Privacy uproar shows Google cloud business has a trust problem

Ascension’s deal is no different to the deals other companies have with public cloud providers

A whistleblower reveals a secret transfer involving the personal data of tens of millions of people and a big tech company. Expressions of outrage follow, and regulators promise to investigate.

This sounds like the leak of Facebook data to Cambridge Analytica. But it also describes this week's portrayal by the media of US healthcare provider Ascension's decision to hand the records of 50 million of its patients to Google.

In reality, this is far from the scandal it was painted. But the huge attention it has received points to both the risks and opportunities as large troves of valuable data are moved, wholesale, to the cloud. How this information is handled, and who reaps the value from it, are questions that will stir much wider concern.

As it turned out, Ascension had signed a fairly standard cloud deal with Google for its patient data to be stored and processed. This is no different to the arrangements companies in many industries have reached with public cloud providers such as Amazon Web Services or Microsoft. Had Ascension contracted instead with IBM – and if a few dozen IBM workers, rather than Googlers, were able to see patients' personal data – it wouldn't have caused a stir.


Particular problem

This points to a particular problem for Google as it tries to build a cloud computing business. The heightened attention to the vast amount of data it already holds to support its consumer advertising business prompts inevitable questions about how information belonging to companies such as Ascension is treated. No one asks whether a company’s data are adequately ringfenced when it is held in the IBM or Microsoft clouds.

Companies using the cloud face questions about how best to reap value from data.

That US health information laws, dating from before the internet era, are widely considered loose does not help. Nor does the fact that Google has already been faulted for its handling of personal data about a large population of patients, over the way DeepMind was able to access National Health Service data in the UK.

This week an FT investigation also revealed that some highly personal health information that internet users enter on websites was being transmitted to Google’s advertisers, raising further questions.

A bigger question from deals like this, meanwhile, concerns the amount of extra value that could be created by holding data in the cloud.

Applying machine learning – and, potentially, pooling some of the information with data from other sources – could yield important insights. How should that value be shared out between patients, healthcare companies and their technology providers?

For Ascension, one attraction of using Google is that the internet company will be able to supply useful new diagnostic and organisational tools to medical staff. This echoes other deals that could reshape the health sector, such as Novartis’s recent agreement with Microsoft, tapping that company’s artificial intelligence technology to make more use of its data. Companies, naturally enough, want to keep the value in these insights to themselves, and say they will use it to benefit their patient populations.

One more complication

Google, on the other hand, has not been secret about its own desires to bring the benefits of better healthcare information to the public at large. A specialised health search engine, or a personal digital assistant that could give accurate answers to your health concerns, would be hugely valuable – both for the internet company and the billions of people who use its services. This creates one more complication for Google as it tries to build both an enterprise-grade cloud business and mass consumer services in the same company.

Companies turning to the cloud also face questions about how best to reap value from their data, while ensuring their patients remain the main beneficiaries. Applying new AI tools to patient data they already hold presents the first opportunity. In the field of cardiovascular medicine, for instance, Novartis has a mass of data drawn, over the past decade, from trials involving 100,000 patients. A data set of that scale is a considerable asset.

But if the ultimate promise of personalised medicine is a treatment designed for each individual, then analysing smaller patient populations to reach more revealing insights will eventually become a necessity. Some pooling of information, and the creation of more open data sets, will become key.


For now few companies are likely to see the merit in sharing their data with others – whether that means a rival in their own industry or a Google. The Californian analytics company Palantir, for instance, tried to broker a partnership between big consumer product groups, with a view to pooling all their consumer data that wasn't considered of key strategic significance. It failed.

The era of more open data is still some way off. For now, companies – and their tech suppliers – need to show they are trustworthy stewards of customer data. Being more open about what they are actually doing, and how it fits into their wider ambitions, would be a start. – Copyright The Financial Times Limited 2019