Ask Alexa why your chest hurts and it will trawl through the internet to give you an answer. If you’re in the UK, it will read the answer to you from the NHS website – and offer to call 999. In principle, this is great. Except of course, for the fear that Alexa could keep your health questions stored, and eventually allow Amazon to sell your data to the highest bidder.
This was the crux of a Sunday Times report which claimed Amazon has access to information on symptoms, causes and definitions of conditions, and “all related copyrightable content and data from other materials” at taxpayers’ expense. In exchange for accessing this information, Amazon will pay the NHS a copyright fee.
So has the NHS sold Amazon my data?
According to the NHS, the answer is a resounding no. Individual patient data gathered by your GP is not available to be trawled through by Amazon – or by extension, Alexa.
The NHS has allowed Amazon to join the over 1,500 other businesses that are licensed to use information from the NHS website as part of their services.
Under the terms of this deal, which was first announced in July 2018, Amazon has access to healthcare information collected by the NHS and displayed on its website, as well as the power to benefit from it commercially.
Former health secretary Matt Hancock said Alexa would cut pressure on GPs and pharmacists and answer basic health-related questions from home. The additional information, which excludes personal data, would allow Amazon to promote, advertise and sell its own products as a new feature of the device.
For the visually impaired, elderly and those unable to use their computers, Alexa can be an important alternative source of information for very basic symptoms for the 14 per cent of households in the UK that have one of Amazon’s devices.
For Amazon’s part, the company will be able to use diagnosis information to create new products (for Alexa or other devices) and will be able to share the information with third parties. A spokesperson for the NHS said it has put “appropriate safeguards” in place to ensure that information is used correctly. What those safeguards are is unclear.
Should I be worried?
While there is no immediate cause for panic, data-savvy patients should pause for thought. Why would Amazon bother trying to gather patient data when we so willingly give it up in the first place?
If you’re asking Alexa about an ailment, that query will be recorded for posterity and linked to your Amazon account, just like any other conversation with your smart speaker. You can, of course, delete it from your search history, but most people likely won’t. What the NHS has done is open the door to people sharing even more information with Alexa – and by extension, Amazon. But, by the same logic, we would give away the same information if we put our symptoms into Google.
This is, after all, how the internet works: information is put online free of charge, companies index it so people can find it and make huge same of money from the data they scrape and the profiles that they build in the process.
Crucially, Amazon has not yet proven that Alexa can be used as an effective diagnostic tool, nor that it has reduced the amount of pressure on GPs or A&E. If you had more than one symptom, for example, Alexa will not be able to start a conversation to ask you what they are. A slip of the tongue could trigger mistakes between similar-sounding conditions such as ‘hyperthyroidism’ and ‘hypothyroidism’. Alexa could listen patiently, and simply tell you to visit the GP anyway. Other companies, including NHS-backed Babylon Health, have previously struggled with the complexity of diagnoses. Unless Amazon has developed an iron-clad system, consulting Dr Alexa could lead to misunderstandings, misdiagnoses – or just wasting people’s time.
Okay, I won’t use Alexa or Google to keep my data safe
Even if you avoid using both companies’ services, there is no guarantee that your data will stay private. The NHS may not have sold patient data this time, but this does not mean that it will never do so in the future. According to independent patient taskforce Understanding Patient Data, the NHS will never share personally identifiable data for marketing or insurance purposes, “unless you specifically say that it is OK”.
Most people assume that because the majority of data shared with private companies is anonymised, their personal information is safe. That’s simply not true, according to Alan Woodward, privacy expert at the University of Surrey, who argues that deanonymisation is “quite feasible by consolidating data from several data sources”.
“If nothing else, this shows why it remains vital that control over the data is maintained and tracked, and it doesn’t somehow make its way to third parties, or misused by those given the data initially,” he says.
The issue of data sharing between the NHS and private companies is contentious, with privacy campaigners pointing out that often the contracts are shrouded in secrecy and offer very little clarity on what the information is being used for.
For example, the Department for Health and Social Services earlier this month issued licences to pharmaceutical companies including Merck, Bristol-Myers Squibb and Eli Lilly for up to £330,000 each, a fact that came to light after an investigation by The Observer earlier this month.
These contracts prove that even anonymised data has value, something that has not been factored into the deal with Amazon. The NHS has not only handed over expertise and allowed the e-commerce giant to directly profit from it – it has also endorsed Amazon to gather patient data straight from our own mouths, in a way that identifies us, with little regard for the consequences.
More great stories from WIRED
🚙 SUVs are worse for the planet than anyone realised
⏲️ Science says we should work shorter hours in winter
🐘 The illegal trade of Siberian mammoth tusks revealed
🙈 I ditched Google for DuckDuckGo. Here’s why you should too
📧 How to use psychology to get people to answer your emails