The scale, digital nature and participatory model of new large‐scale data initiatives creates challenges for the existing regulatory infrastructure. Traditionally health data governance, as it applies to personal health and genomic information, has focused on data that relates to people in identifiable form. This isn’t good enough anymore. Not only is there increasing recognition of the enduring risk of re‐identification but, even while de‐identified, data has significance for individuals as members of groups.
There is an increasingly urgent need to acknowledge the importance of group data and its appropriate control within the framework of health research regulation. Failure to do so will undermine trustworthiness in effective governance: compromising our ability to effectively regulate big data flows capable of fundamentally reshaping the conditions under which future generations will live and be judged.
The need to govern use and dissemination of de‐identified health data is recognised by the Framework to Guide the Secondary Use of My Health Record System Data. With the first release of data under the Framework expected from next year, this presentation assesses its capacity to promote and pro group privacy risks and protect the public interest in not only health research but also individual and group privacy interests.