In the two weeks before Edward Snowden broke news about PRISM I gave two lectures about research ethics. It is traditional to note that what is ethically acceptable is in constant flux as technology changes and also that ethical principles tend to emerge in times of crisis, e.g. human experimentation that is also genocide. An observation that I made during these lectures was that the next crisis is probably going to relate to the use of ‘big data’ repositories in health. Well I didn’t quite nail the health part but bingo! – the use, security and privacy of individual’s data, in this case meta-data from telecommunications, email and text messaging, became the topic of the day.

The public is now aware that there are large repositories of data about themselves. There will start to be greater awareness that some of these data repositories include health records that are collated electronically. Currently, in Australia, these repositories and most other healthcare systems, these repositories are not very detailed but they do record if you’ve been to hospital, why you’ve been to hospital and a host of demographic information. This data is collected legally and is used legally for public health and planning purposes and in many cases for medical research, usually under additional regulation through ethics review processes.

The other bit of information that the public will become aware of is that these repositories of data are linkable. This means that a dataset collected in one system like healthcare is potentially linkable to a dataset in another sector like finance, or the justice system.

The issue becomes how the public, how society reacts to this knowledge and what it believes is reasonable use. The argument in the op-ed pieces in the major publications is that programs like PRISM serve a purpose in protecting the public from security threats. Indeed, surveys of the public in the US suggest that generally speaking people support this assertion. So there are some ‘reasonable uses’ in the public interest. No doubt, the same will apply to health data. The question is where the thresholds lie and how much transparency there will be.

But let’s get back to all of that metadata. Clearly there might be uses for tracking terrorists or gun-owners. But there might be healthcare applications. The concept of small data has recently emerged. The example is the notion that your phone company can track your movements through your mobile phone. If an older person was less active this could show up in their small data and indicate that they are sick. Who does this data belong to? The person or the phone company?

At the moment there are no answers but no doubt there will be trickle down implications from the Snowden affair to other applications like healthcare.