Cookies on this website

We use cookies to ensure that we give you the best experience on our website. If you click 'Accept all cookies' we'll assume that you are happy to receive all cookies and you won't see this message again. If you click 'Reject all non-essential cookies' only necessary cookies providing core functionality such as security, network management, and accessibility will be enabled. Click 'Find out more' for information on how to change your cookie settings.

In May 2021, the UK National Health Service (NHS) proposed a scheme—called General Practice Data for Planning Research (GPDPR)—for sharing patients’ data. Under that system, a patient who does not wish to participate must actively opt out of their data being shared with third parties for research and other purposes. In this paper, we analyse the lessons that can be learned for the responsible and ethical governance of health data from the NHS’ new scheme. More specifically, we explore the extent to which the opt-out within the planned scheme complies with the requirements stemming from the General Data Protection Regulation (GDPR), particularly in relation to the principles of lawfulness and transparency. We then evaluate, from an ethical perspective, this opt-out ‘nudge’ and whether it is sufficiently resistible, reversible, and has appropriate goals. In light of the above, we then propose improvements for the scheme’s legal and ethical acceptability.

Original publication




Journal article


Internet Policy Review


Alexander von Humboldt Institute for Internet and Society

Publication Date





ethics, data protection, health, big data