ABSTRACT
This chapter examines the central role of health data governance in enabling and constraining personalised medicine (PM). It outlines the complex legal landscape – spanning privacy, data protection, cybersecurity, AI regulation, and sector-specific laws – that governs the collection, sharing, reuse, and generation of health data. Special attention is given to privacy principles such as consent, purpose limitation, anonymisation, and data minimisation, highlighting their challenges in data-intensive PM environments. Through three case studies – the UK Care.data initiative, the Google DeepMind/Royal Free collaboration, and the use of synthetic data in AI and digital twin development – this chapter illustrates recurring tensions between innovation, patient autonomy, transparency, and public trust. It shows how inadequate governance or weak safeguards can undermine legitimacy, particularly when public–private partnerships and cross-sector data flows are involved. The analysis underscores that while privacy protections are essential, they often fail to address collective harms from large-scale stratification and prediction. This chapter concludes that fair, socially responsible governance must reconcile the need for lawful, secure data use with broader ethical concerns about equity, representation, and the societal implications of datafication in PM.
