scholarly journals Record linkage of routine data with cohorts’ data of infants under European and Portuguese law

2020 ◽  
Vol 30 (Supplement_5) ◽  
Author(s):  
J Doetsch ◽  
I Lopes ◽  
R Redinha ◽  
H Barros
Keyword(s):  
Big Data ◽  
Data Processing ◽  
Data Protection ◽  
Record Linkage ◽  
Data Science ◽  
Personal Data ◽  
Routine Data ◽  
Cohort Data ◽  
Education Data ◽  
Explicit Consent

Abstract The usage and exchange of “big data” is at the forefront of the data science agenda where Record Linkage plays a prominent role in biomedical research. In an era of ubiquitous data exchange and big data, Record Linkage is almost inevitable, but raises ethical and legal problems, namely personal data and privacy protection. Record Linkage refers to the general merging of data information to consolidate facts about an individual or an event that are not available in a separate record. This article provides an overview of ethical challenges and research opportunities in linking routine data on health and education with cohort data from very preterm (VPT) infants in Portugal. Portuguese, European and International law has been reviewed on data processing, protection and privacy. A three-stage analysis was carried out: i) interplay of threefold law-levelling for Record Linkage at different levels; ii) impact of data protection and privacy rights for data processing, iii) data linkage process' challenges and opportunities for research. A framework to discuss the process and its implications for data protection and privacy was created. The GDPR functions as utmost substantial legal basis for the protection of personal data in Record Linkage, and explicit written consent is considered the appropriate basis for the processing sensitive data. In Portugal, retrospective access to routine data is permitted if anonymised; for health data if it meets data processing requirements declared with an explicit consent; for education data if the data processing rules are complied. Routine health and education data can be linked to cohort data if rights of the data subject and requirements and duties of processors and controllers are respected. A strong ethical context through the application of the GDPR in all phases of research need to be established to achieve Record Linkage between cohort and routine collected records for health and education data of VPT infants in Portugal. Key messages GDPR is the most important legal framework for the protection of personal data, however, its uniform approach granting freedom to its Member states hampers Record Linkage processes among EU countries. The question remains whether the gap between data protection and privacy is adequately balanced at three legal levels to guarantee freedom for research and the improvement of health of data subjects.

scholarly journals Record linkage of population-based cohort data from minors with national register data: a scoping review and comparative legal analysis of four European countries

2021 ◽  
Vol 1 ◽  
pp. 58
Author(s):  
Julia Nadine Doetsch ◽  
Vasco Dias ◽  
Marit S. Indredavik ◽  
Jarkko Reittu ◽  
Randi Kallar Devold ◽  
...  
Keyword(s):  
The Netherlands ◽  
Public Good ◽  
Scoping Review ◽  
Data Protection ◽  
Record Linkage ◽  
Scientific Research ◽  
Personal Data ◽  
Member States ◽  
National Legislation ◽  
Cohort Data

Background: The General Data Protection Regulation (GDPR) was implemented to build an overarching framework for personal data protection across the European Union/Economic Area (EU/EEA). Linkage of data directly collected from cohort participants based on individual consent must respect data protection rules and privacy rights of data subjects. Our objective was to investigate possibilities of linking cohort data of minors with routinely collected education and health data comparing EU/EEA member states. Methods: A legal comparative analysis and scoping review was conducted of openly online accessible published laws and regulations in EUR-Lex and national law databases on GDPR’s implementation in Portugal, Finland, Norway, and the Netherlands and its connected national regulations purposing record linkage for health research that have been implemented up until April 30, 2021. Results: EU/EEA has limited legislative authority over member states. The GDPR offers flexibility for national legislation. Exceptions to process personal data, e.g., public interest and scientific research, must be laid down in EU/EEA or national law. Differences in national interpretation caused obstacles in cross-national research and record linkage: Portugal requires written consent and ethical approval; Finland allows linkage mostly without consent through the national Data Protection Supervisory Authority; Norway when based on regional ethics committee’s approval and adequate information technology safeguarding confidentiality; the Netherlands mainly bases linkage on the opt-out system and Data Protection Impact Assessment. Conclusions: Though the GDPR is the most important legal framework, national legislation execution matters most when linking cohort data with routinely collected health and education data. As national interpretation varies, legal intervention balancing individual right to informational self-determination and public good is gravely needed for scientific research. More harmonization across EU/EEA could be helpful but should not be detrimental in those member states which already opened a leeway for registries and research for the public good without explicit consent.

A Process-based Approach to Informational Privacy and the Case of Big Medical Data

2019 ◽  
Vol 20 (1) ◽  
pp. 257-290 ◽  
Author(s):  
Michael Birnhack
Keyword(s):  
Big Data ◽  
Data Processing ◽  
Human Dignity ◽  
Data Protection ◽  
Linear Logic ◽  
Personal Data ◽  
Medical Data ◽  
Informational Privacy ◽  
Ex Post ◽  
Data Protection Law

Abstract Data protection law has a linear logic, in that it purports to trace the lifecycle of personal data from creation to collection, processing, transfer, and ultimately its demise, and to regulate each step so as to promote the data subject’s control thereof. Big data defies this linear logic, in that it decontextualizes data from its original environment and conducts an algorithmic nonlinear mix, match, and mine analysis. Applying data protection law to the processing of big data does not work well, to say the least. This Article examines the case of big medical data. A survey of emerging research practices indicates that studies either ignore data protection law altogether or assume an ex post position, namely that because they are conducted after the data has already been created in the course of providing medical care, and they use de-identified data, they go under the radar of data protection law. These studies focus on the end-point of the lifecycle of big data: if sufficiently anonymous at publication, the previous steps are overlooked, on the claim that they enjoy immunity. I argue that this answer is too crude. To portray data protection law in its best light, we should view it as a process-based attempt to equip data subjects with some power to control personal data about them, in all phases of data processing. Such control reflects the underlying justification of data protection law as an implementation of human dignity. The process-based approach fits current legal practices and is justified by reflecting dignitarian conceptions of informational privacy.

A study on the personal data processing and the UCPD: Focused on Italy, Germany and the UK

2020 ◽  
pp. 1023263X2096149
Author(s):  
Maja Nisevic
Keyword(s):  
Big Data ◽  
Data Processing ◽  
Consumer Protection ◽  
Data Protection ◽  
Big Data Analytics ◽  
Personal Data ◽  
The European Union ◽  
Consumer Privacy ◽  
Commercial Practice ◽  
Unfair Commercial Practice

Manipulation with Big Data Analytics allows commercial exploitation of individuals based on unfair commercial practices. Consequently, the concepts of consumer protection are essential in the data-driven economy and a central issue for effective safety for individuals in the Big Data Age. Although the fields of consumer protection and data protection in the European Union (EU) have developed separately, there is an unambiguous relationship between them. While the GDPR plays a crucial role in an individual’s data protection in a case of personal data processing, Directive 2005/29/EC (UCPD) plays an essential role in regulating an individual’s protection from the unfair commercial practice when it comes to personal data processing. A vital aspect of the UCPD is the enforcement of issues related to consumer privacy. However, a much-debated question is whether the UCPD is fully effective or not when it comes to personal data processing. This paper examines case law examples on WhatsApp and Facebook in Italy, Germany and the United Kingdom. This paper also aims to come to a conclusion on the issue of the applicability of the rules on unfair commercial practice when it comes to data processing.

scholarly journals Big Block Chain Data

2019 ◽  
Vol 8 (6S2) ◽  
pp. 626-630
Keyword(s):  
Big Data ◽  
Data Processing ◽  
Data Protection ◽  
Data Science ◽  
Cloud Security ◽  
Progressive Aspect ◽  
Block Chain ◽  
Tight Correlation ◽  
Standard Techniques

The expression 'Big Block Chain Data' is coined to convey the tight correlation and interlinking between two recently advancing technologies namely Big Data and Block Chain. Issues such as data protection and enormous information scalability inevitably require tradeoff to address more issues. This element is more crucial when considering big data, which is a progressive aspect of data science and cloud security in the network. Because it deals with extremely large information volume and cannot be addressed using standard techniques of data processing. The aim of this paper is to filter the requirements presented by the multi-disciplines areas like business, computing, law, etc in the form of feasible and satiable implementations for combining these two core technologies

scholarly journals Record linkage of population-based cohort data from minors with national register data: a scoping review and comparative legal analysis of four European countries

2021 ◽  
Vol 1 ◽  
pp. 58
Author(s):  
Julia Nadine Doetsch ◽  
Vasco Dias ◽  
Marit S. Indredavik ◽  
Jarkko Reittu ◽  
Randi Kallar Devold ◽  
...  
Keyword(s):  
The Netherlands ◽  
Public Good ◽  
Scoping Review ◽  
Data Protection ◽  
Record Linkage ◽  
Health Research ◽  
Personal Data ◽  
Health Data ◽  
Member States ◽  
Cohort Data

Background: The GDPR was implemented to build an overarching framework for personal data protection across the EU/EEA. Linkage of data directly collected from cohort participants, potentially serving as a prominent tool for health research, must respect data protection rules and privacy rights. Our objective was to investigate law possibilities of linking cohort data of minors with routinely collected education and health data comparing EU/EEA member states. Methods: A legal comparative analysis and scoping review was conducted of openly accessible published laws and regulations in EUR-Lex and national law databases on GDPR’s implementation in Portugal, Finland, Norway, and the Netherlands and its connected national regulations purposing record linkage for health research that have been implemented up until April 30, 2021. Results: The GDPR does not ensure total uniformity in data protection legislation across member states offering flexibility for national legislation. Exceptions to process personal data, e.g., public interest and scientific research, must be laid down in EU/EEA or national law. Differences in national interpretation caused obstacles in cross-national research and record linkage: Portugal requires written consent and ethical approval; Finland allows linkage mostly without consent through the national Social and Health Data Permit Authority; Norway when based on regional ethics committee’s approval and adequate information technology safeguarding confidentiality; the Netherlands mainly bases linkage on the opt-out system and Data Protection Impact Assessment. Conclusions: Though the GDPR is the most important legal framework, national legislation execution matters most when linking cohort data with routinely collected health and education data. As national interpretation varies, legal intervention balancing individual right to informational self-determination and public good is gravely needed for health research. More harmonization across EU/EEA could be helpful but should not be detrimental in those member states which already opened a leeway for registries and research for the public good without explicit consent.

Big Data, Anonymisation and Governance to Personal Data Protection

2020 ◽  
Author(s):  
Artur Potiguara Carvalho ◽  
Fernanda Potiguara Carvalho ◽  
Edna Dias Canedo ◽  
Pedro Henrique Potiguara Carvalho
Keyword(s):  
Big Data ◽  
Data Protection ◽  
Personal Data ◽  
Personal Data Protection

scholarly journals Reconciliation of anti-money laundering instruments and European data protection requirements in permissionless blockchain spaces

2021 ◽  
Vol 7 (1) ◽  
Author(s):  
Iwona Karasek-Wojciechowicz
Keyword(s):  
Data Processing ◽  
Money Laundering ◽  
Data Protection ◽  
Task Force ◽  
Policy Instruments ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Terrorist Financing ◽  
The Government ◽  
High Level

AbstractThis article is an attempt to reconcile the requirements of the EU General Data Protection Regulation (GDPR) and anti-money laundering and combat terrorist financing (AML/CFT) instruments used in permissionless ecosystems based on distributed ledger technology (DLT). Usually, analysis is focused only on one of these regulations. Covering by this research the interplay between both regulations reveals their incoherencies in relation to permissionless DLT. The GDPR requirements force permissionless blockchain communities to use anonymization or, at the very least, strong pseudonymization technologies to ensure compliance of data processing with the GDPR. At the same time, instruments of global AML/CFT policy that are presently being implemented in many countries following the recommendations of the Financial Action Task Force, counteract the anonymity-enhanced technologies built into blockchain protocols. Solutions suggested in this article aim to induce the shaping of permissionless DLT-based networks in ways that at the same time would secure the protection of personal data according to the GDPR rules, while also addressing the money laundering and terrorist financing risks created by transactions in anonymous blockchain spaces or those with strong pseudonyms. Searching for new policy instruments is necessary to ensure that governments do not combat the development of all privacy-blockchains so as to enable a high level of privacy protection and GDPR-compliant data processing. This article indicates two AML/CFT tools which may be helpful for shaping privacy-blockchains that can enable the feasibility of such tools. The first tool is exceptional government access to transactional data written on non-transparent ledgers, obfuscated by advanced anonymization cryptography. The tool should be optional for networks as long as another effective AML/CFT measures are accessible for the intermediaries or for the government in relation to a given network. If these other measures are not available and the network does not grant exceptional access, the regulations should allow governments to combat the development of those networks. Effective tools in that scope should target the value of privacy-cryptocurrency, not its users. Such tools could include, as a tool of last resort, state attacks which would undermine the trust of the community in a specific network.

scholarly journals Digital Economy, Big Data and Competition Law

2019 ◽  
Vol 3 (1) ◽  
pp. 53-89
Author(s):  
Roberto Augusto Castellanos Pfeiffer
Keyword(s):  
Big Data ◽  
Data Protection ◽  
Personal Data ◽  
Competition Law ◽  
Digital Economy ◽  
Data Driven ◽  
Dominant Position ◽  
Privacy Concerns ◽  
Sense Data ◽  
Abuse Of Dominant Position

Big data has a very important role in the digital economy, because firms have accurate tools to collect, store, analyse, treat, monetise and disseminate voluminous amounts of data. Companies have been improving their revenues with information about the behaviour, preferences, needs, expectations, desires and evaluations of their consumers. In this sense, data could be considered as a productive input. The article focuses on the current discussion regarding the possible use of competition law and policy to address privacy concerns related to big data companies. The most traditional and powerful tool to deal with privacy concerns is personal data protection law. Notwithstanding, the article examines whether competition law should play an important role in data-driven markets where privacy is a key factor. The article suggests a new approach to the following antitrust concepts in cases related to big data platforms: assessment of market power, merger notification thresholds, measurement of merger effects on consumer privacy, and investigation of abuse of dominant position. In this context, the article analyses decisions of competition agencies which reviewed mergers in big data-driven markets, such as Google/DoubleClick, Facebook/ WhatsApp and Microsoft/LinkedIn. It also reviews investigations of alleged abuse of dominant position associated with big data, in particular the proceeding opened by the Bundeskartellamt against Facebook, in which the German antitrust authority prohibited the data processing policy imposed by Facebook on its users. The article concludes that it is important to harmonise the enforcement of competition, consumer and data protection polices in order to choose the proper way to protect the users of dominant platforms, maximising the benefits of the data-driven economy.

Sign in / Sign up

Export Citation Format

Share Document