JMIR Publications

ABSTRACT

In April 2026, reports of de-identified UK Biobank participant data being listed on overseas commercial online platforms highlighted concrete vulnerabilities in health data governance. Drawing on this incident, as well as broader discussions on secondary use, cross-border sharing, and public trust, this Viewpoint argues that traditional, trust-based, pre-access review models possess significant ethical and operational limitations. The core concern is not data sharing, commercial involvement, or international collaboration per se, but rather the movement of participant-contributed data beyond approved research governance into external commercial digital environments. Preserving public trust and the "social license" of health data infrastructures—defined as ongoing public acceptance of institutional data practices—requires a shift from access gatekeeping to continuous, proportionate stewardship. This should encompass Trusted Research Environments, audit logging, and ethics-by-design approaches that render secure data use practicable without encouraging insecure workarounds. As initiatives such as the European Health Data Space develop, legal alignment must be complemented by operational accountability for downstream use. Policymakers, funders, data access bodies, infrastructure custodians, and technology providers should embed auditability, user-friendly secure environments, and participant- and public-facing transparency into routine governance. Health data infrastructures can sustain scientific validity and public trust only when responsible data sharing is coupled with continuous, practical, and publicly accountable stewardship.