

2.1.1 Tool of Analysis: Governing Knowledge Commons Framework

To describe the MIDATA cooperative in a structured and detailed way, the remainder of this chapter will apply the Governing Knowledge Commons (GKC) framework to MIDATA. Brett Frischmann, Michael Madison, and Katherine Strandburg developed the GKC framework, drawing inspiration from Elinor Ostrom and her colleagues’ work on the institutional analysis and development framework (Reference OstromOstrom, 1990; Reference Frischmann, Madison, Strandburg, Frischmann, Madison and StrandburgFrischmann, Madison, and Strandburg, 2014; Reference Strandburg, Frischmann, Madison, Frischmann, Strandburg and MadisonStrandburg, Frischmann, and Madison, 2017). This framework allows researchers to analyze “institutionalized community governance of the sharing and, in some cases, creation, of information, science, knowledge, data, and other types of intellectual and cultural resources” (Reference Frischmann, Madison, Strandburg, Frischmann, Madison and StrandburgFrischmann, Madison, and Strandburg, 2014, 3). In combination with Helen Nissenbaum’s theory that understands privacy as contextual integrity (Reference NissenbaumNissenbaum, 2010), the GKC framework is useful when examining how individuals maintain privacy and govern their own health data cooperative. Broadly, the framework considers the background environment, attributes, governance, patterns, and outcomes of knowledge commons. The remainder of this chapter will follow the structure of the GKC framework to ease comparison across the different case studies of this and earlier volumes of the knowledge commons book series (Reference Strandburg, Frischmann, Madison, Frischmann, Strandburg and MadisonStrandburg, Frischmann, and Madison, 2017, 16–17).

At present, MIDATA is in the buildup phase. Several small research projects, as presented later, contribute to the testing and refinement of MIDATA. This chapter is part of an ongoing (2018–2021) health ethics and policy research project at ETH Zürich, Switzerland, where we aim to develop further the existing governance model of MIDATA. Our main purpose in this research is to create a systemic oversight model for MIDATA (described later) that is considered trustworthy by the general public and MIDATA members. In this research we engage with governance theory, law, and policy, and will conduct interviews with different stakeholders, such as researchers who work within the cooperative, members of the cooperative, and members of the general public. For this chapter we gathered background information by interviewing MIDATA co-founder Ernst Hafen. For the interview we developed questions that follow the content of the GKC framework and Nissenbaum’s privacy theory. In addition, we examined the statutes of MIDATA as well as further policy and administrative documents of the cooperative. The advantage of applying the GKC framework and insights from privacy theory as contextual integrity at this stage is the possibility to leverage the perspective the framework provides to inform MIDATA’s ongoing development. Applying the GKC framework to MIDATA can help us better understand how MIDATA processes and structural components contribute to the community governance of MIDATA. The systematic design of the GKC framework allows us to dissect MIDATA to unfold the involved attributes, the present governance structure, and anticipated outcomes. In addition, the theory of privacy as contextual integrity can help us to improve the governance processes and structures that apply to privacy within MIDATA.

2.2 Attributes of MIDATA

MIDATA is a member-owned cooperative that aims to store and aggregate personal data from people who open an account at MIDATA. Cooperative members are the main actors in the cooperative as well as the main resource providers for the cooperative itself. Ultimately, the goal of MIDATA is to provide a secure storage for personal data, in which account holders themselves retain full control over their data. As MIDATA members, people contribute to research by granting others access to their data. The following sections will describe MIDATA’s resources, goals, and objectives in more detail, and the role private individuals take in this cooperative.

2.2.1 MIDATA Resources

The resources pooled in the MIDATA cooperative are copies of account holders’ personal data. Such data can be transferred to the account by the account holder him/herself; or in some cases apps use MIDATA to store data, and account holders using such an app can allow the data to be deposited in to their MIDATA accounts directly. Accessing copies of personal data has been simplified within the European Union with the newly established European Union’s General Data Protection Regulation. This regulation emphasizes in Article 20 that individuals have the right to copies of their data. This right applies to EU residents, and non-EU residents can ask for copies of data stored by companies based within the EU (European Parliament Council of the European Union, 2016). It is anticipated that this European regulation will supportively affect the data transfer processes for MIDATA, even though the regulation does not apply in Switzerland as Switzerland is not an EU member state (Reference Ngwa and HafenNgwa and Hafen, 2017). Swiss residents can make use of the GDPR when they request data that is stored within the EU.

The allergy app Ally Science is an example of an app that stores data on MIDATA. Launched by Bern University of Applied Sciences and University Hospital Zurich, Ally Science is part of a research project to collect pollen allergy symptoms data in combination with location data. Thereby, the study investigates pollen allergies in Switzerland (MIDATA Genossenschaft, 2019a). If the app user has no MIDATA account, the app user is asked to open a MIDATA account before s/he uses the app. By July 2018, 8,100 app users had registered (Reference HafenHafen, 2018). Another use case example is a research study involving multiple sclerosis patients. Study participants use an app called MitrendS to capture their neurological development over time. Generally speaking, each citizen generates a huge amount of data that can be stored in MIDATA accounts so that each citizen can contribute to the development of the cooperative’s resource pool (Reference Mòdol, Riemer, Schellhammer and MeinertMòdol, 2019).

2.2.2 MIDATA Account Holders, Cooperative Members, and the Swiss Community

Because the cooperative model of MIDATA is designed to be regional, MIDATA is open to any person residing in Switzerland. To open an account on MIDATA, one does not need to be a member of the cooperative. Yet, if a person would like to actively participate in the governance of MIDATA, a community member needs to become a cooperative member for a fee of 40 CHF. The cooperative has an altruistic motivation that goes beyond the MIDATA community itself and seeks to benefit the general society, and this is evident in the objectives outlined later.

2.2.3 Goals and Objectives of MIDATA

The overarching goal of MIDATA is to establish regional, member-owned data cooperatives that contribute to research and ultimately to the benefit of society via their stored data. In more detail and as stated by Article II of the MIDATA statutes, the objectives are:

  1. (1) “The Cooperative pursues as a non-profit organization the following objectives:

    1. (a) it operates a secure IT platform (‘MIDATA platform’) for storage, management, and sharing of personal data of any kind, in particular health and education data, and to provide related services;

    2. (b) it makes the MIDATA platform available to natural persons (members and non-members) who may use the platform as personal data account holders (‘account holders’);

    3. (c) it promotes broad Cooperative membership among account holders, thus allowing them to partake in the governance of the Cooperative, and it helps members pursue common interests;

    4. (d) it promotes the digital self-determination of the population by enabling account holders to use their personal data as self-determining agents and according to their wishes, in particular to support research purposes;

    5. (e) it promotes the collective interests of the account holders and it enables the utilization of their personal data as a common resource. This is achieved by enabling individual account holders to accept requests for the analysis of their data and to give explicit informed consent for the secondary use of their personal data by third parties in return for an economic remuneration to the cooperative;

    6. (f) by providing the MIDATA platform, it fosters the development of an innovative ecosystem in which third parties can offer data-based services to the account holders;

    7. (g) it promotes medical research projects and projects that aim to realize a fair digital society and that promote the digital self-determination of the population; and

    8. (h) it employs the scientific results and income derived from the secondary usage of personal data in the framework of the aforementioned objectives.

  2. (2) With its operative and commercial activities, the Cooperative strives to achieve a positive effect upon society and the environment.

  3. (3) The Cooperative may engage in all activities that are directly or indirectly related to its purpose.

  4. (4) The Cooperative may support the founding of cooperatives of equal purpose in Switzerland and abroad, and it may form a federation of cooperatives together with them.

  5. (5) The Cooperative may establish branches and subsidiaries in Switzerland and abroad, hold interests in other companies in Switzerland and abroad, and acquire, hold and sell real estate.” (MIDATA Genossenschaft, 2017, 2,3)

Key values represented by the objectives are data security, being open to all people, promotion of cooperative membership, promotion of digital self-determination, promotion of collective interest, fostering innovation and medical research, and re-investment in the goals of the cooperative. Together these values eventually lead into the overarching aim to achieve a positive effect on society and environment. Furthermore, to build a network of cooperatives, MIDATA may help to facilitate similar cooperatives. To finance itself, the cooperative may engage in financial investment activities.

All key values are relevant to this cooperative’s character, but we consider promotion of digital self-determination the one value that makes this cooperative distinctive. As we presented in the introduction of this chapter, outside of the cooperative model, private individuals’ ability to determine how their personal data is used is limited, if not impossible. Therefore, MIDATA aims to foster digital self-determination as one of the key incentives for members of the general public to participate in MIDATA and eventually become MIDATA cooperative members. Objective 1 (d) underlines this clearly by promoting the personal use and free choice over what one wishes to do with his/her data, focusing in particular on research.

When we compare the MIDATA objectives to the cooperative principles as stated by the International Co-operative Alliance (Voluntary and Open Membership; Democratic Member Control; Member Economic Participation; Autonomy and Independence; Education, Training, and Information; Cooperation among Cooperatives; and Concern for Community), it becomes clear that MIDATA is in line with the cooperative tradition (International Co-operative Alliance, 2019). Based on the similarity between the MIDATA cooperative values and general cooperative principles, and given the prevalence of cooperative membership already present in Switzerland, it seems likely people will easily familiarize themselves with the governance principles of MIDATA as they participate in MIDATA activities. This should facilitate easy access and participation in MIDATA. Nevertheless, MIDATA’s focus on scientific data is clearly different from grocery trading and car sharing. It is essential to educate participants so they are equipped to contribute to the MIDATA governance in a meaningful way. Yet, MIDATA participants can build on their previous familiarity with cooperatives in other areas of their lives.

As MIDATA focuses at present on healthcare and public health research, data stored within MIDATA may contribute to the improvement of health for all. Furthermore, it is anticipated that the cooperative as a whole could advance public literacy and public control in the field of digital self-determination. These two aspirations together comprise the key value of knowledge production within the cooperative.

2.3 Governance of MIDATA

The legitimate action arena for MIDATA is research, development, and education. At the moment, MIDATA focuses on healthcare research, in particular research that exploits aggregated data sets. We anticipate that in the future MIDATA will extend to other research fields such as education. In doing so, MIDATA’s success depends on cooperative members investing significant trust in MIDATA, and in the public and research institutions that apply to access their data. Therefore, MIDATA needs to maintain not only an appropriate governance model but also trustful relationships with all stakeholders to be able to compile meaningful data sets, and also to appear as a valuable partner for researchers, so that they invest their resources into MIDATA. When it comes to the involvement of private companies, it will be fundamental to adhere to robust governance structures within MIDATA. In particular, it will be necessary to show how corporate research will benefit the wider society. Furthermore, private companies will need to show how privacy is maintained and disclose their accountability structures (Reference Aitken, Jenna, Pagliari, Jepson and Cunningham-BurleyAitken et al., 2016). That is to show, in an understandable way, who is accountable for the research conducted with the data provided by MIDATA members. Such structures need to not only meet ethical values but also align with good governance. A governance model that is likely to be particularly suitable for MIDATA is the systemic oversight approach (Reference Vayena and BlasimmeVayena and Blasimme, 2018). As data volume increases, the situation requires adaptive governance models that are able to respond to the challenges that come with big data and the accumulation of data ecosystems. Among other challenges, experts anticipate that current informed consent processes are limited in their capacity to provide a meaningful choice to data donors about how they control large volumes of their data. In addition, broad consent to a frankly unlimited future use of data, as often seen in current consent designs for medical research, is not only ethically questionable but also provides the donor with no control over future use of their data. Finally, the increasing use of machine learning algorithms in data-intense research challenges research accountability in a way that an informed consent process is not able to cover appropriately (Reference Vayena and BlasimmeVayena and Blasimme, 2018). In response to these challenges, which are also relevant to MIDATA, systemic oversight is a governance model that builds on the principles of adaptivity, flexibility, monitoring, responsiveness, reflexivity, and inclusiveness. These principles should not be understood as fixed mechanisms but rather as a Leitmotiv for MIDATA governance. As data handling is at the core of MIDATA, it will be pivotal to implement governance mechanisms that are adaptive to new types of data as well as increasing data volumes. Also, as different research projects apply for data use, MIDATA governance mechanisms need to be flexible to meet the requirements of how the data will be used, as opposed to governance mechanisms that are tailored towards the origin of data. Furthermore, as nowadays data sets are linked, and therefore source data will be used to develop new data sets, it is essential to monitor data use beyond the initial research proposal approval, especially since novel data mining and machine learning methods potentially pose risks to privacy and may lead to discrimination. To accommodate for potential malicious privacy breaches or other failures, governance mechanisms need to be responsive and prepared to address such problems. Also, data sets provide information not only about the data donor but also potentially about his/her environment. Therefore, governance needs to be reflexive about these issues. This requires reflexive analysis of assumptions and biases that are embedded in machine learning algorithms. Lastly, governance should include all relevant stakeholders in governance processes to not exclude underrepresented groups. This engagement should foster public dialogue and learning (Reference Blasimme and VayenaBlasimme and Vayena, 2018; forthcoming). As mentioned earlier, our present research activities in the field of governance at MIDATA precisely test the suitability of systemic oversight for health data cooperatives.

Currently, MIDATA comprises four bodies: the general assembly, administration, audit office, as well as an ethics committee. The general assembly is the highest body, qualified among other competences to elect members for the administration, audit office, and ethics committee, as well as to amend the statutes and close down MIDATA. The management contains the management board and coordinates the operational work of the cooperative. The auditor is an independent body in line with the Swiss Code of Obligations. Last, the ethics committee reviews the quality of projects that apply for the use of data stored in the cooperative. This review also assesses how applicants aim to ensure privacy and what privacy preserving mechanisms are proposed by the applicant. Furthermore, the ethics committee advises the general assembly regarding reviewed proposals (MIDATA Genossenschaft, 2017).

Actors involved in the governance process can be divided roughly into four groups: first, cooperative members – membership confers formal governance powers; second, private individuals who have an account on the MIDATA platform but who lack formal governance power as they are not cooperative members. Governance power can easily be acquired by becoming a member of the MIDATA cooperative; third, professionals who are members of different committees and provide expertise and make decisions, for example about the ethical validity of research applicants; and fourth, administrative staff that run the cooperative on a daily basis and maintain the IT infrastructure. From a decision-making point of view, three decision points are of crucial importance. First and foremost, account holders have the exclusive decision power on what data should be stored within the cooperative as well as which data they would like to release into a research project. Then, elected members of the ethics committee (elected by the general assembly) review and decide which research projects are deemed to be in line with ethical as well as cooperative norms and therefore are approved to request data from account holders. Last, the general assembly is the highest decision-making body within the cooperative and therefore has the last word when it comes to committee elections, statutes amendments, or any other structural and far-reaching decision. At the current stage of governance development, people who have an account but are not cooperative members have no powers over cooperative governance. Nonmembers of MIDATA who do not hold an account with MIDATA can open an account at any time. The public visibility of MIDATA mainly relies on media coverage and academic events related to either research projects that work with MIDATA, as described earlier, or related to professionals who are involved in MIDATA. So far, MIDATA was covered in several local and national news articles in Switzerland, as well as in scientific journals (MIDATA Genossenschaft, 2019b).

With respect to privacy governance, at present MIDATA operates two mechanisms to maintain privacy. On the institutional level, there are ethics committee reviews. At the account holder level, there is the dynamic consent process, whereby account holders must actively consent to research as well as release their data into a research project in order for an applicant to access it. Here, MIDATA’s Privacy Policy in articles 5 and 6 clearly puts the account holder in the center of activities that are related to the account holder’s data. Only law enforcement can override the exclusive data access rights of account holders (MIDATA Genossenschaft, 2018). Both measures are crucial to maintain account holders’ privacy. The ethics committee works with professional expertise to review how the applying research projects will preserve privacy within their research projects. Both mechanisms together also control appropriate data flow. In the last instance, it is the account holder’s decision to consent to data sharing depending on whether s/he finds the data flow appropriate.

2.4 Patterns and Outcomes of the MIDATA

It is anticipated that MIDATA will lead to a range of benefits for not only cooperative members but also society in general. Considering the objectives of MIDATA, cooperative members and account holders will benefit foremost from the ability to control and manage their own personal data repository due to their exclusive control rights over their data. Nested within a governance framework designed to promote ethical, secure, and transparent data sharing, account holders should find a dependable platform to store and collect copies of their personal data. In addition, cooperative members have governance powers over the cooperative itself, and can therefore directly and in a democratic manner influence the governance processes within the cooperative. By personal control over data as well as the possibility to take part and shape governance processes, cooperative members maintain high levels of control over their own privacy.

Furthermore, as the cooperative is open to the general public, everybody has the opportunity to open an account on the MIDATA platform and to become a cooperative member. MIDATA membership growth will not only strengthen the cooperative by increasing the data volume and thereby the value for research, but a growing cooperative will also democratize the data economy within Switzerland. This is because ultimately MIDATA provides a governance tool that allows individuals to determine what happens with their data. Now, if a high proportion of Swiss residents store copies of their data in data cooperatives, they will eventually take back the legitimate control of their own data, which was one of the driving motivations for the foundation of MIDATA. This entire process is supported by the coordination role MIDATA plays by connecting its members and building an exchange network for members and account holders.

The expected social benefit of MIDATA will depend on the research conducted with data stored in MIDATA and MIDATA’s actions in the area of public relations, advocacy, and education. MIDATA understands itself as a platform that drives innovation, facilitates medical research projects, and promotes the digital self-determination of private individuals. With this focus, MIDATA may also be able to raise digital literacy among the general public and to act as an advocate for a fair data economy within Switzerland. In addition to the focus on Switzerland, the founders of MIDATA also work actively to develop relationships with other research institutions across Europe, to spread the MIDATA model and to drive the health data cooperative movement. At the moment, MIDATA is building a cooperative ecosystem with the Berlin Institute of Health, Charité, Germany; Medical Delta, City of Rotterdam, the Netherlands; Vito Research Institute, Belgium; Oxford University Hospital Foundation Trust, UK; and the INDEPTH-Network.org. Together, they focus on informing health policy through improved health information in low- and middle-income countries (Reference HafenHafen, 2018).

Considering the benefits for cooperative members, wider society, and international partners, MIDATA has the potential to contribute to legitimate research outputs and innovation in society. As MIDATA is structured following cooperative principles, in combination with the Swiss tradition of corporativism, the actions and outputs of MIDATA are likely to be perceived as legitimate by the general public as well as cooperative members. Nevertheless, it will be crucial to maintain and build a governance structure that addresses the concerns raised in the introduction of this chapter to make MIDATA a true alternative for member-controlled data sharing, and eventually a competitive data platform that attracts stakeholders from across society and research.

2.5 Conclusion

This chapter discussed the Switzerland-based health data cooperative MIDATA. In response to concerns about the present health data economy, MIDATA was founded to provide a governance structure for data storage that supports individuals’ digital self-determination, by allowing MIDATA members to control their own personal data flow and to store such data in a secure environment. The aim of MIDATA is to give data control back to the legitimate data controllers, the people, and thereby allows individuals to regulate their own personal privacy. In addition, in line with basic cooperative principles and considering MIDATA’s aim to advance science, MIDATA may contribute to the advancement of society and innovation.

MIDATA will refine its governance structure to account for the challenges that burgeoning data volumes and diversity present. In particular, current research activities focus on making the governance structure even more robust by adopting the systemic oversight approach. Then, it is anticipated that MIDATA will grow and that the cooperative data storage model will establish itself as a serious alternative to existing data repository models.

Footnotes

We thank Ernst Hafen, co-founder of MIDATA and Professor at ETH Zürich; Madelyn Sanfilippo, an editor of this volume; and Shannon Hubbs and Stephanie Bishop, from our research group, for their valuable feedback. We thank Personalized Health and Related Technologies (grant 1-000018-025) for their support.

References

Aitken, Mhairi, Jenna, de St. Jorre, Pagliari, Claudia, Jepson, Ruth, and Cunningham-Burley, Sarah. “Public Responses to the Sharing and Linkage of Health Data for Research Purposes: A Systematic Review and Thematic Synthesis of Qualitative Studies.” BMC Medical Ethics 17, no. 1 (2016): 73. https://doi.org/10.1186/s12910-016–0153-x.CrossRefGoogle Scholar
Audrey, Suzanne, Brown, Lindsey, Campbell, Rona, Boyd, Andy, and Macleod, John. “Young People’s Views about Consenting to Data Linkage: Findings from the PEARL Qualitative Study.” BMC Medical Research Methodology 16, no. 1 (2016): 34. https://doi.org/10.1186/s12874-016–0132-4.Google Scholar
Blasimme, Alessandro and Vayena, Effy. 2018. “Systemic Oversight: A New Approach for Precision Medicine and Digital Health.” Bill of Health, Petrie-Flom Center at Harvard Law School. 2018. http://blog.petrieflom.law.harvard.edu/2018/04/04/systemic-oversight-a-new-approach-for-precision-medicine-and-digital-health/.Google Scholar
Blasimme, Alessandro and Vayena, Effy Forthcoming. “Towards systemic oversight in big data health research: implementation principles” In CUP Handbook of Health Research Regulation. Editor Graeme Laurie. Cambridge University Press.Google Scholar
Blasimme, Alessandro, Vayena, Effy, and Hafen, Ernst. 2018. “Democratizing Health Research Through Data Cooperatives.” Philosophy and Technology. Springer Netherlands. https://doi.org/10.1007/s13347-018–0320-8.Google Scholar
Boston Consulting Group. 2012. “The Value of Our Digital Identity.”Google Scholar
Cadwalladr, C. and Graham-Harrison, E.. 2018. “The Cambridge Analytica Files Cambridge Analytica Revealed: 50 Million Facebook Profiles Harvested for Cambridge Analytica in Major Data Breach.” The Guardian UK Edition, 2018. www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election.Google Scholar
Contreras, Jorge L.Constructing the Genome Commons.” In Governing Knowledge Commons, Frischmann, Brett M., Madison, Michael J., and Strandburg, Katherine J., eds. Oxford University Press, 2014, 99136. https://doi.org/10.1093/acprof:oso/9780199972036.003.0004.Google Scholar
European Parliament Council of the European Union. 2016. “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC General Da.” https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32016R0679.Google Scholar
Evans, Barbara J.Barbarians at the Gate.” American Journal of Law & Medicine 42, no. 4 (2016): 651685. https://doi.org/10.1177/0098858817700245.CrossRefGoogle ScholarPubMed
Evans, Barbara J.Genomic Data Commons.” In Governing Medical Knowledge Commons, Frischmann, Brett M, Strandburg, Katherine J., and Madison, Michael J., eds. Cambridge Studies on Governing Knowledge Commons. Cambridge: Cambridge University Press, 2017, 74101. https://doi.org/DOI:10.1017/9781316544587.005.CrossRefGoogle Scholar
Frischmann, Brett M., Madison, Michael J., and Strandburg, Katherine J.. “Governing Knowledge Commons.” In Governing Knowledge Commons, Frischmann, Brett M., Madison, Michael J., and Strandburg, Katherine J., eds. New York: Oxford University Press, 2014, 144. https://doi.org/10.1093/acprof:oso/9780199972036.003.0001.Google Scholar
Frischmann, Brett M., Strandburg, Katherine J., and Madison, Michael J.. “Governing Medical Knowledge Commons.” In Cambridge Studies on Governing Knowledge Commons, Frischmann, Brett M., Strandburg, Katherine J., and Madison, Michael J., eds. Cambridge: Cambridge University Press, 2017. https://doi.org/DOI:10.1017/9781316544587.Google Scholar
Gille, Felix, Smith, Sarah, and Mays, Nicholas. “Why Public Trust in Health Care Systems Matters and Deserves Greater Research Attention.” Journal of Health Services Research & Policy 20, no. 1 (2014): 6264. https://doi.org/10.1177/1355819614543161.Google Scholar
Gille, Felix, Smith, Sarah, and Mays, NicholasTowards a Broader Conceptualisation of ‘Public Trust’ in the Health Care System.” Social Theory & Health 15, no. 1 (2017): 2543. https://doi.org/10.1057/s41285-016–0017-y.Google Scholar
Hafen, Ernst. 2018. “Data to the People – MIDATA Personal Data Cooperatives.” In FEAM Conference. www.feam.eu/wp-content/uploads/FINAL-2019-04-25-precision-medicine-report_final-1.pdf.Google Scholar
Hafen, Ernst 2019. “Personal Data Cooperatives – A New Data Governance Framework for Data Donations and Precision Health BT – The Ethics of Medical Data Donation.” In, edited by Jenny Krutzinna and Luciano Floridi, 141149. Cham: Springer International Publishing. https://doi.org/10.1007/978–3-030–04363-6_9.Google Scholar
Huang, Bevan E., Mulyasasmita, Widya, and Rajagopal, Gunaretnam. “The Path from Big Data to Precision Medicine.” Expert Review of Precision Medicine and Drug Development 1, no. 2 (2016): 129143. https://doi.org/10.1080/23808993.2016.1157686.Google Scholar
Information Commissioner’s Office. 2018. “Royal Free – Google DeepMind Trial Failed to Comply with Data Protection Law.” ICO. 2018. https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/07/royal-free-google-deepmind-trial-failed-to-comply-with-data-protection-law/.Google Scholar
International Co-operative Alliance. 2019. “Cooperative Identity, Values & Principles.” 2019. www.ica.coop/en/cooperatives/cooperative-identity.Google Scholar
MIDATA Genossenschaft. 2017. Statuten Der MIDATA Genossenschaft Mit Sitz in Zürich. https://midata.coop/docs/MIDATA_Statuten_20170905.pdf.Google Scholar
MIDATA Genossenschaft 2018. “Privacy Policy.” 2018. https://test.midata.coop/#/portal/terms/midata-privacy-policy.Google Scholar
MIDATA Genossenschaft 2019a. “Ally Science.” 2019. https://allyscience.ch/en/home/.Google Scholar
MIDATA Genossenschaft 2019b. “MIDATA MEDIA.” 2019. www.midata.coop/en/media/.Google Scholar
MIDATA Genossenschaft 2019c. “My Data – Our Health.”Google Scholar
Migros. 2017. “Die Migros Gehört Den Leuten.” 2017. www.migros.ch/de/migros-gehoert-den-leuten.html.Google Scholar
Mobility. 2019. “Mobilitys Unternehmenszweck: Nachhaltig Handeln.” 2019. www.mobility.ch/de/nachhaltigkeit/.Google Scholar
Mòdol, Joan Rodon. 2019. “Citizens’ Cooperation in the Reuse of Their Personal Data: The Case of Data Cooperatives in Healthcare.” In Collaboration in the Digital Age, Riemer, Kai, Schellhammer, Stefan and Meinert, Michaela, eds., 159185. Cham: Springer. https://doi.org/10.1007/978–3-319–94487-6_8.Google Scholar
National Audit Office. 2018. “WannaCry Cyber Attack and the NHS.” www.nao.org.uk/report/investigation-wannacry-cyber-attack-and-the-nhs/.Google Scholar
Ngwa, Elsy M. and Hafen, Ernst. 2017. “MIDATA Cooperatives – Democratizing the Personal Data Economy.” www.the-stars.ch/media/381219/elsy-ngwa_midata-cooperatives-democratizing-the-personal-data-economy.pdf.Google Scholar
Nissenbaum, Helen. 2010. Privacy in Context : Technology, Policy, and the Integrity of Social Life. Stanford, California: Stanford Law Books, an Imprint of Stanford University Press.Google Scholar
Ostrom, Elinor. 1990. Governing the Commons: The Evolution of Institutions for Collective Action. The Political Economy of Institutions and Decisions. Cambridge: Cambridge University Press.Google Scholar
Overwalle, Geertrui Van.Governing Genomic Data: Plea for an ‘Open Commons.’” In Governing Knowledge Commons, Frischmann, Brett M., Madison, Michael J., and Strandburg, Katherine J., eds. New York: Oxford University Press, 2014, 137154. https://doi.org/10.1093/acprof:oso/9780199972036.003.0005.Google Scholar
Powles, Julia and Hodson, Hal. “Google DeepMind and Healthcare in an Age of Algorithms.” Health and Technology 7, no. 4 (2017): 351367. https://doi.org/10.1007/s12553-017–0179-1.Google Scholar
Roessel, Ilse Van, Reumann, Matthias, and Brand, Angela. “Potentials and Challenges of the Health Data Cooperative Model.” Public Health Genomics 20, no. 6 (2018): 321331. https://doi.org/10.1159/000489994.Google Scholar
Sadowski, Jathan. “When Data Is Capital: Datafication, Accumulation, and Extraction.” Big Data & Society 6, no. 1 (2019): 205395171882054. https://doi.org/10.1177/2053951718820549.Google Scholar
Strandburg, Katherine J., Frischmann, Brett M, and Madison, Michael J. 2017. “The Knowledge Commons Framework.” In Governing Medical Knowledge Commons, Frischmann, Brett M, Strandburg, Katherine J, and Madison, Michael J, eds. 918. Cambridge Studies on Governing Knowledge Commons. Cambridge: Cambridge University Press, 2017, 918. https://doi.org/DOI:10.1017/9781316544587.002.Google Scholar
SWISS RE. 2018. The Future of Personal Data with Ernst Hafen. https://youtu.be/wyx5sS5I_QQ.Google Scholar
Symantec. 2015. “State of Privacy Report 2015.”Google Scholar
Vayena, Effy and Blasimme, Alessandro. “Biomedical Big Data: New Models of Control Over Access, Use and Governance.” In Journal of Bioethical Inquiry 14 (2017): 501513. Springer Netherlands. https://doi.org/10.1007/s11673-017–9809-6.Google Scholar
Vayena, Effy, and Blasimme, Alessandro 2018. “Health Research with Big Data: Time for Systemic Oversight.” The Journal of Law, Medicine & Ethics. https://doi.org/10.1177/1073110518766026.Google Scholar
Wellcome Trust. 2015. “Enabling Data Linkage to Maximise the Value of Public Health Research Data: Full Report.” London. https://wellcome.ac.uk/sites/default/files/enabling-data-linkage-to-maximise-value-of-public-health-research-data-phrdf-mar15.pdf.Google Scholar
Wilbanks, John T. and Topol, Eric J.. “Stop the Privatization of Health Data.” Nature 535, no. 7612 (2016): 345348. https://doi.org/10.1038/535345a.Google Scholar
Figure 0

Figure 2.1 Simplified overview of the MIDATA cooperative (MIDATA Genossenschaft, 2019c)

Save book to Kindle

To save this book to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×