AI will only be a gamechanger to precision medicine if it can capture the uniqueness of each person. Otherwise, it is like training the algorithm of a driverless car with pictures from New York city and expecting it to drive to Paris.”
Dr Cristina Legido Quigley, Reader in Systems Medicine
22 January 2025
Personalised medicines progress blocked by GDPR
Dr Cristina Legido Quigley has called for an overhaul in data protection systems across EU countries so personalised medicine research can take place more effectively.
In a letter to Nature Medicine, Dr Legido Quigley, in collaboration with European scientists and clinicians, describes how the General Data Protection Regulation (GDPR) is hampering progress because it is preventing machine learning tools from training on datasets.
Contemporary healthcare is undergoing a transition, shifting from a population-based approach to personalised medicine on an individual level. Personalised medicine is a data-driven approach, for which 'big data' and its accessibility are of key importance.
Big data can be based on epidemiological information and increasingly on '-omics' data. '-Omics' refers to fields of biological study that focus on the comprehensive analysis of large sets of molecules within a particular domain. These fields, such as genomics, transcriptomics and metabolomics, generate massive amounts of information that can be analysed to uncover complex biological relationships. Integrating '-omics' profiles with clinical data makes it possible to study an individual's molecular makeup.
However, the authors state that compliance with GDPR, along with varying country-specific interpretations of the regulation, presents obstacles to the investigation of '-omics' data, as well as the ability to train AI models on these datasets. Moreover, most such data repositories operate beyond EU borders, such as in the USA, UK and Japan.
Dr Legido Quigley calls for a legal consensus of GDPR interpretation and application across EU member states. A quicker, temporary solution would be to create a common framework providing clarity on crucial GDPR terms such as 'explicit consent' and 'legitimate interests'.
On the technical front, techniques such as encryption, pseudo-anonymisation and anonymisation that protect health data during transmission and storage are necessary. Blockchain technology, in combination with interactive AI, could also be utilised to facilitate informed consent and create a transparent record of data transactions, preventing unauthorised access and modifications.
In this story
Reader in Systems Medicine