Data and Data Privacy Impact Assessments (DPIAs) in the context of AI research and practice in the UK

Fiona Gilbert ¹ Jo Palmer ² Nick Woznitza ^3,4 Jonathan Nash ^5,6,7 Carla Brackstone ⁵ Lisa Faria ² J Kevin Dunbar ⁸ Henry David Jeffry Hogg ^2,9 Xiaoxuan Liu ^2,9 Alastair K Denniston ^2,9*

• ¹ Department of Radiology, School of Clinical Medicine, University of Cambridge, Cambridge, England, United Kingdom
• ² University Hospitals Birmingham NHS Foundation Trust, Birmingham, United Kingdom
• ³ University College London Hospitals NHS Foundation Trust, London, United Kingdom
• ⁴ Canterbury Christ Church University, Canterbury, United Kingdom
• ⁵ Kheiron Medical Technologies, London, United Kingdom
• ⁶ British Society of Breast Radiology, London, United Kingdom
• ⁷ University Hospitals Sussex NHS Foundation Trust, Chichester, United Kingdom
• ⁸ Screening Quality Assurance Service (SQAS) - South, NHS England, England, UK, Bristol, England, United Kingdom
• ⁹ School of Health Sciences, College of Medicine and Health, University of Birmingham, Birmingham, United Kingdom

Artificial intelligence (AI) projects in healthcare research and practice require approval from information governance (IG) teams within relevant healthcare providers. Navigating this approval process has been highlighted as a key challenge for AI innovation in healthcare by many stakeholders focused on the development and adoption of AI. Data privacy and impact assessments are a part of the approval process which is often identified as the focal point for these challenges. This perspective reports insights from a multidisciplinary workshop aiming to characterise challenges and explore potential solutions collaboratively. Themes around the variation in AI technologies, governance processes and stakeholder perspectives arose, highlighting the need for training initiatives, communities of practice and the standardization of governance processes and structures across NHS Trusts.