U.K. hospitals violated British data privacy laws in a deal with Google’s artificial intelligence company, DeepMind, a privacy watchdog ruled Monday.
After a yearlong investigation, the Information Commissioner’s Office (ICO) said that the Royal Free NHS Foundation Trust, which is composed of three London hospitals, has been asked to restructure its data-sharing practices to comply with the law.
According to the ICO, the hospital group violated the U.K.’s Data Protection Act when it turned over the health information of 1.6 million patients to DeepMind, which is owned by Google’s parent company, Alphabet.
“We accept the ICO’s findings and have already made good progress to address the areas where they have concerns,” the Royal Free NHS Foundation Trust said in a statement. “For example, we are now doing much more to keep our patients informed about how their data is used. We would like to reassure patients that their information has been in our control at all times and has never been used for anything other than delivering patient care or ensuring their safety.”