UK Biobank health data offered on Alibaba
UK Biobank health data was offered online. Access has now been stopped. Further security measures are planned.
(Image: TippaPatt/Shutterstock.com)
Following media reports about UK Biobank datasets being offered for sale on Alibaba, the British government has intervened and launched an investigation. The country's top data protection officer is calling for a comprehensive clarification. The UK Biobank is considered one of the world's most important projects for biomedical research. Since 2012, volunteers have been providing health and genome data there, which is made accessible to researchers worldwide.
As Ian Murray, Minister of State explained, UK Biobank had already informed the government on April 20th that several offers had been discovered on Alibaba platforms. “Biobank told us that 3 listings that appear to sell UK Biobank participant data had been identified. At least one of these 3 datasets appears to contain data from all 500,000 UK Biobank volunteers.” Murray stated. Further listings concerned “support for applying for legitimate access to UK Biobank or analytical support for researchers who already have access to the data.”
Videos by heise
Access blocked and data access temporarily stopped
Following the incident becoming known, several immediate measures were initiated. Together with UK Biobank, the platform operators, and Chinese authorities, the offers were promptly removed. At the same time, access for the research institutions identified as potential sources of the data was revoked.
Furthermore, UK Biobank has temporarily suspended access to its data platform. Downloads are currently stopped until technical measures are implemented to prevent uncontrolled downloading in the future. The organization has also self-reported to the British data protection authority (ICO).
Data protection officer demands transparency
The National Data Guardian, Nicola Byrne, reacted with clear criticism. It is “deeply concerning” that confidential health data, which people had provided in trust for secure use, was apparently offered for sale online. It must now be fully clarified how this could have happened and what consequences should be drawn.
Participants have a right to clear information about what happened and how similar incidents will be prevented in the future. Only through transparency and consistent action can trust in data-driven health research be maintained.
Question of trust for international health research
The government described the incident as an “unacceptable misuse” of the data and the participants' trust. At the same time, it announced new guidelines for handling research data. It is still unclear how the datasets specifically ended up in the hands of the providers. A comprehensive investigation is underway. The government emphasizes that the offered data did not contain information such as names, addresses, or contact details. Furthermore, there are currently no indications that the datasets were actually sold.
UK Biobank itself also announces that it will increase security measures. It also hopes to reassure patients through the measures already initiated: “Your personal data at UK Biobank is safe and secure,” according to a message from the head of Biobank, Professor Sir Rory Collins, to the patients. However, regarding the nature of health data, this is to be doubted, as experts regularly emphasize.
In Germany, access to such data is currently regulated much more restrictively. Research data is typically provided in controlled environments such as so-called data integration centers, often without the possibility of simply downloading raw data.
At the same time, however, there is increasing criticism from industry, for example from Bayer, regarding the complexity and strictness of these procedures. Industry users, for instance, criticize that access to data via the Forschungsdatenportal Gesundheit is sometimes difficult to understand, fragmented, and not very user-friendly.
At the Forschungsdatenzentrum Gesundheit – against which a lawsuit by the Society for Freedom Rights is currently pending – numerous requests for data access, predominantly from industry, have already been received. At the same time, secure access to certain data is still being refined. It is also repeatedly criticized here that there is a lack of transparency towards the insured. The transfer of data from the electronic patient record is planned for autumn 2026.
(mack)
