4. Confidentiality and access to medical records

2018 ◽  
Author(s):  
Jo Samanta ◽  
Ash Samanta
Keyword(s):  
Data Protection ◽  
Medical Records ◽  
Personal Data ◽  
Press Freedom ◽  
Fundamental Aspect ◽  
Electronic Patient Records ◽  
Essential Information ◽  
General Data Protection Regulation ◽  
Related Information ◽  
Protection Legislation

Each Concentrate revision guide is packed with essential information, key cases, revision tips, exam Q&As, and more. Concentrates show you what to expect in a law exam, what examiners are looking for, and how to achieve extra marks. This chapter examines confidentiality as a fundamental aspect of doctor–patient relationships: its ethical basis and equitable, contractual, and tortious obligations. It then considers the law governing access to medical records and statute that necessitates fair and lawful processing of sensitive personal data, and the new EU General Data Protection Regulation aimed at harmonising data protection legislation. It discusses exceptions to the duty of confidentiality, including explicit and implied consent, prevention of harm to others, police investigation, public interests, and press freedom. The chapter considers confidentiality with respect to children; adults who lack capacity and deceased patients; remedies available for breach of confidence; access to electronic patient records; and issues raised by genetics-related information.

4. Confidentiality and access to medical records

2021 ◽  
pp. 59-76
Author(s):  
Jo Samanta ◽  
Ash Samanta
Keyword(s):  
Data Protection ◽  
Medical Records ◽  
Personal Data ◽  
Press Freedom ◽  
Fundamental Aspect ◽  
Electronic Patient Records ◽  
General Data Protection Regulation ◽  
Related Information ◽  
Protection Legislation ◽  
Patient Relationships

This chapter examines confidentiality as a fundamental aspect of doctor–patient relationships: its ethical basis and equitable, contractual, and tortious obligations. It then considers the law governing access to medical records and statute that necessitates fair and lawful processing of sensitive personal data and the EU General Data Protection Regulation aimed at harmonising data protection legislation. It discusses exceptions to the duty of confidentiality, including explicit and implied consent, prevention of harm to others, police investigation, public interests, and press freedom. The chapter considers confidentiality with respect to children; adults who lack capacity and deceased patients; remedies available for breach of confidence; access to electronic patient records; and issues raised by genetics-related information.

scholarly journals Data Sharing Under the General Data Protection Regulation

Hypertension ◽  
2021 ◽  
Vol 77 (4) ◽  
pp. 1029-1035
Author(s):  
Antonia Vlahou ◽  
Dara Hallinan ◽  
Rolf Apweiler ◽  
Angel Argiles ◽  
Joachim Beige ◽  
...  
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Research Approach ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Protection Legislation ◽  
General Data ◽  
Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

scholarly journals The EU General Data Protection Regulation (GDPR)

2020 ◽  
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Privacy Regulation ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
Ongoing Work ◽  
Protection Legislation ◽  
Recent Reform ◽  
General Data ◽  
The Eu

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.

scholarly journals Location Privacy in the Wake of the GDPR

2019 ◽  
Author(s):  
Yola Georgiadou ◽  
Rolf de By ◽  
Ourania Kounadi
Keyword(s):  
Data Protection ◽  
Location Privacy ◽  
Cultural Theory ◽  
Personal Data ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Digital Ecosystem ◽  
Protection Legislation ◽  
General Data ◽  
Conducting Research

The General Data Protection Regulation (GDPR) protects the personal data of natural persons and at the same time allows the free movement of such data within the European Union (EU). Hailed as majestic by admirers and dismissed as protectionist by critics, the Regulation is expected to have a profound impact around the world, including in the African Union (AU). For European–African consortia conducting research that may affect the privacy of African citizens, the question is ‘how to protect personal data of data subjects while at the same time ensuring a just distribution of the benefits of a global digital ecosystem?’ We use location privacy as a point of departure, because information about an individual’s location is different from other kinds of personally identifiable information. We analyse privacy at two levels, individual and cultural. Our perspective is interdisciplinary: we draw from computer science to describe three scenarios of transformation of volunteered/observed information to inferred information about a natural person and from cultural theory to distinguish four privacy cultures emerging within the EU in the wake of GDPR. We highlight recent data protection legislation in the AU and discuss factors that may accelerate or inhibit the alignment of data protection legislation in the AU with the GDPR.

scholarly journals The GDPR as Global Data Protection Regulation?

AJIL Unbound ◽  
2020 ◽  
Vol 114 ◽  
pp. 5-9 ◽  
Author(s):  
Cedric Ryngaert ◽  
Mistale Taylor
Keyword(s):  
International Law ◽  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
Protection Legislation ◽  
General Data ◽  
Global Data ◽  
The Eu

The deterritorialization of the Internet and international communications technology has given rise to acute jurisdictional questions regarding who may regulate online activities. In the absence of a global regulator, states act unilaterally, applying their own laws to transborder activities. The EU's “extraterritorial” application of its data protection legislation—initially the Data Protection Directive (DPD) and, since 2018, the General Data Protection Regulation (GDPR)—is a case in point. The GDPR applies to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services . . . to such data subjects in the Union; or (b) the monitoring of their behaviour . . . within the Union.” It also conditions data transfers outside the EU on third states having adequate (meaning essentially equivalent) data protection standards. This essay outlines forms of extraterritoriality evident in EU data protection law, which could be legitimized by certain fundamental rights obligations. It then looks at how the EU balances data protection with third states’ countervailing interests. This approach can involve burdens not only for third states or corporations, but also for the EU political branches themselves. EU law viewed through the lens of public international law shows how local regulation is going global, despite its goal of protecting only EU data subjects.

scholarly journals Location Privacy in the Wake of the GDPR

2019 ◽  
Vol 8 (3) ◽  
pp. 157 ◽  
Author(s):  
Yola Georgiadou ◽  
Rolf de By ◽  
Ourania Kounadi
Keyword(s):  
Data Protection ◽  
Location Privacy ◽  
Cultural Theory ◽  
Personal Data ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Digital Ecosystem ◽  
Protection Legislation ◽  
General Data ◽  
Conducting Research

The General Data Protection Regulation (GDPR) protects the personal data of natural persons and at the same time allows the free movement of such data within the European Union (EU). Hailed as majestic by admirers and dismissed as protectionist by critics, the Regulation is expected to have a profound impact around the world, including in the African Union (AU). For European–African consortia conducting research that may affect the privacy of African citizens, the question is `how to protect personal data of data subjects while at the same time ensuring a just distribution of the benefits of a global digital ecosystem?’ We use location privacy as a point of departure, because information about an individual’s location is different from other kinds of personally identifiable information. We analyse privacy at two levels, individual and cultural. Our perspective is interdisciplinary: we draw from computer science to describe three scenarios of transformation of volunteered or observed information to inferred information about a natural person and from cultural theory to distinguish four privacy cultures emerging within the EU in the wake of GDPR. We highlight recent data protection legislation in the AU and discuss factors that may accelerate or inhibit the alignment of data protection legislation in the AU with the GDPR.

scholarly journals AUTONOMOUS VEHICLES AND EUROPEAN DATA PROTECTION LAW

2020 ◽  
Vol 17 (1) ◽  
pp. 6
Author(s):  
Eva Fialová
Keyword(s):  
Data Protection ◽  
Autonomous Vehicles ◽  
Personal Data ◽  
Legal Regulation ◽  
Huge Amount ◽  
General Data Protection Regulation ◽  
Location Data ◽  
European Data ◽  
Protection Legislation ◽  
General Data

Autonomous vehicles process a huge amount of data about the driver, or rather passengers of the vehicle, as well as about other persons (pedestrians and passengers of other vehicles). This is why the autonomous vehicles raise questions about the protection of personal data. In 2018 a new European data protection legislation came into force. The General Data Protection Regulation places new obligations on controllers of personal data and provides new rights to data subjects, which will relate to operations of autonomous vehicles and their infrastructure. The providers thereof will have to implement the principles of data protection legislation into their systems. In this context the personal data is not just data concerning the identity of the driver, a passenger or other persons, but any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or even due to a peculiar behaviour in the vehicle. The paper will focus on the new legal regulation in relation to the operation of autonomous vehicles.Autonomní vozidla zpracovávají velké množství údajů o řidiči vozidla, resp. cestujících ve vozidle, jakož i o dalších osobách (spolucestujících, chodcích a pasažérech v jiných vozidlech). To je důvod, proč provoz autonomních vozidel vyvolává řadu otázek týkajících se ochrany osobních údajů. V roce 2018 nabyla účinnosti nová evropská právní úprava regulující tuto oblast. Obecné nařízení o ochraně osobních údajů přináší nové povinnosti správcům osobních údajů, jakož i nová práva subjektům údajů, která se budou týkat provozu autonomních vozidel a infrastruktury. Výrobci a poskytovatelé služeb budou muset do svých systémů implementovat legislativu o ochraně osobních údajů. Osobními údaji nejsou pouze údaje týkající se totožnosti řidiče, cestujících nebo jiných osob, ale veškeré informace vztahujících se k identifikované nebo identifikovatelné fyzické osobě, kterou lze přímo nebo nepřímo identifikovat, zejména odkazem na identifikátor, jako je např. název, identifikační číslo, lokalizační údaje, nebo třeba i kvůli osobitému chování ve vozidle. Tento článek se zaměřuje na novou právní úpravu ve vztahu k provozu autonomních vozidel.

scholarly journals Privacy Engineering for Domestic IoT: Enabling Due Diligence

Sensors ◽  
2019 ◽  
Vol 19 (20) ◽  
pp. 4380
Author(s):  
Tom Lodge ◽  
Andy Crabtree
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Legal Aspects ◽  
Due Diligence ◽  
Development Environment ◽  
General Data Protection Regulation ◽  
Iot Applications ◽  
Related Information ◽  
Use Of Data

The EU’s General Data Protection Regulation (GDPR) has recently come into effect and insofar as Internet of Things (IoT) applications touch EU citizens or their data, developers are obliged to exercise due diligence and ensure they undertake Data Protection by Design and Default (DPbD). GDPR mandates the use of Data Protection Impact Assessments (DPIAs) as a key heuristic enabling DPbD. However, research has shown that developers generally lack the competence needed to deal effectively with legal aspects of privacy management and that the difficulties of complying with regulation are likely to grow considerably. Privacy engineering seeks to shift the focus from interpreting texts and guidelines or consulting legal experts to embedding data protection within the development process itself. There are, however, few examples in practice. We present a privacy-oriented, flow-based integrated development environment (IDE) for building domestic IoT applications. The IDE enables due diligence in (a) helping developers reason about personal data during the actual in vivo construction of IoT applications; (b) advising developers as to whether or not the design choices they are making occasion the need for a DPIA; and (c) attaching and making available to others (including data processors, data controllers, data protection officers, users and supervisory authorities) specific privacy-related information that has arisen during an application’s development.

scholarly journals To What Extent are Consumers Harmed in the Digital Market from the Perspective of the GDPR?

2021 ◽  
Vol 04 (08) ◽  
Author(s):  
Ammar Younas ◽  
Keyword(s):  
Data Processing ◽  
Data Protection ◽  
Personal Data ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Legal Instrument ◽  
Protection Legislation ◽  
High Level ◽  
Existing Data ◽  
The Eu

The European Union has recently enacted a new law, the General Data Protection Regulation (GDPR),1 which is designed to strengthen existing data protection legislation in the EU. The selection of Regulation itself as a legal instrument makes the GDPR stronger than Directive as it ensures a uniform and consistent implementation of rules thereby, consolidating the EU digital single market. The GDPR reforms existing data protection policy by imposing more stringent obligations on not only data controllers but also on data processors relating to obtaining a valid consent,2 ensuring transparency of automated decision making3 and security of data processing,4 and by providing new rights for data subjects. Data subjects are entitled to withdraw their consent,5 request their data to be transferred to another data controller6 or to be deleted.7 Also, the GDPR includes certain principles aimed at regulating its cross border transfers of the EU citizens’ personal data to ensure a high level of protection outside the EU.8 Taking into account the above mentioned policies along with others, some scholars describe the GDPR as ‘the most consequential regulatory development in information policy in generation’ that has teeth.9 However, the GDPR cannot be claimed as a legal instrument that effectively deals with all threats of the digital market to consumers. This paper argues that although the GDPR has considerably expanded the rights of consumers thereby, enabling them to regain control over their personal data to certain extent, the effectiveness of its principles is limited and cannot ensure full security of data processing. Firstly, it examines the effectiveness of consent principle of the GDPR in empowering consumers to control over their data and make a genuine choice. Secondly, it analyzes “data control-rights” of consumers. Finally, it comprehensively discusses extraterritorial application of the GDPR and regulation of international transfers of data.

The Risk-Based Approach to Data Protection

2020 ◽  
Author(s):  
Raphaël Gellert
Keyword(s):  
Risk Management ◽  
Data Protection ◽  
Personal Data ◽  
Management Tools ◽  
General Data Protection Regulation ◽  
Regulation Theory ◽  
Régulation Theory ◽  
General Data ◽  
Data Protection Law ◽  
The Way

The main goal of this book is to provide an understanding of what is commonly referred to as “the risk-based approach to data protection”. An expression that came to the fore during the overhaul process of the EU’s General Data Protection Regulation (GDPR)—even though it can also be found in other statutes under different acceptations. At its core it consists in endowing the regulated organisation that process personal data with increased responsibility for complying with data protection mandates. Such increased compliance duties are performed through risk management tools. It addresses this topic from various perspectives. In framing the risk-based approach as the latest model of a series of regulation models, the book provides an analysis of data protection law from the perspective of regulation theory as well as risk and risk management literatures, and their mutual interlinkages. Further, it provides an overview of the policy developments that led to the adoption of such an approach, which it discusses in the light of regulation theory. It also includes various discussions pertaining to the risk-based approach’s scope and meaning, to the way it has been uptaken in statutes including key provisions such as accountability and data protection impact assessments, or to its potential and limitations. Finally, it analyses how the risk-based approach can be implemented in practice by providing technical analyses of various data protection risk management methodologies.

Sign in / Sign up

Export Citation Format

Share Document