In Big Data health research, concerns have risen about privacy and data protection. While the ethical and legal discussion about these issues is ongoing, so is research practice. The aim of this qualitative case study is to gain more insight into how these concerns are currently dealt with in practice. For this multiple-case study, the YOUth cohort, a longitudinal cohort focusing on psychosocial development, and Big Data Psychiatry, a pilot study in Big Data analytics on psychiatric health data, were selected. A broad range of relevant documents were collected and semi-structured interviews with stakeholders were conducted. Data were coded, studied and divided into themes during an iterative analytical process. Three themes emerged: abandoning anonymisation, reconfiguring participant control, and the search for guidance and expertise. Overall, the findings show that it takes considerable effort to take privacy and data protection norms into account in a Big Data health research initiative, especially when individual participant level data need to be linked or enriched. By embracing the complexity of the law in an early phase, setbacks could be prevented, the existing flexibility within the law could be utilised, and systems or organisations could be designed and constructed to take relevant rules into account. Our paper illustrates that a close collaboration of experts with different backgrounds within the initiative may be necessary to be able to successfully navigate this process.

Introduction

Big Data is finding its way into health research. Some believe that this will provide unprecedented opportunities for psychiatry (Monteith et al., 2015). A broad range of issues, however, need to be dealt with. One of the key areas of concern in Big Data health research is related to privacy and data protection (Mittelstadt and Floridi, 2016), especially when psychiatric or other sensitive health-related data are collected, re-used, linked and analysed. The rise of such data-intensive health research initiatives has sparked a lively debate about how the use of data should be governed by principles and rules, especially during the adoption of the General Data Protection Regulation (GDPR) in the EU (Mostert et al., 2016; Ploem et al., 2013; Sethi, 2015). Although this debate on normative issues is ongoing, researchers and other stakeholders already need to deal with challenges related to privacy and data protection on a daily basis. They cannot wait until the normative framework is sufficiently crystallized. They are confronted with a level of normative complexity and uncertainty which could have a negative impact, both on achieving scientific goals and on the protection of relevant rights and interests. In the UK, for example, a study has shown that the confusing nature of the regulatory landscape resulted in a culture of caution and (overly) conservative approaches to data sharing (Sethi and Laurie, 2013). Against this background, some health research initiatives have attempted to engage with and utilise the potential of Big Data, while at the same time ensuring privacy and data protection. To our knowledge, no qualitative research has been published about how this challenge is dealt with by relevant stakeholders in the specific context of such groundbreaking initiatives. By mapping the relevant challenges faced and solutions sought by those involved in the organisation of such initiatives, valuable lessons can be learned. In this qualitative case study, we analyse two real-world examples of data-intensive psychiatric and/or behavioural research. The study is designed to provide insight into challenges related to privacy and data protection in data-intensive health research, and aims to contribute to a better understanding of how rules and interests can be taken into account in a specific initiative or context.