The Information Commissioner's Office (ICO) has urged innovators using quantum technologies for healthcare to use its Regulatory Sandbox to test the implications for data protection and privacy.
It has also called for a privacy by design approach to the development and deployment of relevant solutions.
The ICO has identified the issues within in its new Tech Horizons 2025 report, which looks at the development of a group of new technologies and the potential privacy and data protection risks.
The section on quantum technologies points out that sensors using quantum phenomena can measure subtle changes in elements such as magnetic fields, gravity and temperature, which in turn can convey details of a person’s physical state. Potential applications include wearable brain scanners for epilepsy and Alzheimer’s diagnosis and research, and cardiac health monitors detecting subtle changes in the heart’s magnetic field.
Quantum enhanced imaging could be used for purposes such as improving non-invasive medical diagnostics and screening for conditions such as cancer.
The report says the unprecedented sensitivity of these technologies could unlock new insights into the human mind and body, and speed up the diagnosis of diseases such as cancer. Also, in the future, combining quantum sensors with other technologies, such as medical IoT devices, could enable personalised health management at home.
Risks to rights
But there are data protection and privacy implications as the special category health data collection comes with risks to people’s fundamental rights. These create the need for data protection impact assessment when testing or deploying the system, along with a consideration of the additional risks to privacy when collecting the highly detailed insights about patients.
There is also a need to bear in mind the principle of data minimisation – collecting information that is adequate, relevant and limited to what is needed for the lawful purpose – while collecting the extra data through quantum technologies. This means that organisations must have a justifiable reason for collecting and processing additional information, such as a clear clinical or research benefit.
In addition, “new capabilities and potential for increasingly detailed insights could exacerbate existing privacy and information rights issues, should some healthcare use cases expand beyond controlled research and clinical environments,” the ICO says.
As a response, it urges healthcare and medical research organisations to apply privacy by design and default in using quantum technologies that involve processing personal information, and invites innovators to use its Regulatory Sandbox to engineer data protection into any use cases.
“We will also examine opportunities to contribute to external sandboxes and testbeds as appropriate,” it adds.
