UK Biobank, one of the world’s largest biomedical databases containing health information from around 500,000 UK participants, has confirmed that listings offering access to its data appeared on a Chinese consumer website owned by Alibaba.
In a statement released on Thursday (23 April), Professor Sir Rory Collins, Chief Executive and Principal Investigator of UK Biobank, said that no personally identifying information was involved and that the listings were removed swiftly before any sales could occur.
“We take the protection of your data extremely seriously. Researchers have to go through our rigorous access review process, and their institutions sign a contract committing to keep the data secure, before we make the data available to them for research,” he said.
“Even though we only ever share de-identified data and have no evidence of any of you being identified unwillingly, we don’t want any use by anyone who has not been approved for access.”
What happened?
Last week, UK Biobank discovered that de-identified participant data, previously provided to researchers at three academic institutions, had been listed for sale on the Chinese platform.
With support from both the UK and Chinese governments, Alibaba removed the listings immediately. Access for the involved institutions and individuals has been suspended for breaching their contractual obligations.
UK Biobank stressed that the data in question did not contain any personal identifiers such as names, addresses, dates of birth, or NHS numbers. All data shared with approved researchers is de-identified.
In response to the incident, UK Biobank said it has taken several decisive steps:
- Temporarily suspended all access to its research platform.
- Implemented strict limits on the size of files that can be exported from the platform, allowing researchers to export research results while severely restricting the removal of participant data.
- Introduced daily monitoring of all exported files for suspicious activity.
- Launched a comprehensive, Board-led forensic investigation.
The organisation is also developing the world’s first automated checking system to prevent de-identified participant data from leaving the secure UK-hosted research platform. This system is expected to be in place by the end of 2026.
Researchers have always been required to conduct their work on UK Biobank’s restricted, cloud-based platform, with institutions signing contracts to keep data secure.
What is UK Biobank?
UK Biobank has made its de-identified data available to approved researchers worldwide since 2012, leading to thousands of scientific discoveries that have improved the prevention and treatment of diseases.
Over 20,000 researchers in more than 60 countries currently use the resource.
Professor Collins reassured participants: “Your personally identifying information in UK Biobank is safe and secure.” He acknowledged the concern the incident may cause but highlighted the swift action taken and ongoing commitment to data protection.
This incident comes amid broader public discussion in the UK about international access to health data, particularly involving researchers from outside interest in the US and China.
Most recently, US defence company Palantir came under fire for its contract with the NHS.
Leave a Reply