scholarly journals A Literature Review on the GDPR, COVID-19 and the Ethical Considerations of Data Protection During a Time of Crisis

2021 ◽  
Vol 30 (01) ◽  
pp. 226-232
Author(s):  
Maria Christofidou ◽  
Nathan Lea ◽  
Pascal Coorevits
Keyword(s):  
Literature Review ◽  
Data Protection ◽  
Digital Health ◽  
Ethical Considerations ◽  
General Data Protection Regulation ◽  
Health Technologies ◽  
Use Of Data ◽  
Mobile Health Applications ◽  
General Data ◽  
Personal Interests

Summary Objective: This survey article presents a literature review of relevant publications aiming to explore whether the EU's General Data Protection Regulation (GDPR) has held true during a time of crisis and the implications that arose during the COVID-19 outbreak. Method and Results: Based on the approach taken and the screening of the relevant articles, the results focus on three themes: a critique on GDPR; the ethics surrounding the use of digital health technologies, namely in the form of mobile applications; and the possibility of cross border transfers of said data outside of Europe. Within this context, the article reviews the arising themes, considers the use of data through mobile health applications, and discusses whether data protection may require a revision when balancing societal and personal interests. Conclusions: In summary, although it is clear that the GDPR has been applied through a mixed and complex experience with data handling during the pandemic, the COVID-19 pandemic has indeed shown that it was a test the GDPR was designed and prepared to undertake. The article suggests that further review and research is needed to first ensure that an understanding of the state of the art in data protection during the pandemic is maintained and second to subsequently explore and carefully create a specific framework for the ethical considerations involved. The paper echoes the literature reviewed and calls for the creation of a unified and harmonised network or database to enable the secure data sharing across borders.

scholarly journals Uchybienie przepisom o ochronie danych osobowych jako naruszenie dobra osobistego – analiza na przykładzie orzecznictwa Sądu Najwyższego

2019 ◽  
pp. 245-259
Author(s):  
Bernard Łukanko
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Right To Privacy ◽  
Professional Literature ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
The Right To Privacy ◽  
General Data ◽  
The Right ◽  
Personal Interests

The study is concerned with the issue of mutual relationship between the failure to comply with the laws on personal data protection and regulations relating to the protection of personal interests, including in particular the right to privacy. The article presents the views held by the Supreme Court with respect to the possibility of considering acts infringing upon the provisions of the Personal Data Protection Act of 1997 (after 24 May 2018) and of the General Data Protection Regulation (after 25 May 2018) as violation of personal interests, such as the right to privacy. The author shared the view of the case law stating that, if in specifc circumstances the processing of personal data violates the right to privacy, the party concerned may seek remedy on the grounds of Articles 23 and 24 of the Polish Civil Code. This position isalso relevant after the entry into force of the GDPR which, in a comprehensive and exhaustive manner, directly applicable in all Member States, regulates the issue of liability under civil law for infringements of the provisions of the Regulation, however, according to the position expressed in professional literature, it does not exclude the concurrence of claims and violation of the provisions on the protection of personal interests caused by a specifc event. In case of improper processing of personal data, the remedies available under domestic law on the protection of personal interests may be of particular importance outside the subject matter scope of the GDPR applicability. 

scholarly journals COVID-19: Putting the General Data Protection Regulation to the Test (Preprint)

2020 ◽  
Author(s):  
Stuart McLennan ◽  
Leo Anthony Celi ◽  
Alena Buyx
Keyword(s):  
Health Care ◽  
Data Protection ◽  
Health Research ◽  
Health Care Organizations ◽  
Digital Health ◽  
Health Data ◽  
Individual Risk ◽  
Risk Minimization ◽  
General Data Protection Regulation ◽  
General Data

UNSTRUCTURED The coronavirus disease (COVID-19) pandemic is very much a global health issue and requires collaborative, international health research efforts to address it. A valuable source of information for researchers is the large amount of digital health data that are continuously collected by electronic health record systems at health care organizations. The European Union’s General Data Protection Regulation (GDPR) will be the key legal framework with regard to using and sharing European digital health data for research purposes. However, concerns persist that the GDPR has made many organizations very risk-averse in terms of data sharing, even if the regulation permits such sharing. Health care organizations focusing on individual risk minimization threaten to undermine COVID-19 research efforts. In our opinion, there is an ethical obligation to use the research exemption clause of the GDPR during the COVID-19 pandemic to support global collaborative health research efforts. Solidarity is a European value, and here is a chance to exemplify it by using the GDPR regulatory framework in a way that does not hinder but actually fosters solidarity during the COVID-19 pandemic.

scholarly journals The Policy Effect of the General Data Protection Regulation (GDPR) on the Digital Public Health Sector in the European Union: An Empirical Investigation

2019 ◽  
Vol 16 (6) ◽  
pp. 1070 ◽  
Author(s):  
Bocong Yuan ◽  
Jiannan Li
Keyword(s):  
European Union ◽  
Financial Performance ◽  
Data Protection ◽  
Digital Health ◽  
Rapid Development ◽  
Health Data ◽  
Personal Health ◽  
The European Union ◽  
General Data Protection Regulation ◽  
General Data

The rapid development of digital health poses a critical challenge to the personal health data protection of patients. The European Union General Data Protection Regulation (EU GDPR) works in this context; it was passed in April 2016 and came into force in May 2018 across the European Union. This study is the first attempt to test the effectiveness of this legal reform for personal health data protection. Using the difference-in-difference (DID) approach, this study empirically examines the policy influence of the GDPR on the financial performance of hospitals across the European Union. Results show that hospitals with the digital health service suffered from financial distress after the GDPR was published in 2016. This reveals that during the transition period (2016–2018), hospitals across the European Union indeed made costly adjustments to meet the requirements of personal health data protection introduced by this new regulation, and thus inevitably suffered a policy shock to their financial performance in the short term. The implementation of GDPR may have achieved preliminary success.

scholarly journals Data protection issues in cross-border interoperability of Electronic Health Record systems within the European Union

Data & Policy ◽  
2020 ◽  
Vol 2 ◽  
Author(s):  
Giorgia Bincoletto
Keyword(s):  
European Union ◽  
Electronic Health Record ◽  
Data Protection ◽  
Digital Health ◽  
Health Record ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Cross Border ◽  
General Data ◽  
Electronic Health

Abstract This study investigates the data protection concerns arising in the context of the cross-border interoperability of Electronic Health Record (EHR) systems in the European Union. The article first introduces the policies on digital health and examines the related interoperability issues. Second, the work analyses the latest Recommendation of the European Commission on this topic. Then, the study discusses the rules and the obligations settled by the General Data Protection Regulation to be taken into account when developing interoperable EHRs. According to the data protection by design and by default provision, EHR systems should be designed ex ante to guarantee data protection rules.

scholarly journals Big Tech platforms in health research: Re-purposing big data governance in light of the General Data Protection Regulation’s research exemption

2021 ◽  
Vol 8 (1) ◽  
pp. 205395172110187
Author(s):  
Luca Marelli ◽  
Giuseppe Testa ◽  
Ine van Hoyweghen
Keyword(s):  
Big Data ◽  
Data Protection ◽  
Health Research ◽  
Digital Health ◽  
Scientific Research ◽  
Current Data ◽  
Data Governance ◽  
General Data Protection Regulation ◽  
Research Activities ◽  
General Data

The emergence of a global industry of digital health platforms operated by Big Tech corporations, and its growing entanglements with academic and pharmaceutical research networks, raise pressing questions on the capacity of current data governance models, regulatory and legal frameworks to safeguard the sustainability of the health research ecosystem. In this article, we direct our attention toward the challenges faced by the European General Data Protection Regulation in regulating the potentially disruptive engagement of Big Tech platforms in health research. The General Data Protection Regulation upholds a rather flexible regime for scientific research through a number of derogations to otherwise stricter data protection requirements, while providing a very broad interpretation of the notion of “scientific research”. Precisely the breadth of these exemptions combined with the ample scope of this notion could provide unintended leeway to the health data processing activities of Big Tech platforms, which have not been immune from carrying out privacy-infringing and socially disruptive practices in the health domain. We thus discuss further finer-grained demarcations to be traced within the broadly construed notion of scientific research, geared to implementing use-based data governance frameworks that distinguish health research activities that should benefit from a facilitated data protection regime from those that should not. We conclude that a “re-purposing” of big data governance approaches in health research is needed if European nations are to promote research activities within a framework of high safeguards for both individual citizens and society.

scholarly journals Achieving GDPR Compliance through Provenance: An Extended Model

2020 ◽  
Author(s):  
Daniel Prett Campagna ◽  
Altigran Soares Da Silva ◽  
Vanessa Braganholo
Keyword(s):  
Digital Media ◽  
Data Protection ◽  
Design Patterns ◽  
Data Provenance ◽  
Extended Model ◽  
General Data Protection Regulation ◽  
Use Of Data ◽  
General Data ◽  
Technical Challenges ◽  
The Way

The approval of the General Data Protection Regulation (GDPR) brought a revolution in the way we treat data produced in digital media. The GDPR increases individuals’ participation in the treatment of their data, and it also introduces technical challenges, whose failure can lead to a fine of 4% of the organization’s annual revenue. Among many approaches that aim to contribute to the solutions of challenges introduced by GDPR, there is a research branch promoting the use of data provenance as a means to make transparent the increasingly complex workflows of systems. However, existing provenance models are not fully compliant with the GDPR. In this paper, we aim to contribute to the evolution of the GDPR data provenance model proposed by Ujcich et al.. We suggest eleven new changes that make the model more apparent and more compatible with the GDPR text. We also present two design patterns that should guide us in using these changes in real contexts.

scholarly journals Resolución contractual y destino de los datos y contenidos generados por los usuarios de servicios digitales = Ttermination of contract and destination of data and content generated by users of digital services

2020 ◽  
Vol 12 (1) ◽  
pp. 838
Author(s):  
Sergio Cámara Lapuente
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Digital Content ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Use Of Data ◽  
Digital Services ◽  
Scope Of Application ◽  
General Data ◽  
The One

Resumen: Durante el uso de los contenidos y servicios digitales puestos a disposición del consu­midor por los distintos proveedores, los usuarios facilitan y crean gran cantidad de datos. El tratamiento legal del control sobre el destino de estos datos se bifurca en la actualidad en dos normas: por una parte, si se trata de datos personales, se aplicará el Reglamento (UE) General de Protección de Datos de 2016 (RGPD); por otra parte, respecto a contenidos generados por los usuarios que no sean datos personales, las reglas de la reciente Directiva (UE) 2019/770, de 20 de mayo de 2019 sobre contratos de suministro de contenidos y servicios digitales (DCSD) será de aplicación tras su transposición.Este ensayo analiza la intersección de las normas sobre protección de datos personales con las nor­mas sobre la defensa contractual del consumidor al tiempo de la extinción de este tipo de contratos por vía de resolución. Para ello compara los rasgos de los derechos de supresión, olvido y portabilidad del Reglamento con los nuevos derechos de impedir el uso de los datos y de recuperarlos establecidos en la Directiva y concluye críticamente acerca del escaso impacto que estos últimos pueden llegar a tener de­bido a su reducido ámbito de aplicación, las escasas facultades y las excesivas excepciones incorporadas finalmente en uno de los preceptos centrales de la Directiva 2019/770.Palabras clave: contenidos digitales, servicios digitales, resolución, contrato de suministro, datos personales, portabilidad, derecho al olvido, derecho de supresión, Directiva (UE) 2019/770, Reglamento General de Protección de Datos, conformidad, contenidos generados por los usuarios, consumidor.Abstract: During the use of digital content and services made available to the consumer by diffe­rent traders and platforms, users provide and create large amounts of data. The legal treatment of control over the destination of these data currently splits into two pieces of legislation: on the one hand, in the case of personal data, the 2016 (EU) General Data Protection Regulation (GDPR) will apply; on the other hand, in the case of user-generated content other than personal data, the rules of the recent Direc­tive (EU) 2019/770 of 20 May 2019 on contracts for the supply of digital content and services (DCSD) will apply after transposition in Member States.This paper analyses the intersection of the rules on personal data protection with the rules on the contractual protection of the consumer at the time of the extinction of this type of contract by means of termination. To this end, it compares the features of the rights to erasure, to be forgotten and to portabi­lity of the Regulation with the new rights to prevent further use of data and to retrieve them established in the Directive, and critically concludes that the latter may have little impact due to their reduced scope of application, the limited powers and the excessive exceptions finally incorporated in one of the central articles of Directive 2019/770.Keywords: digital contents, digital services, termination, contract of supply, personal data, porta­bility, right to erasure, right to be forgotten, Directive (EU) 2019/770, General Data Protection Regula­tion, conformity, user generated contents, consumer.

Sign in / Sign up

Export Citation Format

Share Document