This final report is the culmination of a year’s research, comprising: i) interviews focused on the experiences of key stakeholders regarding pandemic data-driven policymaking, technology and public health, and policing and public safety; ii) original quantitative research in the form of public perception surveys; and iii) engagement with children and young people, being one of the underrepresented voices in the public debate on data and COVID-19.

The research has looked at some of the most important legal, ethical, regulatory, and policy challenges that have arisen during the pandemic, presented in the context of the UK Government’s National Data Strategy, which has framed future data policy around the pillars of ‘data foundations’, ‘data skills’, ‘data availability’ and ‘responsibility’.

The findings highlight the central importance of data quality and integrity, robust information governance mechanisms and public transparency for creating an environment where data analysis and sharing can be trusted and accepted in an emergency context.

Click here to download

Our initial analysis indicates that deciding how much data-detail to share is complex and involves considering what the data type is, who the data is being shared with, how it is to be stored, and what the Covid-19 alert level is. Further, there is notable variation across participant’s answers. Therefore, we need to delve deeper and consider how participant’s answers pattern at an individual level, for it may be that participants show a consistent bias towards/against certain data sharing practices, regardless of the factors that we have tried to investigate.

Introduction

In a previous blog, we reported that the data collected from another question set in the survey evidenced a small but statistically significant difference between willingness to share Mobility data and Medical data. Counter to our predictions, our participants were less willing to share their Mobility data than their Medical data. Of these two data types, to date research has generally prioritised considering Medical data and researchers have consistently found that participants are the most protective of and most concerned about sharing their Medical data compared to other data types. It could be that attitudes and concerns adjust within the context of a global pandemic, but it could be that this result is a product of Medical data and Mobility data being given ambiguous definitions in that section of the survey. We knew that we would want to explore participant’s perceptions of sharing Medical data and Mobility data in more detail and so included a set of questions specifically concerned with the different kinds of information that are classed as Medical and Mobility data. We will refer to these questions as the “Data Detail Sliders”.

Our Survey – Data Detail Sliders

From a scale of 6 options, we asked participants to select the amount of detail that they would be willing to include in the Medical and Mobility data that they were sharing. We asked participants to consider the Covid-19 alert level, who they were sharing the data with, and whether the data would be anonymous or identifiable (see figure 1 below for an example question).

For Mobility data the 6 options were:

• No data
• Countries visited and when
• Towns/cities visited and when
• Streets visited and when
• Buildings visited and when
• All destinations and routes taken

And for Medical data the 6 options were:

• No data
• Covid-19 test result
• Basic health information (e.g. BMI, smoker/non-smoker)
• Current diagnoses and treatments
• Medical records from the past 5 years
• Medical records since birth

Overall Patterns

First, let’s compare the answers to the Mobility and Medical data detail sliders (figure 2 below). For both these data types, it is evident that more participants would be willing to share data if it was less detailed, and fewer participants are willing to share more detailed data. However, the peak (the option that was selected the most) is different for the two data types. For Mobility data, the “No data’ option was the most commonly selected option (described as “0” on the graph below), while for the Medical data the “Covid-19 test results” option was the most selected (described as “1” on the graph below). At this stage in the analysis, this aligns with our finding from earlier in the survey: that participants were less willing to share their Mobility data than their Medical data.

Now let’s consider the Data Detail Slider answers to questions about Mobility data and Medical data separately, and factors that might affect participant responses. How data is stored (anonymously or identifiably) appears to influence how much detail participants are willing to share. For mobility data, if the data was identifiable, fewer participants would be willing to share more detailed data, and most would choose to share “No Data”. If the mobility data was anonymous, more participants would be willing to share more detailed data, with most selecting to share the most detailed data on our scale (see figure 3 below). In comparison, for Medical data most participants chose to share “Covid-19 Test result” when the data was anonymous and when the data was identifiable (see figure 4). One interpretation is that this emphasises our participants awareness of the value of Covid-19 specific data.

Next, let’s consider the effect that the UK Covid-19 Alert Level may have. This factor appears to influence how much detail participants are willing to share in regard to Mobility Data but not Medical Data. In questions about Mobility Data, when the Alert Level was 1 most participants chose to share “No data”, when the Alert Level was 5 most participants chose to share the most detailed data option (“All destinations and routes”), and when the Alert Level was 3 participant responses were relatively evenly spread across the less detailed end of our scale (see figure 5). In comparison, most participants selected the “Covid-19 test results” option regardless of the Alert Level when considering sharing Medical Data (see figure 6).

It may seem that an increase in the severity of the pandemic (as is indicated by the alert levels) motivating participants to share more detailed Mobility data, but not motivating the sharing of more detailed Medical data, is somewhat counter to our initial finding that participants were less willing to share Mobility data over Medical Data. But actually this highlights that the content of the data (both data type and data detail) is of paramount importance.

The final factor that we will consider here is Data holder (who the data will be shared with) and, at this initial stage of data examination, there are some clear patterns to the data but also some that are far less clear.

For the questions about Mobility Data, while the most selected option when the data holder is a Public Health Body is “All destinations and routes”, this is not notably more than the other options at the less detailed end of the scale. This lack of a strong differentiation in willingness to share data at different degrees of data detail is also evident when the data holder is a Local Authority; although the most selected option is “No Data” this is not noticeably more than “Countries visited and when” and “Towns/cities visited and when”. In contrast, the indication that fewer participants would be willing to share detailed data if the data holder was a commercial company (our made-up company is called “Info-Insights”) or their Regional Police Force is far clearer, with the most selected option being “No Data”. In summary, for each data detail option in the middle of the scale the difference across the 4 stakeholders is minimal, whereas who is permitted to have what kind of data is far clearer at the ends of the scale. See figure 7.

Some of these patterns recur in the answers to the Medical Data questions. Fewer participants would share detailed data if the data holder was a commercial company (“Info-Insights”), their Regional Police Force or a Local Authority, with the results of Covid-19 tests being the most detail they would share (compared to “No Data” when thinking of Mobility Data as described above). When the data holder is a Public Health Body, however, the participant answers are relatively more evenly distributed across the 6 options on the data detail scale with the number of participants willing to share their Covid-19 test results and the number of participants willing to share their medical records since birth being almost equitable. This indicates that our participants would be more conservative with sharing Medical data that contains greater detail than Covid-19 test results with non-health focused organisations. Equally, it shows great variation across our participants in regard to how much data detail can be shared with a Public Health Body. See figure 8.

We can also look at how these factors overlap. Figure 9 and 10 display the answers to the mobility data questions and medical data questions, respectively, by alert level and data storage. Both these graphs indicate that more participants would share less detailed data when it is identifiable compared to anonymised at all alert levels (illustrated by the darker coloured bars being taller than the lighter coloured bars on the left-hand side of the graph). Equally, more participants would share more detailed data when it is anonymised compared to identifiable at all alert levels (illustrated by the lighter coloured bars being taller than the darker coloured bars on the right-hand side of the graph).

Final Thoughts and Next steps

In this blogpost we have reported some initial observations from examining the data that was collected via the Data Detail Sliders questions in our survey where we asked our participants to choose the data detail that they would share from a scale of 6 options, with different scales for Mobility and Medical data, bearing in mind the Covid-19 alert level, who they were sharing it with, and whether the data would be anonymous of identifiable when making this choice. At a very high level (considering one potentially influential factor at a time), we can observe some relatively clear patterns in the data, and these patterns differ in the questions about Mobility data versus Medical data.

However, as we consider the data in more detail, what factors are likely to have an influence and how becomes less clear and there is notable variation across participants’ answers. Further, so far, we have not considered the role that individual experience, biases, assumptions and opinions has had in this dataset. For example, there may be participants that are highly motivated and would share more detailed data regardless of other factors. Equally, there may be participants who are consistently protective of their data, and answer “No Data” to most or even all of the questions. Therefore, in our next analysis we will delve deeper to consider how participant’s answers pattern at an individual level to explore the overall patterns and lack of patterns of behaviour within our sampled population.

Article by: Selina Sutton and the OMDDAC WP3 Team

Covid the Catalyst

In many ways, COVID-19 has acted as a catalyst, rapidly increasing the visibility of data-driven systems, and surfacing the impact they have on people’s lives. Over the past year there have been regular nationwide briefings that have included an R value based on predictive data-driven models as well as models for predicting where Covid-19 cases will increase. These models have been driven by people’s data (e.g., mobility, health, socioeconomic data), the output of which has been used to enact laws that have limited people’s freedoms through national and local lockdowns. Algorithms driven by population medical data have been designed to decide who should be shielding whilst the contact-tracing app is analysing millions of device-to-device interactions to compute risk scores on how likely someone is to have been exposed to COVID-19. What all of these systems have in common is their need to collect sensitive information about people and their behaviours, data that not so long-ago people may have been far less willing to share.

If people are unwilling for their data to be shared and used as part of these systems, they become far less effective. Yet, not all data is equal with some data being more sensitive than others. This can impact the risk that a person feels when handing over their data to be processed either by a person or an automated data-driven system. For example, people may feel more reluctant sharing their sensitive medical data than they would their supermarket loyalty card data. However, data sharing decisions are very much dependent on who the information is being shared with, and for what purpose. So, for most people any reluctance to share sensitive medical data is abated if this sharing is with their GP for the purpose of managing their health. Further, people also have an expectation of how their data is managed and used after the point of disclosure. For example, there is an expectation that a GP would discuss a patient’s medical history with a colleague without this having been explicitly agreed upon by the patient.

When people are making decisions about what data they will or will not share they take their privacy into consideration. As we’ve already indicated, privacy is a very contextually dependent behaviour. What people are willing to share in one context can vary significantly to what they are willing to share in another. To help people decide what to share, with who and when, they tend to rely on privacy norms and prior behaviours (e.g., because I’ve shared this before, I’ll share it again). Norms are what people have come to expect as “usual” or “typical” based on their prior experiences. It is when these norms are violated that people feel as though their privacy has been violated. Yet, a global pandemic in a data-driven world has significantly altered people’s lives and the contexts in which these privacy norms develop. Has this temporary emergency state caused people and society to revaluate these norms, and if so, what are the likely longer-term effects of these changes?

Privacy as a Currency

To help us think about how data privacy norms have changed, we consider privacy as a currency with every piece of data being valued in terms of how private it is. Some pieces of data may be very private and so are more valuable, whilst others are less private so less valuable. With data-driven systems, people hand over their data (and thus their privacy) to receive something in return. This could be as simple as providing an email address in order to access an account on a social media website to post content. This practice is so widespread it has become the norm. We expect the typical price to pay for such an account is our email address. Often, we are willing to pay more for the things we have a greater want or need for. For instance, many people are willing to have a smart speaker in their home to satisfy the need for connectivity, to have information immediately, and to efficiently manage their lives. The cost is that these devices continually listen and collect audio data at appropriate, as well as inappropriate, moments. However, as we have seen during Covid-19, prices change.

Covid-19 has significantly shifted most people’s lives into a temporary abnormal state. Fundamental human needs, such as intimacy and mobility, have been limited through lockdowns and social distancing. The cost to meet these fundamental needs, in terms of privacy, was once negligible. Now, the privacy price tag for seeing friends and family (most likely from a distance) is our medical and location data. This would have been deemed extortionate pre-Covid-19 but now looks like a bargain. In other words, Covid-19 has led to the significant inflation of the price of our fundamental freedoms and the data required to pay for them illustrates that the value of our privacy has plummeted. We are, perhaps, in a privacy recession.

It seems our privacy norms have fundamentally shifted during the Covid-19 pandemic. Looking to the future, what might privacy norms look like post-Covid? Continuing to use currency as an analogy and our Covid-19 world being a recession in privacy, we consult economic recovery models to inspire our predictions for how the value of privacy may change as the world recovers from Covid-19. Broadly, there are 3 types of recovery referred to as I) V-shaped recovery, ii) U-shaped recovery, iii) L-shaped recovery.

V-shaped recovery

In a V-shaped recovery we would see a rapid return to our pre-Covid privacy norms. Maybe, as people begin to go back to the places that they used to visit regularly, they will be reminded of how little privacy they used to have to “sell” to be able to go about their daily routines. The data itself may also act as a reminder. As people return to work, to socialising with friends, to cafes, to the gym, certain data types (e.g., mobility) will be generated that allow for more intimate inferences to be developed about their lives when compared to the same data during the pandemic. The more data people generate, the more invasive it may feel when they are asked to share it. Therefore, over time, as the value of people’s data starts to normalise in tandem with the ease with which their fundamental needs are met, we may see people becoming more and more resistant to using the apps or services (e.g. contact-tracing app) that collect data to feed data-driven systems. Of course, this imagined pattern of behaviour relies on the idea that much of our data sharing is voluntary.

U-shaped recovery

Compared to a V-shaped recovery, in a U-shaped recovery we would see a more gradual return to our pre-Covid privacy norms. But what could be the key difference between a V-shaped and a U-shaped recovery? One possibility is that the curve of a U recovery would be shaped by periodical changes to data collection policies (i.e., voluntary vs. mandatory). As was mentioned earlier, if people are unwilling for their data to be shared and used as part of these systems, they become far less effective. Therefore, it is not hard to imagine that our gradual reclaiming of fundamental freedoms will come with the proviso that people must continue sharing certain types of data with certain entities. Indeed, some previously voluntary data sharing became mandatory overnight as the Covid-19 pandemic escalated. For example, as we entered the first lockdown last March the exemption clause in the National Data Opt-Out service (that allows patients to opt out of their confidential patient information being used for research and planning) was triggered: people’s ability to opt-out does not apply when there is an overriding public interest in the use of data. However, such data-sharing practices are near invisible to most people as they go about their daily lives, and it is more likely that privacy norms will be defined by active engagement in mandatory / voluntary data sharing. One can imagine that using a contact-tracing app will become obligatory, possibly requiring ‘tap ins’ at public establishments, with entry refused if non-compliant. In terms of a gradual change in mandatory data sharing, it may be that the list of public places where people must ‘tap in’ gets shorter and shorter over time and thus the onus of data sharing being voluntary increases. As society starts to regain greater control over the types of data being shared and with whom, there will be an opportunity to re-evaluate what privacy means. This re-evaluation may result in the redefining of privacy norms, possibly returning to what they were pre-Covid-19.

L-shaped recovery

In an L-shaped recovery, change is slow. So slow that our pre-Covid privacy norms may become a distant memory and we never return to them. This slow increase in valuing our privacy may occur under the same mandatory/voluntary data sharing context discussed when considering a U-shaped recovery, only the scales are considerably tipped in favour of mandatory data sharing. After experiencing 12 months of our privacy having little value, people may have become used to, or even comfortable with, these new data sharing expectations. Therefore, we may also be vulnerable to accepting data sharing obligations that are less directly related to Covid-19, a situation that can be referred to as ‘scope creep’. In other words, the data-sharing activities that we have experienced during the Covid-19 pandemic may set a precedent that is difficult to retract from.

Speculating what our privacy norms may be like post-pandemic highlights the multitude of interrelating factors that are at play and emphasises that it is very unclear what our post-Covid-19 data-driven world may be like. To help us think about how data privacy norms have and will continue to change, we considered privacy as a currency and thus how much of it we are willing to use to pay for our fundamental needs and freedoms before, during and after the Covid-19 pandemic. We raise more questions than provide answers, but the one thing that we can be sure of (whether a researcher, stakeholder, or citizen) is that as we figure out what our new ‘normality’ is in a pandemic-vulnerable world we need an open discussion about our privacy norms around data sharing to allow us to be safe and healthy citizens of a healthy and safe world.

Article by: Mark Warner and Selina Sutton

Privacy unraveling is a theory developed by Peppet (2011) in which he suggests people will self-disclose their personal information when it is easy to do so, low-cost, and personally beneficial. Privacy may then unravel around those who keep their information undisclosed, as they are assumed to be “hiding” undesirable information, and are stigmatised and penalised as a consequence.

In our study, we explored the online views of Grindr users and found concerns over assumptions developing around HIV non-disclosures (Warner et al., 2018). For users who believe themselves to be HIV negative, the personal benefits of disclosing are high and the social costs low. In contrast, for HIV positive users, the personal benefits of disclosing are low, whilst the costs are high due to the stigma that HIV still attracts. As a result, people may assume that those not disclosing possess the low gain, high cost status, and are therefore HIV positive.

We developed a series of conceptual designs that utilise Peppet’s proposed limits to privacy unraveling. One of these designs is intended to artificially increase the cost of disclosing an HIV negative status. We suggest time and financial as two resources that could be used to artificially increase disclosure cost. For example, users reporting to be HIV negative could be asked to watch an educational awareness video on HIV prior to disclosing (time), or only those users who had a premium subscription could be permitted to disclose their status (financial). An alternative (or in parallel) approach is to reduce the high cost of disclosing an HIV positive status by designing in mechanisms to reduce social stigma around the condition. For example, all users could be offered the option to sign up to “living stigma free” which could also appear on their profile to signal others of their pledge (Levy, 2017).

Another design approach is to create uncertainty over whether users are aware of their own status. We suggest profiles disclosing an HIV negative status for more than 6 months be switched automatically to undisclosed unless they report a recent HIV test. This could act as a testing reminder, as well as increasing uncertainty over the reason for non-disclosures. We also suggest increasing uncertainty or ambiguity around HIV status disclosure fields by clustering undisclosed fields together. This may create uncertainty around the particular field the user is concerned about disclosing. Finally, design could be used to cultivate norms around non-disclosures. For example, HIV status disclosure could be limited to HIV positive users, with non-disclosures then assumed to be a HIV negative status, rather than HIV positive status.

In our paper, we discuss some of the potential benefits and pitfalls of implementing Peppet’s proposed limits in design, and suggest further work needed to better understand the impact privacy unraveling could have in online social environments like these. We explore ways our community could contribute to building systems that reduce its effect in order to promote disclosure choice around this type of sensitive information.

It will be presented at the ACM Conference on Computer-Supported Cooperative Work and Social Computing on Monday, November 6th in the afternoon session on Privacy in Social Media. The full paper, co-authored with Andreas Gutmann, M. Angela Sasse, and Ann Blandford, is available here.

Acknowledgements

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No 675730

References

Karen Levy and Solon Barocas. 2017. Designing against discrimination in online markets. Berkeley Technology Law Journal 32 [paper].

Scott R Peppet. 2011. Unraveling privacy: The personal prospectus and the threat of a full-disclosure future. Nw. UL Rev. 105: 1153 [Paper].

Mark Warner, Andreas Gutmann, Angela M. Sasse, and Ann Blandford. 2018. Privacy Unraveling Around Explicit HIV Status Disclosure Fields in the Online Geosocial Hookup App Grindr. Proceedings of the ACM on Human-Computer Interaction 2 CSCW, November [paper].

Last week, on June 18th-21st, there was the Privacy&Us training event in London, hosted and organized by UCL, one of the partners of the consortium. We - PhD fellows - had courses and interdisciplinary trainings and presented our research.

Mark Warner, my very creative colleague and one of the PhD fellows, prepared sketchnotes of the presentations of all 13 PhD fellows - I am attaching them below. I leave you with the challenge: all research projects have topics within the area of privacy & usability; can you guess the topic and the argument of each of the 13 presentations?

To learn more about Privacy&Us: privacyus.eu To learn more about Mark's work, follow his website Privacurity and his Twitter.

Best,

Luiza Jarovsky

Lawyer and PhD Fellow Researching Data Privacy

about.me/luizajarovsky

Later the same day, Grindr released a public post to address the story and set out four points intended to clear up any misinformation around Buzzfeed’s story. Rather than admitting they had made mistakes and laying out how they would address them, they took a defensive approach, shifting responsibility onto their users. Here I will discuss these four statements and unpack them in an attempt to understand what went wrong.

1. Grindr has never, nor will we ever sell personally identifiable user information – especially information regarding HIV status or last test date – to third parties or advertisers.

It is important to be honest with users about what information is being shared, who this information is being shared with, and for what purpose. Grindr states here that they never sell personally identifiable user data to third parties. However, they do not address non-identifiable data. Non-identifiable data is the same data but anonymized. What does this mean? Simply put, it means the same data but with any uniquely identifiable attributes, such as your name or your e-mail address removed. Non-identifiable data is still very valuable, but history has shown us that it can often be de-anonymized when correlated with other data sets. Whilst Grindr and similar companies give reassuring messages to users that their personally identifiable information is not sold, more transparency is needed around non-identifiable data. How is it shared? With whom? And for what purpose? And importantly, how is it protected to prevent it from being de-anonymized in the future?

2. As an industry standard practice, Grindr does work with highly-regarded vendors to test and optimize how we roll out our platform. These vendors are under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy.

3. When working with these platforms we restrict information shared except as necessary or appropriate. Sometimes this data may include location data or data from HIV status fields as these are features within Grindr, however, this information is always transmitted securely with encryption, and there are data retention policies in place to further protect our users’ privacy from disclosure.

Social media companies share data with third parties. There is a whole industry that runs behind large companies like Grindr which support them in various different ways, from analytics helping them improve their software, to payment system allowing them to invoice customers. It is important to recognize the value of these third parties. In many ways they are the hidden companies of the Internet, we use their services each day but few of us have ever heard their names. Ever heard of Cloudflare? Probably not, but I could almost guarantee that you have used their services multiple times today without realizing it. If we are to accept that sharing of personal data with third parties is valuable and here to stay, how can companies like Grindr share user data without violating privacy expectations? Firstly, they need to move away from the current “better to beg for forgiveness than to ask for permission” model of managing user data, especially in Grindr’s case where begging is replaced with blaming.

Going forward, perhaps social media companies could employ a simple privacy rule when evaluating decisions related to users’ personal data. “If a user would be surprised by how their personal data is being used, something is broken”. No user should ever be surprised by how their data is being shared, however legally compliant the sharing of that information is. Users should be appropriately informed prior to consenting to how their data is being used and clearly Grindr’s current model is broken. After all, companies should be applying an ethical test, as well as a legal test to their data sharing practices.

4. It’s important to remember that Grindr is a public forum. We give users the option to post information about themselves including HIV status and last test date, and we make it clear in our privacy policy that if you choose to include this information in your profile, the information will also become public. As a result, you should carefully consider what information to include in your profile.

Grindr is not a public space. To gain access to a Grindr profile, you must sign up with an account, provide a verified e-mail address, and agree to Grindr’s terms and conditions, which include their privacy policy. Once inside the Grindr app, a reasonable expectation exists around who can view the information on a profile. For example, people outside of Grindr are unable to view profiles and a profile is usually limited to people who are geographically close by. The mass transfer of user information to third parties (which includes HIV status information) falls well outside these expectations. Simply stating that Grindr is a public space fails to consider the norms and expectations of its users. It implies fault and responsibility with the user, rather than Grindr. Whilst users should consider what they disclose on their profiles and take personal responsibility where they can, there are limits to this. Users can only evaluate the cost and benefits of disclosing information if they are being appropriately informed about how their data is being shared with others.

Grindr suggested to its users that they should have read the privacy policy and been more careful when considering what information they disclosed in their profiles. However, it is often difficult for users to evaluate the potential future cost of agreeing to these often complex privacy policies. These policies require users to agree to 100% of their terms or be locked out of the service, and for some users, Grindr is an integral part of their sex and social lives. Disagreeing with the policy and being locked out is not a viable option for some. Finally, are we really expecting users to read every privacy policy they encounter? In a research paper by Lorrie Faith Cranor and Aleecia McDonald from Carnegie Mellon, it was estimated that the average person would need to spend just under 1 month each year to read every privacy policy they agreed to. And it’s not just the time it takes to read all these policies. Our circumstances are constantly changing which can impact on our willingness to share certain information with others. This is no truer than for men who are diagnosed with HIV. Being told that Grindr shares HIV status with third-party apps may not be of much concern for someone who is HIV negative, but for a recently diagnosed man, this can be an extremely sensitive piece of information. Should we really expect people to go back and review previously agreed to privacy policies when their life circumstances alter?

I don’t know the reason behind Grindr’s decision to share their users’ HIV status information with third parties. Perhaps it allowed them to make more appropriate advert targeting, avoiding insensitive adverts for HIV testing and PrEP to HIV positive users. Whatever the reason, Grindr has failed to be transparent with its users and has taken no responsibility for this failing. Grindr has built a community, and in order for it survive it must respect the privacy of that community which means considering both the legal and ethical aspects to data sharing. It needs to be open and honest with users on how their data is being used, otherwise it will lose their trust. Once trust is gone, even begging will not help.

Between 1933–1945, the men (and towards the end the women) endured some of the worst treatment ever inflicted on mankind. Whilst walking around the camp, it was difficult to imagine the physical and mental horrors endured. The physical pain from hunger, the constant fear of death and the humiliation from being stripped of one’s dignity and identity. They were no longer people with names, they were numbers.

At the end of the guide I was taken to a statue named “Unknown Prisoner” depicting a frail inmate in prison uniform. Frailty was typical of those imprisoned in these camps, which for many led to their deaths from being purposefully overworked by their captors. However, this prisoner was standing with his hands in his pockets, looking up, instead of down at his feet. Whilst prisoner uniforms in the camp had pockets, their use was strictly forbidden, a form of psychological torment similar in nature to the “Work Sets You Free” sign on the iron gates at the entrance. The hands in the pockets, and head held high indicate this man was no longer imprisoned, either through liberation which came in the form of the American Army on April 29, 1945, or perhaps more sadly, the liberation that came to him through his death. I suspect being titled “Unknown Prisoner” the latter is more likely true.

I focused on this statue because of the text written underneath, which in German reads “Den Toten zur Ehr, Den Lebenden zur Mahnung” translated “To honour the dead, to remind the living”. To remind the living. To remind me, to remind us all of the events during this period of time.

After WWI Germany was one of the leading countries in Europe, progressive in manufacturing and technology, a period known in Germany as the Golden Years. Had you asked anyone then whether Germany would be capable of such acts, the response would have been a resounding, conviction filled no, yet history tells a very different story.

The people who died in these camps wanted to send us an eternal message. They wanted us to remember the events of WWII to prevent such suffering from ever happening again, to save us from ourselves, and to learn from the shadows of our past.

As we go forward into a future which is unknown, riddled with uncertainties, we should be vigilant of acts that divide us, acts that stem from hatred, driven by desires for power at the immense cost to others. We should stand up to these acts of hatred and division, even if they have little effect on us now, they may affect us in the future.

“First they came for the Socialists, and I did not speak out— Because I was not a Socialist. Then they came for the Trade Unionists, and I did not speak out— Because I was not a Trade Unionist. Then they came for the Jews, and I did not speak out— Because I was not a Jew. Then they came for me—and there was no one left to speak for me.” - Martin Niemöller

1984, in the New York City borough of Queens, Kitty Genovesa, a young women of Italian decent was fatally stabbed in an overlooked parking lot, close to where she lived. While there reported to be many witnesses to the crime, nobody reported it, leading to numerous studies into the cause of this social inaction.

Darley and Latane (1968) developed a theory known as bystander intervention, or the bystander effect. Their theory suggests that the greater the number of bystanders witnessing an incident, the less likely it is that anyone will intervene. Further studies into the effect have shown that the knowledge of other bystanders does not have to be explicit, but implicit knowledge of their existence is enough for this effect to be observed.

The bystander effect typically requires three elements: (1) an intervenable act, (2) a perceived cost associated with intervening and (3) other bystander actors.

So, how does this all relate to the sharing of medical records? Good question.

Being asked for consent to share medical data to help in the research of a problem is arguable an (1) intervenable act, an act that comes with (2) a cost to privacy that (3) involves many other bystanders who are able to provide their data to help.

When forming a consent decision, the implicit knowledge that others are able to help may provide the internal justification for inaction to protect against the potential costs of intervening.

If this theory is relevant to the health-care data disclosure process, how can it be minimised to increase opt-in rates? One counter theory is that when people are exposed to, or have knowledge of others performing prosocial acts, it may encourage them towards similar prosocial acts.

Could the use of online social messaging platforms be used to create a prosocial data sharing behaviour model that others follow?

My research interests center around the rather abstract concept of privacy. I am interested in how peoples behaviours are affected by privacy, and how those behaviours can be better understood. More specifically, I am interested in how privacy impacts decision-making around healthcare data disclosure.

Are you collecting health cues such as heart rate or diet diaries? How do you decide how that data will be shared?

Does you local GP or hospital store your personally identifiable medical records in an electronic format? How would you weigh up the costs verses the benefits of sharing that data for advances in medical research, and how could technology help you make the decision that’s right for you?

These are the types of questions that I am looking at in my research.