Public comprehension of privacy protections applied to health data shared for research: an Australian cross-sectional study

•What was known.•Participants show a consistent preference for better data protection methods before consenting to share data.•Participants show no consistent understanding of ‘de-identification’.•Health data sharing for secondary uses is prolific and the population is not always aware that it is occurring.•In Australia, ‘de-identified’ data are generally excluded from the protections of the Privacy Act.•Australians are generally cautiously willing to share health data if their privacy is adequately protected.•What this study adds to knowledge (3-4 bullet points)•Participants’ understanding of technical privacy protections shows significant confusion about the nature and effectiveness of methods for protecting their data. Sharing of health data for secondary uses such as research and public policy development is common. There are many potential benefits, but also risks if information about an individual's health record can be inferred. Studies show cautious willingness amongst the public to share health data for beneficial purposes, as long as they are confident in their data privacy and security. There has been relatively little research into whether the technical guarantees of privacy-preserving technologies are well understood by people asked to consent to sharing their data. We sought to assess how accurately people understood the effectiveness of techniques for protecting the privacy of shared health data. We designed an online survey describing a data-sharing scenario motivated by medical research where data could be shared: raw (including identifiers), de-identified (using k-anonymity), aggregated, and differential privacy applied to aggregated data. Respondents were asked about willingness to share their data, and how likely it was that they could be identified. They were also asked for the meaning of 'de-identified' and whether they would agree to sharing information for 'not solely commercial' purposes, thus mirroring the consent language used by Australia's My Health Record system. Our findings revealed substantial tolerance for researcher use of health data with consistent preference to share data when better privacy-preserving techniques were employed. This was not entirely consistent as slight preference was shown for aggregated data over differential privacy, despite differential privacy being objectively more secure. We conjecture this was because differential privacy and its benefits were not well understood. Similarly, respondents showed