Research projects
Patient information
Health data
Owkin is an agentic AI company on a mission to explore complex biology to speed up and scale research for the creation of new treatments and diagnostics for patients.
To do this, the companies of Owkin group, e.g. Owkin Inc., Owkin France, Owkin UK Ltd, Owkin (Switzerland) Sàrl, and Epkin (hereinafter collectively referred to as “Owkin”), and their partners carry out research projects that use certain patient data (such as health, genetic, and ethnicity-related data). These data were originally collected during patient care or earlier biomedical research by hospitals, research organizations, or companies that work with us (the "Owkin Network").
Although Owkin needs to process this data to fulfill our mission, Owkin is fully committed to respecting all data protection laws that apply to us and our partners. This includes the General Data Protection Regulation (GDPR) in Europe, its local implementations in the European Economic Area, the UK Data Protection Act 2018, the UK GDPR, and Switzerland's Data Protection Act.
Preselected by each member of Owkin Network to meet the inclusion and exclusion criteria of the research projects described below.
Pseudonymized and/or de-identified (or fully anonymized when possible) by each Owkin Network member before being shared with Owkin and/or its partners.
Reused only for secondary research aimed at supporting public health, improving the quality and safety of healthcare, medicinal products, or medical devices, or for sharing scientific knowledge through publications.
Owkin and its partners are aware that patients’ health data, and more generally any personal data — even if pseudonymized or de-identified — must be treated as sensitive information. Patients also have the right to know the research purposes for which their data is used. That is why Owkin has chosen to increase transparency about the use of patient data for research, in particular by creating this webpage to explain how Owkin and its partners use patients’ personal data for research purposes.
Our most commonly asked questions
Owkin and its partners are using pseudonymised and/or de-identified data for their own research projects, especially involving AI technologies. Examples of their research projects include:
- developing diagnostic tools to improve how diseases are diagnosed or predicted.
- developing agentic tools to accelerate and de-risk clinical trials to help bring new drugs to the market more quickly.
- identifying new biomarkers or new targets that could lead to new treatments.
When conducting its research project, Owkin and its partners only used patient data which is strictly necessary and always processed it securely as described below.
When conducting its research project, Owkin and its partners, both acting as independent controllers, commits to the following:
Non-direct identifying information
Owkin and its partners only use patient’s personal data that has been pseudonymized or de-identified before they access it. Except for specific cases, like quality control as allowed by applicable laws and regulations, Owkin and its partners never access information that could directly identify the patients. Each patient’s data is assigned a code, and only Owkin Network members who provide the data keep a record linking this code to the patient’s identity in their own healthcare databases. As a result, the data shared with Owkin and its partners does not contain any information that could directly reveal a patient’s identity.
Data privacy compliance
Owkin and its partners are committed to processing personal data — especially sensitive information like health data — in line with all applicable laws and regulations. Because Owkin is a French-American based company, it follows French data protection laws, which are among the strictest in the European Union when it comes to protecting individuals’ rights.
International transfer of data
Owkin uses cloud service providers with servers located in the same region as the region as its research partners providing access to the data is established. For example, data from European centers is stored in Europe by providers certified under the French health data hosting standard (HDS), while data from North Americans centers is mainly stored in North America.
Furthermore, when technically possible, Owkin encourages the processing of European citizens’ data by its employees, affiliates, partners and service providers, located in the European Economic Area. However, if for the needs of their research activities, Owkin and/or its partners has to transfer data of European patients (including British and/or Switzerland), to partners, service providers and/or Owkin’ affiliates established outside of Europe, Owkin will ensure that adequate and appropriate safeguards are implemented, as required by the GDPR, the UK Data Protection Act and the Swiss Data Protection Act when applicable. For example, this could be done by entering into standard contractual clauses approved by the European Commission, as well as the specific clauses approved by the UK Information Commissioner Office and/or the Swiss Federal Data Protection and Information Commissioner when applicable. For more detailed information on the safeguards, patients can contact Owkin’s data protection officer with the details provided below.
Ethical and scientific validation
Owkin and its partners ensure their research projects are aligned with the relevant ethical and scientific standards. When required by the applicable laws and regulations, the scientific protocols are evaluated by local ethical committees.
Privacy by design
As part of its research activities, Owkin adheres to the “Privacy by Design” principle from the earliest stages of its technologies development. Aware of the sensitive nature of personal data - particularly health data - Owkin adopts a proactive approach to ensure that privacy protection is embedded throughout the entire lifecycle of its technologies, from design to deployment. Data processing is limited to what is strictly necessary, secured through robust technical and organizational measures (such as encryption, pseudonymization, and access control), and supported by clear and transparent documentation. This approach ensures sustained compliance with the GDPR while reinforcing the trust of healthcare professionals and patients alike.
Patients whose data is processed by Owkin and/or its partners are free to object to the processing of their data in any research projects conducted by Owkin and/or its partners. At any time and upon simple request, patient may (i) have access to their data processed by Owkin and/or its partners; (ii) obtain a copy of their data; (iii) obtain the correction of inaccurate or incomplete data concerning them; (iv) obtain the deletion of their data; (v) object to and/or request the restriction of the processing of their data.
Each patient may, at any time, exercise its rights by contacting Owkin’s data protection officer at the following address (request must be accompanied by valid proof of identity and the name of the healthcare center where the patient has been treated):
- By post: to the attention of the Owkin Data Protection Officer, 14-16 Boulevard Poissonnière, 75009, Paris France;
- By email: dpo@owkin.com.
Some research projects entail the training or validation of artificial intelligence tools or the questioning of patient databases to provide scientific outputs (e.g. agentic AI, foundation models…). Patients should be informed that, once their data has been used for training, validation, or to respond to questions via an agentic AI, their ability to exercise certain data protection rights may be limited due to technical grounds. In addition, certain data collected in advance may not be deleted if such deletion is likely to make it impossible or seriously compromise the achievement of the research projects’ objectives.
Patients can find further information in the general patient information notice that can be downloaded here.
Research projects
