Introduction

AbstractThe General Data Protection Regulation (GDPR) is already four years old legal instrument, with over two years of practical experience, yet, several central questions on its application, its importance in scientific research, rights of the data subjects, and obligations on the controllers and processors remain uncharted. In this edited volume, questions ranging from the meaning of the GDPR provisions for a particular research project to impact of the GDPR on long term collaborations, when the UK is leaving the EU are is discussed. This chapter sets out the aim of this book and provides an overview of how various contributions interplay to shed light on how the GDPR shapes the research regimes on the use of personal data in biobanking by EU Member States.

Download Full-text

Introducing Key Elements Regarding Access to Personal Data for Scientific Research in the Perspective of Developing Innovative Medicines

European Journal of Health Law ◽

10.1163/15718093-bja10011 ◽

2020 ◽

Vol 27 (3) ◽

pp. 195-212

Author(s):

Jean Herveg ◽

Annagrazia Altavilla

Keyword(s):

Data Protection ◽

Open Data ◽

Scientific Research ◽

Personal Data ◽

Private Life ◽

Fundamental Rights ◽

Future Research ◽

General Data Protection Regulation ◽

Public Sector Information ◽

General Data

Abstract This article aims at opening discussions and promoting future research about key elements that should be taken into account when considering new ways to organise access to personal data for scientific research in the perspective of developing innovative medicines. It provides an overview of these key elements: the different ways of accessing data, the theory of the essential facilities, the Regulation on the Free Flow of Non-personal Data, the Directive on Open Data and the re-use of public sector information, and the General Data Protection Regulation (GDPR) rules on accessing personal data for scientific research. In the perspective of fostering research, promoting innovative medicines, and having all the raw data centralised in big databases localised in Europe, we suggest to further investigate the possibility to find acceptable and balanced solutions with complete respect of fundamental rights, as well as for private life and data protection.

Download Full-text

The Digital tax system in the light of GDPR

Bratislava Law Review ◽

10.46282/blr.2018.2.2.120 ◽

2018 ◽

Vol 2 (2) ◽

pp. 183-190

Author(s):

Martin Daňko ◽

Petra Žárská

Keyword(s):

Data Protection ◽

Crucial Role ◽

Personal Data ◽

Modern World ◽

Tax System ◽

General Data Protection Regulation ◽

Eu Member States ◽

State Administration ◽

General Data

The digital tax system is becoming extremely essential in the modern world. As we look at the system itself as a great benefit for its users and states as well, we tend to forget the role of personal data within it. Personal data play crucial role in the errorless digital tax system. The new regulation of EU, General Data Protection Regulation is addressing processing of personal data within the state administration of EU member states. The aim of this article is to examine the effect of GDPR on the digital tax system and encourage wide academic and public discussion in relation to processing of personal data in the digital tax system.

Download Full-text

The Impact of the New European Union General Data Protection Regulation (GDPR) on Data Collection at Mass Gatherings

Prehospital and Disaster Medicine ◽

10.1017/s1049023x19003042 ◽

2019 ◽

Vol 34 (s1) ◽

pp. s138-s138

Author(s):

Annelies Scholliers ◽

Dimitri De Fré ◽

Inge D’haese ◽

Stefan Gogaert

Keyword(s):

European Union ◽

Data Collection ◽

Data Protection ◽

Scientific Research ◽

Personal Data ◽

The European Union ◽

General Data Protection Regulation ◽

Mass Gatherings ◽

General Data ◽

The Law

Introduction:As of May 2018, a new European privacy law called the General Data Protection Regulation (GDPR) is in order. With this law, every organization operating in the European Union (EU), needs to adhere to a strict set of rules concerning collection and processing of personal data.Aim:To explore the consequences of the GDPR for data collection at mass gatherings in the European Union.Methods:Since the law was published on April 27, 2016, a thorough reading of the law was conducted by 4 persons with a background in mass gathering health. The GDPR consists of 99 articles organized into 11 chapters. There are also 173 recitals to further explain certain ambiguities. Key articles and recitals relating to healthcare and scientific research were identified. Possible pitfalls and opportunities for data collection and processing at mass gatherings were noted.Discussion:Under article 4, key definitions are noted. There is a clear definition of “data concerning health”. According to the GDPR, health data is a special category of personal data which should not be processed according to article 9(1). However, there is an exception for scientific research (article 9(2)(j)). There are a few safeguards in place, as laid out in article 89. One interesting point is that according to article 89(2), certain derogations can take place if the law interferes with scientific research. The GDPR has major consequences for data collection and processing in the EU. However, with the use of certain safeguards (e.g., pseudonymization) there are still ample opportunities for scientific research. It is important to review one’s method of data collection to make sure it complies with the GDPR.

Download Full-text

Przetwarzanie danych osobowych do celów badań naukowych. Aspekty prawne

Studia Prawa Publicznego ◽

10.14746/spp.2019.4.28.4 ◽

2019 ◽

pp. 79-101 ◽

Cited By ~ 1

Author(s):

Aleksandra Pyka

Keyword(s):

Data Processing ◽

Data Protection ◽

Scientific Research ◽

Personal Data ◽

National Legislation ◽

General Data Protection Regulation ◽

Criminal Convictions ◽

General Data ◽

Technical And Organizational Measures ◽

Volume Range

This article refers to the issue of personal data processing conducted in connection with scientific research and in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). It is not uncommon for the purposes of scientific research to process personal data, which is connected with the obligation to respect the rights of the data of the subjects involved. Entities conducting scientific research that process personal data for this purpose are required to apply the general regulation governing, among others, the obligations imposed on the controllers. The issue of personal data processing for scientific research purposes has also been regulated in national legislation in connection with the need to apply the General Data Protection Regulation. The article discusses the basics of the admissibility of data processing for the needs of scientific research; providing personal data regarding criminal convictions and offences extracted from public registers at the request of the entity conducting scientific research; exercising the rights of the data of the subjects concerned; as well as the implementation of appropriate technical and organizational measures to ensure the security of data processing. In addition, the article discusses the issue of anonymization of personal data carried out after achieving the purpose of personal data processing, as well as the processing of special categories of personal data. The topics discussed in the article were not discussed in detail, as this would require further elaboration in a publication with a much wider volume range.

Download Full-text

The EU General Data Protection Regulation: How will it impact the regulation of research biobanks? Setting the legal frame in the Mediterranean and Eastern European area

Medical Law International ◽

10.1177/0968533218765044 ◽

2018 ◽

Vol 18 (4) ◽

pp. 241-255 ◽

Cited By ~ 2

Author(s):

Simone Penasa ◽

Iñigo de Miguel Beriain ◽

Carla Barbosa ◽

Anna Białek ◽

Theodora Chortara ◽

...

Keyword(s):

Data Protection ◽

Personal Data ◽

Eastern European ◽

Member States ◽

General Data Protection Regulation ◽

Eu Member States ◽

European Area ◽

General Data ◽

The Mediterranean ◽

The Eu

On 25 May 2018, the EU General Data Protection Regulation (GDPR) will come into force. As with the Data Protection Directive (95/46/EC), the regulation of biobanks for scientific research will be profoundly affected by this reform. Accordingly, a comparative survey of some of the existing national regulatory frameworks is of value to aid understanding of whether and how EU Member States will need to realign their systems to ensure compliance with the new Regulation. This article provides a comparison of the positions of Member States in the Mediterranean and Eastern European area, focusing especially on the existing regulatory framework on biobanks, the definition of personal and genetic data, the pseudonymization process, the processing of personal data for medical research purposes (and its impact on the right to consent of the individuals involved) and the secondary use of such data. The article concludes that effective implementation of the EU GDPR will represent a decisive catalyst for adaptive harmonization of biobanks regulation in the European framework.

Download Full-text

The Risk-Based Approach to Data Protection

10.1093/oso/9780198837718.001.0001 ◽

2020 ◽

Author(s):

Raphaël Gellert

Keyword(s):

Risk Management ◽

Data Protection ◽

Personal Data ◽

Management Tools ◽

General Data Protection Regulation ◽

Regulation Theory ◽

Régulation Theory ◽

General Data ◽

Data Protection Law ◽

The Way

The main goal of this book is to provide an understanding of what is commonly referred to as “the risk-based approach to data protection”. An expression that came to the fore during the overhaul process of the EU’s General Data Protection Regulation (GDPR)—even though it can also be found in other statutes under different acceptations. At its core it consists in endowing the regulated organisation that process personal data with increased responsibility for complying with data protection mandates. Such increased compliance duties are performed through risk management tools. It addresses this topic from various perspectives. In framing the risk-based approach as the latest model of a series of regulation models, the book provides an analysis of data protection law from the perspective of regulation theory as well as risk and risk management literatures, and their mutual interlinkages. Further, it provides an overview of the policy developments that led to the adoption of such an approach, which it discusses in the light of regulation theory. It also includes various discussions pertaining to the risk-based approach’s scope and meaning, to the way it has been uptaken in statutes including key provisions such as accountability and data protection impact assessments, or to its potential and limitations. Finally, it analyses how the risk-based approach can be implemented in practice by providing technical analyses of various data protection risk management methodologies.

Download Full-text

Application of Blockchain in Education: GDPR-Compliant and Scalable Certification and Verification of Academic Information

Applied Sciences ◽

10.3390/app11104537 ◽

2021 ◽

Vol 11 (10) ◽

pp. 4537

Author(s):

Christian Delgado-von-Eitzen ◽

Luis Anido-Rifón ◽

Manuel J. Fernández-Iglesias

Keyword(s):

Data Protection ◽

Personal Data ◽

General Data Protection Regulation ◽

Certification System ◽

Proposed Model ◽

Different Types ◽

International Regulations ◽

Innovative Solution ◽

General Data ◽

Academic Information

Blockchain technologies are awakening in recent years the interest of different actors in various sectors and, among them, the education field, which is studying the application of these technologies to improve information traceability, accountability, and integrity, while guaranteeing its privacy, transparency, robustness, trustworthiness, and authenticity. Different interesting proposals and projects were launched and are currently being developed. Nevertheless, there are still issues not adequately addressed, such as scalability, privacy, and compliance with international regulations such as the General Data Protection Regulation in Europe. This paper analyzes the application of blockchain technologies and related challenges to issue and verify educational data and proposes an innovative solution to tackle them. The proposed model supports the issuance, storage, and verification of different types of academic information, both formal and informal, and complies with applicable regulations, protecting the privacy of users’ personal data. This proposal also addresses the scalability challenges and paves the way for a global academic certification system.

Download Full-text

Algorithms that remember: model inversion attacks and data protection law

Philosophical Transactions of The Royal Society A Mathematical Physical and Engineering Sciences ◽

10.1098/rsta.2018.0083 ◽

2018 ◽

Vol 376 (2133) ◽

pp. 20180083 ◽

Cited By ~ 17

Author(s):

Michael Veale ◽

Reuben Binns ◽

Lilian Edwards

Keyword(s):

Data Protection ◽

Personal Data ◽

Training Data ◽

Theme Issue ◽

Future Directions ◽

Model Inversion ◽

General Data Protection Regulation ◽

General Data ◽

Inference Attacks ◽

Use Of Models

Many individuals are concerned about the governance of machine learning systems and the prevention of algorithmic harms. The EU's recent General Data Protection Regulation (GDPR) has been seen as a core tool for achieving better governance of this area. While the GDPR does apply to the use of models in some limited situations, most of its provisions relate to the governance of personal data, while models have traditionally been seen as intellectual property. We present recent work from the information security literature around ‘model inversion’ and ‘membership inference’ attacks, which indicates that the process of turning training data into machine-learned systems is not one way, and demonstrate how this could lead some models to be legally classified as personal data. Taking this as a probing experiment, we explore the different rights and obligations this would trigger and their utility, and posit future directions for algorithmic governance and regulation. This article is part of the theme issue ‘Governing artificial intelligence: ethical, legal, and technical opportunities and challenges’.

Download Full-text

Regulatory Challenges of Data Mining Practices: The Case of the Never-ending Lifecycles of ‘Health Data’

European Journal of Health Law ◽

10.1163/15718093-12520368 ◽

2018 ◽

Vol 25 (3) ◽

pp. 284-307

Author(s):

Giovanni Comandè ◽

Giulia Schneider

Keyword(s):

Data Mining ◽

Data Protection ◽

Personal Data ◽

Health Data ◽

General Level ◽

General Data Protection Regulation ◽

The Face ◽

General Data ◽

Level Of Analysis

Abstract Health data are the most special of the ‘special categories’ of data under Art. 9 of the General Data Protection Regulation (GDPR). The same Art. 9 GDPR prohibits, with broad exceptions, the processing of ‘data concerning health’. Our thesis is that, through data mining technologies, health data have progressively undergone a process of distancing from the healthcare sphere as far as the generation, the processing and the uses are concerned. The case study aims thus to test the endurance of the ‘special category’ of health data in the face of data mining technologies and the never-ending lifecycles of health data they feed. At a more general level of analysis, the case of health data shows that data mining techniques challenge core data protection notions, such as the distinction between sensitive and non-sensitive personal data, requiring a shift in terms of systemic perspectives that the GDPR only partly addresses.

Download Full-text

Data Sharing Under the General Data Protection Regulation

Hypertension ◽

10.1161/hypertensionaha.120.16340 ◽

2021 ◽

Vol 77 (4) ◽

pp. 1029-1035

Author(s):

Antonia Vlahou ◽

Dara Hallinan ◽

Rolf Apweiler ◽

Angel Argiles ◽

Joachim Beige ◽

...

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Research Approach ◽

The European Union ◽

General Data Protection Regulation ◽

Personal Data Protection ◽

Protection Legislation ◽

General Data ◽

Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

Download Full-text