UK Biobank breach prompts the field of genomics to rethink open science

"In April this year, de-identified data from UK Biobank participants were listed for sale on an e-commerce platform in China. The UK Biobank has long defended open science, advocating for data sharing to be guided by scientific value and compliance, not geopolitical restrictions.

But the data breach shows that vetting of institutions and researchers is not enough. In response, the UK Biobank has temporarily suspended access to its platform, introduced file-export limits and announced further technical safeguards. Necessary as they are, these reactive measures do not tackle the underlying problem.

Moving from trust-based models, which rely mainly on approved institutions and authorized users, to enforceable international frameworks could provide a lasting solution. Trustworthy, unified research environments, in which data are hosted in a safe location and scientists analyse them remotely, would reduce the risk of breaches (H. L. Rehm et al. Cell Genom. 1, 100029; 2021). Even so, federated data-access models cannot fully prevent misuse of data by authorized users. What is missing is a multilateral accord that pairs real-time auditing of data use with legal accountability mechanisms and proportionate sanctions, including the revocation of access. Without structural reform of this kind, isolated breaches will keep eroding public trust in data donation — the bedrock of population health science."