The potential of federated learning for public health purposes: a qualitative analysis of GDPR compliance, Europe, 2021.

BackgroundThe wide application of machine learning (ML) holds great potential to improve public health by supporting data analysis informing policy and practice. Its application, however, is often hampered by data fragmentation across organisations and strict regulation by the General Data Protection Regulation (GDPR). Federated learning (FL), as a decentralised approach to ML, has received considerable interest as a means to overcome the fragmentation of data, but it is yet unclear to which extent this approach complies with the GDPR.AimOur aim was to understand the potential data protection implications of the use of federated learning for public health purposes.MethodsBuilding upon semi-structured interviews (n = 14) and a panel discussion (n = 5) with key opinion leaders in Europe, including both FL and GDPR experts, we explored how GDPR principles would apply to the implementation of FL within public health.ResultsWhereas this study found that FL offers substantial benefits such as data minimisation, storage limitation and effective mitigation of many of the privacy risks of sharing personal data, it also identified various challenges. These challenges mostly relate to the increased difficulty of checking data at the source and the limited understanding of potential adverse outcomes of the technology.ConclusionSince FL is still in its early phase and under rapid development, it is expected that knowledge on its impracticalities will increase rapidly, potentially addressing remaining challenges. In the meantime, this study reflects on the potential of FL to align with data protection objectives and offers guidance on GDPR compliance.