Trust without safeguards: why UK Biobank is the outlier among our data services
The debate around leaked data from UK Biobank1 risks focusing on the wrong question. The issue is not whether health data can generate public benefit; it clearly can. The issue is whether organisations can claim to operate secure research environments without demonstrating the governance maturity that such claims imply.For more than two decades, the UK’s trusted data access community has recognised a fundamental principle—researchers are not experts in disclosure risk. Mature governance therefore separates data access from data release. Researchers analyse data within secure environments, whereas outputs undergo independent review before release.UK Biobank has long been an outlier. Until recently, participant level data could be downloaded, and even after the introduction of its research analysis platform in 2024, download exceptions remained available. This shifted responsibility for confidentiality from layered institutional safeguards to individual researchers.Evidence continues to emerge that participant level data have been redistributed. Whether through error or design, these…

