Included studies
A total of 46 studies were included in this review (Supplementary Table 1: screening and inclusion flowchart, Supplementary Table 2: characteristics of included studies). Of these, 82.6% (38/46) were published in the last five years. The majority of papers (56.5%; 26/46) described European PPPs: in Denmark, Finland, Iceland, Italy, Switzerland, United Kingdom (UK), or Europe generally. Other papers (17.4%; 8/46) referred to the United States (n = 4), Canada (n = 1), Australia (n = 1), Israel (n = 1), and Singapore (n = 1). The remaining 12 (26.1%; 12/46) papers contained general ethical discussions without reference to a specific country context. Five specific cases of digital health PPPs were analysed in detail in more than one paper: the care.data scheme in the UK (n = 6), the partnership between the UK’s National Health Service (NHS) and Google’s DeepMind (n = 6), the collaboration between the State of Iceland and deCODE Genetics (n = 4), the Findata programme in Finland (n = 3), and the Google/Apple collaboration with national governments during the COVID-19 pandemic (n = 3). Most included studies (n = 30) discussed ‘data partnerships’, whereas fewer studies (n = 16) analysed ‘strategic partnerships’. No article discussed tripartite partnerships in which patient organizations or citizen groups join the public-private collaboration as a third partner. Three overarching ethical issues throughout the lifecycle of digital health PPPs were identified: data privacy and consent, public benefit and access, and trust and governance (Fig. 2). In Table 1, we provide an overview of key recommendations for each theme, derived from the literature, to support the creation of ethically informed PPPs in digital health. These recommendations should be viewed in conjunction with each other because, for instance, individual consent is not by itself a sufficient safeguard for privacy and it does not protect against broader societal harm.
Overview of the main ethical themes distributed over the two general phases of digital health technology development, i.e. the data collection and analysis phase, and the implementation phase.
Privacy and consent for data processing in PPPs
The literature describes privacy concerns and uncertainties around the scope of regulations in relation to digital health PPPs. Although PPPs are started from some common interest, private and public institutions may have different secondary goals that conflict with privacy20,21. Various authors frame the private sector as ‘tyrannical’ and argue that digital health PPPs are facilitating sphere transgressions of internet companies into the sphere of health, which violates the public’s expectations about privacy22,23,24. However, privacy concerns can be targeted at both the private and the public sector, focusing respectively on risks of commercialization (e.g. unwanted profiling, or an increase in inequalities) and state surveillance (e.g. misuse by law enforcement agencies, or the normalization of pandemic surveillance)25,26. Data sharing in PPPs can give rise to ‘group privacy’ concerns related to broader harms around stigmatisation or increasing inequality, as well as to concerns about individual re-identification, which may be particularly easy in smaller countries like Finland or Iceland that are ideal ‘population laboratories’ for health and genetic research27. While data protection regulations are aimed at safeguarding data privacy, they do not always cover data processing in PPPs. Foreign companies may be based outside the jurisdiction of the data subjects; moreover, many regulations only apply to medical records in public organisations and not to commercial health data collected in consumer apps or wearables28,29,30. In addition, most data protection laws only cover data from identifiable subjects, but some people have principled objections to secondary commercial uses even when their data is successfully de-identified, so current data protection regulation may not suffice for digital health PPPs30,31.
Another key topic in the literature was informed consent for data sharing in PPPs. In cases of sharing publicly stored health data with companies, the process of giving informed consent is increasingly framed as an individual trade-off between exchanging ‘your’ personal health data for ‘public benefit’. Indeed, according to most data protection and health laws, individual consent might not be strictly required if there is a clear and important public interest. However, Vezyridis and Timmons discuss how this binary view disregards that public health innovation is only possible because of long-standing individual rights24. Moreover, various authors note that making such a trade-off or cost-benefit calculus is not truly possible because of patients’ inability to adequately control their data and because consent is an insufficient safeguard for broader societal harms32,33. Still, consent is seen as valuable for purposes of transparency and for giving people the option to veto certain uses of their data, as well as for maintaining trust in health research. Various major collaborations with industry were unsuccessful because data subjects´ consent was not adequately obtained and trust was harmed as a result. In addition to the care.data24,30,34,35,36,37, DeepMind30,38,39,40,41,42 and deCODE30,43,44,45 controversies presented in Box 1, the literature describes criticism of Finland’s data infrastructure which does not allow opting out of data sales to commercial entities46, while in Italy, the unconsented transfer of health data from the government to IBM Watson Health was blocked due to legal uncertainties41. In the US and UK, identifiable data sharing without consent is allowed when companies provide services for patient care, and there are debates whether this exception has been misused in data sharing PPPs between healthcare organisations and Google, where a ‘direct care’ relationship did not truly exist or at least not for all data subjects28,38,39,42.
A number of scholars have argued that some form of consent should be required for sharing health data with commercial companies, even though the risk of selection bias inherent to the consent process may be exacerbated when data subjects have to specifically consent for commercial use20,28,47. Whether via an opt-in or opt-out process, these authors find that data subjects should be informed of how and for how long their data will be used in the PPP. Kaplan notes that at a minimum, data subjects should be able to opt out of commercial data use48. According to the reviewed literature, such opting-out should be easy and good reasons (i.e. those generally found relevant and fair) for accepting data sharing in PPPs must be specified in consent documents31, and the provided information should be kept up to date, e.g. by announcing new uses on a public website or through dynamic online consent processes49,50. Moreover, examples of bankruptcy of the original data holder such as in the SharDNA case in Italy50, show that notice or consent might need to be renewed when data are transferred to another organisation or company.
Public benefit and access to the results of PPPs
A key ethical requirement for establishing digital health PPPs is that the eventual results or tools benefit the public interest, especially when the data comes from the public sector20,30,51. In various legal frameworks such as in the EU, the ‘public interest criterion’ is a potential legal ground for not obtaining consent. We should note here that something which is in the public interest is not necessarily of direct public benefit, but in the reviewed literature the terms ‘benefit’ and ‘interest’ were used interchangeably. In any case, the potential value contribution of digital health PPPs is widely recognised and these initiatives are welcomed by researchers because they address limitations such as a lack of technological infrastructure or expertise in big data analytics22,35,36,41,49,52. In other words, “avoiding PPPs altogether would not serve the public interest”49. When public benefit is achieved, secondary commercial profit is generally accepted given the obligations that companies have to shareholders, employees and customers51,53. The ethics literature highlights different types of public benefits: improvements in direct patient care, advancements in scientific knowledge, cost-savings to the healthcare system, and even benefits to the national economy. Various authors argue that the important distinction is not just between public and private benefit, but also between a plurality of arguments (‘normative repertoires’23) that provide legitimacy to a PPP, which range between driving research, to improving healthcare, achieving financial and economic gain, and maybe even by monetising the data as such25,35,41. Due the ambiguity around the public interest requirement, it may not restrict data sharing but actually pave the way for expanded uses in the broader public interest, like promoting economic growth through PPPs32,54.
Namely, the shift from welfare state data regimes to data-driven health economies can go hand in hand with a process of national ‘solidarization’46, whereby citizens are called upon to contribute their data to PPPs in order to benefit the public interest, despite uncertainties about what this interest is and who the actual beneficiaries are, and with the risk that eventually only those who share their data can use health services27. The main problem with this solidarization is that especially long-term strategic partnerships are often not aimed at a specific health benefit but rather at improving the research and business climate and at making the country in question a “famous and a leading country in the digital social services and healthcare field”54. The increased involvement of private companies can be related to a history of budget cuts and worries about sustainability of healthcare systems23. In the example of deCODE, the partnership tapped into citizens’ economic worries: at a time when fish stocks declined, a new source of income could be found in health technology that profited from the genetic homogeneity of the Icelandic population45. As such, solidarization is grounded in ‘population branding’—i.e. employing marketing strategies to position a country’s population as special to attract investments in data as a national resource44—thereby excluding those people who are not part of the branded population, and it is thus incompatible with a more universal solidarity46. Moreover, when the rhetoric of solidarity is used to promote a neoliberal view of health and research, this harms the trust of citizens who wish to “further the common good without being manipulated into doing it”36.
In the literature, we found no consensus on which types of benefits are acceptable – i.e. whether PPPs should only be started when they bring improvements to future patients’ health or the healthcare system, or if PPPs that strengthen economic and research environments are also acceptable29,51,53. Views about this vary for different cultural (country) contexts and for the different social roles that one individual may have: “what patients care about as patients cannot be equated with what patients care about as citizens who are part of a much wider social endeavour”34. Whether specific benefits are seen as acceptable also depends on the level of certainty that these benefits will truly be brought about. Solidarization may not be appropriate also because there is some healthy scepticism about the actual benefits of tools developed in digital health PPPs, as these depend on the quality of the data and research, which should be subject to scientific review21. Especially when PPPs use data generated or collected by the commercial partner, the datasets are often patchy and biased because they are self-reported or passively collected by users who use the service (e.g. a smartwatch) inconsistently22,44,55. Moreover, the absence of quality meta-data may complicate linkage of data between different partners31. Finally, there may be a conflict of interest in the sense of a felt obligation by public researchers to the company that co-funds their studies, potentially leading to distortions in the design or analysis process21. Various scholars argue therefore that as a general rule, overriding safeguards like individual consent by appealing to public benefits may be acceptable only when this is proportional and transparent25,28,32. Partners should define early on their vision for how their PPP creates public benefit: this vision should be based on performance indicators which are actually tracked, to avoid ‘lip service’ or ‘ethics washing’ when companies or governments merely have an interest in accountability in order to protect their image49,51. This would also help avoid strategic (mis)use of the concept of public interest for retaining credibility when expectations based on one particular definition are not met54.
Other issues discussed in the literature relate to access and intellectual property. In the most common terms, a public benefit may refer to one that is widely available56, which the literature describes is not always the case if private interests lead to digital health products being overpriced or otherwise inaccessible51. Various authors raise concerns about the exacerbating of inequalities when benefits are not fairly shared due to commercial interests28,32,38. Ideally, according to various authors based on their case studies, the healthcare institution providing health data should have free access to the resulting goods and services25,36,39,57 or at least recover the costs of providing the data and knowledge through data access fees56,58, but this is not always the case because the ideal of benefiting public healthcare, research and education may clash with the profit-driven aims of companies. It is known that the accessibility of digital health applications depends for a large part on intellectual property (IP) arrangements designed to protect industrial partners’ competitive advantage. Ballantyne and Stewart advise that public and private sector collaborations take the time to identify shared interests and clearly articulate how benefits will be distributed38. In the example of the DeepMind controversy, the NHS might have secured joint IP rights with a longer negotiation process involving a broader range of stakeholders38. These discussions should cover fair pricing, according to Winkler et al.51. Moreover, Landers et al.49 argue that the data generated in a PPP should be made open after the project is finished, according to the principles of findable, accessible, interoperable and reusable (FAIR) data and that IP rights may be sought only on outcomes mostly achieved by the private partner.
The specific ways in which IP and other benefits are shared need to be determined case-by-case, but there seems to be consensus in the reviewed literature that public health data itself should always remain a public good, given the public investments in collecting it23,39,49,51. Digital health data coming from the public sector’s ‘gold mine’ is increasingly viewed as ‘asset’ or ‘public good’ that can create both social and economic benefit32,46,59. However, assigning financial value to data is said to be difficult, as this value is often generated at later steps in the development process of digital health tools, so perhaps public benefits are best understood as indirect societal value rather than direct financial value49. Finally, in refs. 39,51 it is argued that public organisations should remain gatekeepers and stewards of publicly collected data, even if they do not ‘own’ the data in the proprietary sense. However, fulfilling this role might be difficult due to power dynamics and companies’ monopolies.
The need for public datasets and medical expertise in PPPs may give some negotiation power to the public partner as data stewards25. Yet ‘big tech’ companies are bringing expertise increasingly in-house by recruiting from top public organisations, leading to ‘brain drain’ whereby the public healthcare sector is becoming more and more dependent on industry25,32. With her frame of the ‘Googlization of health’, Sharon23 highlights the risks associated with corporate encroachment into health, politics, and public policy spheres, potentially leading to a crowding out of expertise, growing dependencies and concentration of power, and calls for more bioethics research on these power asymmetries. Large tech companies often promote a neoliberal, techno-optimist narrative focused around the individual as autonomous decision-maker, while ignoring societal concerns like designing inequality into digital health tools60. When the wider public is not in a position to benefit from the value of their data this can be seen as exploitation or even ‘tyranny’23,32. Lanzing et al.61 note that it may be more appropriate to speak of a ‘push and pull’ power play between industry and the public sector regulating it, and that values like digital sovereignty are important for the public sector to keep some of this power.
All in all, the reviewed literature shows that while privacy protection is important, a focus on privacy should not draw attention away from safeguarding public benefit of PPPs by being attentive to larger societal risks of diminished power, expertise and access. While power issues play a role in any collaborations with industry (e.g. with pharmaceutical companies funding clinical trials), the impact might be great in the newer and less developed and regulated field of digital health21. There also exists a large digital divide because usually only large tech companies have the funds and infrastructure to move into the sphere of digital health32, but a fair playing field should be created by providing companies non-exclusive access to data51. It is in the public interest to avoid monopolization of large tech companies and to promote competition so that no single actor can control scientific outputs and the pricing of digital health tools22,40,41,44.
Good governance and demonstrating trustworthiness of PPPs
Instances where the consent process is inadequate and people discover commercial involvement after the fact (Box 1), cause an erosion of trust in both the public and private partner. Carter et al.34 have analysed this as the failure of obtaining a “social license to operate”, referring to the fact that not only legal requirements should be fulfilled but PPPs should also be sensitive to societal expectations about their conduct. The literature describes how citizens may be unfamiliar with the unexpected secondary goal of many PPPs to contribute not only to public health but also to national or regional wealth: trust in public organisations may come under more pressure as governments increasingly have economic, wealth-related and reputational reasons for engaging in PPPs for digital health. With the rise of PPPs it also becomes unclear whom data subjects should trust: the public or private organisation, the actors within these organisations, or the collaboration as such? Existing relations are changed when healthcare organisations enter into (non-transparent) collaborations with digital technology companies, which can be seen as context transgressions resulting in a trust gap22,49,57. Eroded trust in healthcare institutions can impact directly on the patient-physician relationship. In the Google-Ascension collaboration, for instance, clinicians were not informed and thus could not tell their patients about this data sharing partnership, which jeopardises patient trust in the confidentiality of the information shared with their doctor28. Even data controllers themselves may have trust issues and reputational concerns when they need to handle data access requests from the ‘other’ sector, so demonstrating trustworthiness is important between partners as well31,52.
Some authors state that newly set up digital health PPPs should put in the work to earn and maintain public trust20,31, while others think that public sector relations with companies should not be based on trust, which is grounded in uncertainty, but rather on the confidence that they are indeed processing health data in acceptable ways62. In order to merit the public’s and each other’s trust, both private and public organisations should first ensure being trustworthy when it comes to handling patient data and reaping benefits from this37. In particular, several papers highlight the concern that the rapid pace of deal-making, driven by Big Tech’s ‘move fast and break things’ approach, may ultimately break patient and public trust by compromising governance29,30,37,39,55.
Promoting trustworthiness of PPPs can be done by basing their governance on the concept of ‘stewardship’. The idea of stewardship is less complex to apply than ownership, and more appropriate due to its focus on responsibilities related to data protection, appropriate use, and promotion of public benefit27,31,38,58. While a ‘data controller’ already has a legal responsibility to ensure compliance with relevant laws on data protection, the concept of a ‘data steward’ is more encompassing, entailing not merely the protection of participants but also the promotion of research when it fulfils a public need, and the balancing between these two31. Despite worries that some governments may themselves facilitate sale of data for secondary use as an economically driven data broker rather than a data steward safeguarding the public interest44, various authors state that the public partner should always remain the steward of health data who determines what is appropriate access and use and how privacy should be protected and trust promoted32,38.
The literature suggests that an internal PPP committee governs day-to-day access and management issues (such internal committees might be financed through data access fees20), based on publicly accessible policies, while external ethical and scientific boards are responsible for oversight38,50. Good governance or stewardship requires consulting with these oversight bodies, such as data protection authorities, data protection officers, and institutional ethics committees56,58,63. Yet ethics committees for overseeing digital health research are less established than for clinical trials and may lack specific epistemic and ethical expertise, ranging from negotiation skills to knowledge of programming, which highlights the need for guidelines and training of governance and ethics committee members on the ethics of digital health in general and of PPPs specifically21,25,43,47. Drafting clear policies and guidelines for specific PPPs is helpful when existing (national) regulation does not suffice, e.g. as it does not cover deidentified data64, and such guidance can be further refined through multi-stakeholder consultation including both private companies and public entities49.
However, there seems to be no consensus on how strictly PPPs should be regulated and whether there is room for self-regulation by the private partner. Some authors advocate strict penalties for misuse of data, e.g. fines or exclusion from future data access, which may serve as an incentive for corporate responsibility35,58, and the enforcement of sanctions was seen by citizen juries as promoting trust in digital health PPPs30,56. In the context of fair pricing of the digital health tools, however, Winkler et al.51 advise against such penalties as they find that “public moral pressure or fear of reputational damage” would be sufficiently motivating for industry to self-regulate to ensure equitable access. Whether self-regulation is sufficient, remains to be seen. For instance, Powles & Hodson39 criticized DeepMind’s self-appointed (and later abolished) ‘independent board’ for hindering true oversight, a concern echoed about the company’s ‘Ethics and Society Fellows’42.
The reviewed articles highlight that good stewardship requires particular attention for transparency and accountability of researchers and data stewards, not merely as procedural formality but as fundamental principles that should underpin digital health PPPs, especially when these collaborations are (indirectly) funded by public taxes and use publicly collected data. Consensus in the literature is that transparency constitutes a minimal requirement: people should at the very least be made aware that and how their data are processed in PPPs30,49,56,64,65. The public generally has less trust in industry than in the public sector32,38, yet in a study of two Australian “citizen juries” who discussed the sharing of data with private partners, those juries did not reject all involvement of commercial companies and understood the need for PPPs in specific cases after explanation56. Even though transparency and other demonstrations of trustworthiness are no guarantee for eliciting trust, there is an intrinsic link between transparency and the social license, because transparency to patients, employees and the public helps facilitate public debate38. Transparency is important at different levels, ensuring that datasets and algorithms are transparent but also in terms of disclosing potential conflicts of interest (COIs) and being transparent about the (commercial) purposes and practices of data sharing as laid out in agreements21,58. The literature also suggests several accountability requirements: namely, key performance indicators should be described and publicly monitored49, and clear lines of responsibility and effective accountability mechanisms are needed, coupled with proactive stakeholders engagement, and possibly with compensation measures for demonstrable harm caused by data sharing in PPPs31,51.
Yet the commercial and reputational concerns of private and public partners can impede these efforts—especially since private companies are not bound to public transparency and accountability in the way that the public sector is, which can lead to power asymmetries and create conflict between commercial secrecy and public oversight mechanisms26,49. Various case studies underscore the challenges in balancing transparency with commercial interests, with lack of clarity in contractual arrangements and data governance frameworks raising concerns about data sovereignty and public trust36,37,39,49. In the DeepMind controversy, one accountability issue was that the company was labelled only as a data processor rather than joint data controller, despite having significant control over data use39. Similarly, Google’s partnership with Duke University positioned the university as “assisting” Google, instead of the other way around, showing the limited decision-making power of the university22.
Finally, taking transparency and accountability a step further, the reviewed articles underscore the critical role of public engagement in navigating the complexities of PPPs. This entails organising ongoing dialogue to address concerns and garner support from stakeholders, especially the communities whose data are shared. In addition to controversial PPPs that did not consult stakeholders, there are various ‘best practice’ cases of achieving community buy-in by setting up patient and public involvement (PPI) strategies early on. For instance, Piciocchi et al.50 describe two cases where early engagement with local communities through town hall meetings and constant communication fostered trust and high participation rates. The literature highlights the importance of inclusivity and responsiveness to diverse perspectives, dissenting voices and vulnerable groups who have the least capacity of exerting influence31,38. Engagement should transcend mere awareness-raising and give meaningful control to those engaged34 but still be “proportional to the nature and size of the PPP”38. New developments, such as those around AI-based analysis of data, should call for renewed PPI efforts30,42. Baric-Parker and Anderson28 suggest that decisions regarding the use of data by third parties should always involve input from patient representatives, and Cohen and Mello63 even argue that at least half of the members of hospital data access committees should be patients of that hospital. Such proposals can be seen as a response to the difficulties with individual informed consent. While inclusive public and patient engagement may be costly and takes time, it promotes public agency and trust in PPPs, improves the quality of stewardship and oversight, and ultimately helps achieve greater societal benefit by promoting the acceptability of the tools developed in PPPs26,49,51.
link
