An NHS trust has said it will consult patients before selling 1.1 million medical records it owns to a private firm later this year.
NHS Somerset Foundation Trust struck the deal with Sensyne Health in November 2020 but is yet to transfer any information.
Campaigners have labelled the plan "an invasion of privacy".
The trust said: "We will not share information with Sensyne that can identify a patient."
The deal is worth up to £1.25m and Somerset is one of 11 NHS trusts which have signed deals with the Oxford-based data firm.
NHS Somerset Foundation Trust runs mental health and community services, 13 community hospitals in Somerset and hospital services from Taunton's Musgrove Park Hospital.
Earlier this month, the creation of a central digital database using GP records in England was pushed back, amid concerns patients needed more time to understand the system.
Sensyne said it uses "anonymised" data, which it analyses on behalf of other organisations, including drug companies, enabling its clients to produce new drugs and treatments.
In return, NHS trusts can get shares in the company and a proportion of profits.
However, privacy campaigners have disputed whether the data really is anonymised and have claimed it could still be used to identify patients.
Former IT consultant David Orr from Taunton has been campaigning against the deal since it was announced.
He said: "In my case I've got a particular combination of historical [health] conditions and it wouldn't take a computer very long to work out that my age range, gender and a couple of historical conditions would only really be me."
He also believes people should be able to opt out of having their data shared for commercial purposes.
Somerset NHS Foundation Trust has confirmed patients who have opted out of sharing information via the national data opt-out will still have their data shared under this agreement.
Mr Orr said this is unacceptable: "In the private sector, when we share our details for example to a phone company, you don't expect those to be shared with other organisations."
CEO of Sensyne Health Lord Drayson, said: "This agreement will enable research to improve patient care and accelerate medical research by helping to grow our overall data set to over 5.6 million patients."
The trust has told the BBC it will supply a patient's age range, gender and the first part of their postcode, as well as medical information. This fits the definition of "anonymised" data required by the data protection law GDPR, it added.
Somerset NHS Foundation Trust's director of strategic development and improvement David Shannon said: " We will not share information with Sensyne that can identify a patient.
"The terms of the contract provide our organisation with the investment needed for us to anonymise the data before providing it to Sensyne Health and for us to benefit from any breakthroughs that Sensyne makes.
"The monies we receive from Sensyne Health will be invested in our analytical capability to support research and improve patient care.
"We want people to have confidence in how their personal data will be used and we know that it's crucial that, from the start, we clearly explain this to people.
It has has promised "local engagement events" in the autumn.
A spokesperson for Sensyne added: "We never sell data, we never share data, data never leaves Sensyne, and we never use data for anything other than for the purposes of medical research.
"The data is owned by the NHS Trust not Sensyne. Sensyne complies with the strictest standards of data security and privacy."