Privacy experts are raising the alarm following the Israeli government's decision to share COVID-19 vaccine patient data with Pfizer.
The data-sharing program, which has been agreed as part of a fast track plan to get the entire population inoculated as quickly as possible, could have lasting repercussions for citizens because of how data is being processed.
According to Pfizer and the government, the decision to share data about the impact of Pfizer's COVID-19 vaccine on its population is a potential game-changer, because of how it allows the international drug company to study and understand the vaccine's performance at scale.
Rina Shainski, chairwoman and co-founder at Duality Technologies, a global leader in privacy-enhancing technologies, told ProPrivacy.com that Israel is considered an ideal location for medical data acquisition during the pandemic:
"Because Israel possesses comprehensive digitized medical records, data sharing will potentially enable Pfizer to link vaccination outcomes to medical pre-conditions and examine correlations," said Shainski.
"This is the first opportunity for a pharmaceutical company to analyze outcomes across the majority of a country's population, which can significantly accelerate research into the vaccine's efficacy and potential side effects," she added.
While the potential benefits of the agreed data-sharing regime are legitimate, Shainski has expressed serious reservations about the data that is being shared and processed. According to Shainski, that data sharing could have serious ramifications for Israeli data subjects:
"Individuals’ medical data is highly sensitive, and by default, most people would prefer to keep their medical history private. Medical records might include information about issues such as mental health conditions, genetic mutations, or other conditions of a sensitive nature."
Shainski was quick to point out that these sensitive medical records, particularly genetic information, could result in privacy violations not just for primary data subjects but also their children and family members as well.
According to the contract published by Pfizer, the Israeli Ministry of Health will "use a mutually agreeable electronic transmission method that protects the security and integrity of the data". That data will be transferred on a weekly basis according to the contract. This implies that potentially significant amounts of epidemiological data may be accumulated by Pfizer.
This level of data collection makes Shainski nervous because she is not convinced that data is being handled in such a way that data subjects are adequately protected.
"While the data that Israel is sharing is seemingly of an aggregated nature, Israel and other countries must be aware that if they intend to share even de-identified data at scale, that is likely to bear a significant risk of re-identification."
"Today's advanced computing methods can enable data to be re-identified and linked back to individuals, creating a significant risk for privacy breaches. That's why it's essential for such data transfers to be implemented alongside robust privacy protections."
Shainski is particularly concerned about the potential for re-identification due to the fact that Pfizer is explicitly "...not obligated to return or destroy Project Data or Results, including after termination of this Agreement."
With indefinite access to Israeli citizens' medical information, the potential for re-identification inevitably increases – because the sophistication of techniques, methodologies, and technologies used to de-anonymize aggregated data will accelerate over time.
This makes data sharing with Pfizer a long-term problem if it is not safeguarded with sophisticated privacy-enhancing technologies (PET), Shainski said.
"PET use is essential to preserve privacy and confidentiality. Privacy protection goes beyond standard security protocols, which thwart hackers and other bad actors: It aims to guarantee privacy even when data is shared between trusted partners (e.g. Israel and Pfizer). Even with security measures in place, any sharing of raw data constitutes a potential privacy risk."
"Differential privacy is an insufficient solution because gleaning relevant insights requires analysis of exact, individual-level data."
Improper data protection
What is frustrating, is that according to Shainski, techniques already exist that can enhance privacy while data is in use and allow for a secure analytics process.
"These concerns can be mitigated by a new genre of Privacy-Enhancing Technologies," she explained. "One such PET is Homomorphic Encryption, a computation technique which enables users to compute and analyze encrypted data while the data remains encrypted."
Ultimately, it seems clear that Israel's decision to trade doses of the sought after Pfizer vaccine in exchange for medical information regarding its effectiveness has been entered into in good faith, and with the ambition of inoculating Israel's population as quickly as possible.
Despite this, the question of how the accumulation of medical data by an international pharmaceutical company will affect Israeli citizens going forward is massively important.
Under the circumstances, the Israeli government would be wise to insist on the use of technologies that allow important analysis to occur without putting citizens' privacy at risk. The fact that the government has failed to do so makes the entire Pfizer deal extremely worrying.