Introduction

2021 ◽  
pp. 1-6
Author(s):  
Dara Hallinan
Keyword(s):  
Data Protection ◽  
Genomic Data ◽  
Genomic Research ◽  
Privacy Rights ◽  
Genetic Privacy ◽  
General Data Protection Regulation ◽  
General Data ◽  
Research Questions ◽  
The Law

This introductory chapter provides an overview of the protection of genetic privacy in biobanking. The fact that genomic research relies on the processing of large quantities of individuals' genomic data has raised new questions as to which forms of privacy right are engaged by research, and as to which privacy rights holders are engaged by research: questions of genetic privacy. Ordinarily, one might look to the law to provide some clue, or image, as to which genetic privacy rights are worthy of protection and as to what an effective and proportionate approach to their protection should look like. In this regard, a brief look at the legal landscape relevant to biobanking in Europe reveals a great quantity of legislation apparently relevant for the protection of genetic privacy in biobanking. This book then takes an in-depth look at the function, problems, and opportunities presented by the General Data Protection Regulation (GDPR) as a framework for the protection of genetic privacy in biobanking in Europe.

Protecting Genetic Privacy in Biobanking through Data Protection Law

2021 ◽  
Author(s):  
Dara Hallinan
Keyword(s):  
Data Protection ◽  
Critical Infrastructure ◽  
Legal Framework ◽  
Privacy Rights ◽  
Genetic Privacy ◽  
General Data Protection Regulation ◽  
General Data ◽  
Research Biobanks ◽  
The Subject ◽  
Data Protection Law

Biobanks are critical infrastructure for medical research. Biobanks, however, are also the subject of considerable ethical and legal uncertainty. Given that biobanks process large quantities of genomic data, questions have emerged as to how genetic privacy should be protected. What types of genetic privacy rights and rights holders should be protected and to what extent? Since 25 May 2018, the General Data Protection Regulation (GDPR) has applied and now occupies a key position in the European legal framework for the regulation of biobanking. This book takes an in-depth look at the function, problems, and opportunities presented by European data protection law under the GDPR as a framework for the protection of genetic privacy in biobanking. It argues that the substantive framework presented by the GDPR already offers an admirable baseline level of protection for the range of genetic privacy rights engaged by biobanking. The book further contends that while numerous problems with this standard of protection are indeed identifiable, the GDPR offers the flexibility to accommodate solutions to these problems, as well as the procedural mechanisms to realise these solutions.

The Protection of Genetic Privacy in Biobanking at International Level

2021 ◽  
pp. 67-90
Author(s):  
Dara Hallinan
Keyword(s):  
Data Protection ◽  
Critical Analysis ◽  
Baseline Level ◽  
International Level ◽  
Legal Systems ◽  
Privacy Rights ◽  
Genetic Privacy ◽  
General Data Protection Regulation ◽  
General Data ◽  
International Instruments

This chapter sketches a baseline level of protection for genetic privacy rights in biobanking, against which legal systems, including the General Data Protection Regulation (GDPR), might be compared. This baseline level of protection is provided via identifying principles dealing with the protection of all types of genetic privacy rights, and rights holders, in biobanking in the international framework. The chapter identifies two types of international principles: common international principles—principles identified in a majority of all biobank-relevant international instruments; and emerging international principles—principles identifiable in a majority of biobank-specific international instruments. It also offers a critical analysis of the protection offered under the international framework. This critique does not aim to undermine the legitimacy of regarding identified international principles as offering a baseline level of protection. Rather, it merely aims to highlight that the protection provided has flaws, and thus should not be regarded as definitive or perfect.

Testing the GDPR in Relation to Biobanking

2021 ◽  
pp. 129-147
Author(s):  
Dara Hallinan
Keyword(s):  
Personal Data ◽  
Genomic Data ◽  
Privacy Rights ◽  
Genetic Privacy ◽  
General Data Protection Regulation ◽  
Health Lifestyle ◽  
Processing Operation ◽  
Processing Activity ◽  
General Data ◽  
Individual Research Results

This chapter looks at when the General Data Protection Regulation (GDPR) applies, rationae materiae, to biobanking—only when the law applies to biobanking can it be expected to provide any protection for genetic privacy rights in biobanking at all. The GDPR's applicability criteria are outlined in Article 2; criteria concern both the types of processing activity covered by the GDPR and the mechanics of processing covered by the GDPR. In relation to the mechanics of biobank processing, the situation is complex. The key question which emerges is which types of biobanking substances can qualify as personal data? The concept of personal data can be usefully broken down into two aspects of any processing operation. First, the substance being processed: to qualify as personal data, a substance must be able to fulfil three criteria. A substance must be ‘information’, it must ‘relate to’ a specific person, and that person must be a ‘natural person’. In the biobanking context, health, lifestyle, and biographical information, sequenced genomic data, and individual research results certainly fulfil these criteria. Second, the link between the substance and a specific individual: to qualify as personal data, a substance must relate to an individual who is ‘identified or identifiable’. All biobanking substances processed in either linked or pseudonymised form will certainly qualify as ‘identified or identifiable’.

The Second Internet: The Brussels Bourgeois Internet

2021 ◽  
pp. 77-91
Author(s):  
Kieron O’Hara
Keyword(s):  
European Union ◽  
Public Space ◽  
Data Protection ◽  
The European Union ◽  
Privacy Rights ◽  
General Data Protection Regulation ◽  
Internet Privacy ◽  
Data Protection Directive ◽  
General Data ◽  
Data Protection Law

This chapter describes the Brussels Bourgeois Internet. The ideal consists of positive, managed liberty where rights of others are respected, as in the bourgeois public space, where liberty follows only when rights are secured. The exemplar of this approach is the European Union, which uses administrative means, soft law, and regulation to project its vision across the Internet. Privacy and data protection have become the most emblematic struggles. Under the Data Protection Directive of 1995, the European Union developed data-protection law and numerous privacy rights, including a right to be forgotten, won in a case against Google Spain in 2014, the arguments about which are dissected. The General Data Protection Regulation (GDPR) followed in 2018, amplifying this approach. GDPR is having the effect of enforcing European data-protection law on international players (the ‘Brussels effect’), while the European Union over the years has developed unmatched expertise in data-protection law.

Conclusion

2021 ◽  
pp. 256-260
Author(s):  
Dara Hallinan
Keyword(s):  
Data Protection ◽  
Baseline Level ◽  
Genetic Privacy ◽  
General Data Protection Regulation ◽  
Early Stages ◽  
European Data ◽  
General Data ◽  
Data Protection Law

This concluding chapter argues that European data protection law, under the General Data Protection Regulation (GDPR), can and ought to be looked at to play a central role in the protection of genetic privacy in biobanking in Europe. In the first instance, the substantive framework presented by the GDPR already offers an impressive baseline level of protection for genetic privacy. In turn, while numerous problems with this baseline standard of protection are identifiable, the GDPR offers the normative flexibility to accommodate solutions to these problems, as well as the procedural mechanisms to facilitate the realisation of solutions. The interaction between GDPR and biobanking is still, however, in the early stages. Whether this potential is realised now depends on the decisions and actions of regulatory stakeholders in the biobanking space. Their decisions have the potential to optimise or undermine the GDPR as a system for the protection of genetic privacy in biobanking. The biobanking community also have consequential choices as to how they perceive and operationalise the GDPR.

Do We Need Data Protection at All?

2021 ◽  
pp. 91-128
Author(s):  
Dara Hallinan
Keyword(s):  
Data Protection ◽  
Thought Experiment ◽  
Legal Systems ◽  
Genetic Privacy ◽  
General Data Protection Regulation ◽  
European Data ◽  
Viable Solution ◽  
General Data ◽  
Data Protection Law ◽  
The Uk

This chapter assesses whether there is any need to consider European data protection law as a framework for the protection of genetic privacy in biobanking in Europe at all. To answer the question, the chapter conducts a thought experiment and examines what the standard of protection in Europe would look like if one were to exclude data protection law from consideration. This is merely a thought experiment, as data protection already plays, and will continue to play, a significant role in the protection of genetic privacy in biobanking in Europe. The exercise is enlightening, however, in showing the extent of flaws in protection in European legal systems stripped of data protection. In this regard, the chapter then maps the protection provided to genetic privacy in biobanking by the EU's, and three European states'—Estonia, Germany, and the UK—legal systems. It then engages in a critical analysis, highlighting the significant inadequacy of the protection provided by these systems excluding data protection law. Finally, the chapter shows why, generally, European data protection law under the General Data Protection Regulation (GDPR) looks a viable solution to address the problems displayed by other approaches.

Practical Privacy: Report from the GDPR World

2018 ◽  
Vol 18 (2) ◽  
pp. 76-79 ◽  
Author(s):  
Susan Doe
Keyword(s):  
Data Processing ◽  
Data Protection ◽  
Training Needs ◽  
Law Firms ◽  
Law Firm ◽  
General Data Protection Regulation ◽  
General Data ◽  
The Law

AbstractIn this article Susan Doe reports from the perspective of the law firm sector on the progress towards the introduction of the General Data Protection Regulation that became automatically ‘live’ on 25 May 2018. She provides an introduction to the Regulation, highlights some practicalities for law firms when considering compliance with GDPR and offers a ‘to do’ list with reference to the record of data processing, training needs, security, and contracts and documentation. She also provides advice on what should be considered especially in respect of client demands.

scholarly journals Biobanking between the EU and Third Countries — Can Data Sharing Be Facilitated via Soft Regulatory Tools?

2018 ◽  
Vol 25 (5) ◽  
pp. 517-536 ◽  
Author(s):  
Santa Slokenberga
Keyword(s):  
Data Sharing ◽  
Data Protection ◽  
Clinical Care ◽  
Research Capacity ◽  
Genomic Research ◽  
General Data Protection Regulation ◽  
Biobank Research ◽  
General Data ◽  
Legal Frameworks ◽  
The Eu

AbstractIn biobanking, collaboration and data sharing contribute to building genomic research capacity, and have the potential to further scientific advances that ultimately can result in advances in clinical care. However, in the absence of common applicable legal frameworks that enable collaboration, capacity building is hindered. With the applicability of the General Data Protection Regulation, the obstacles to data sharing which involve export of data from European Union Member States to third countries are expected to grow, rendering the collaboration between the EU and third countries even more challenging. This article examines how, if at all, data sharing in biobank research between the EU and third countries could be facilitated via the use of soft regulatory tools. It argues that although the existing soft tools might not in itself be suitable for meeting all the GDPR requirements, they could be the basis on which to raise the area-specific data protection bar globally.

scholarly journals The “A” of FAIR – As Open as Possible, as Closed as Necessary

2020 ◽  
Vol 2 (1-2) ◽  
pp. 47-55 ◽  
Author(s):  
Annalisa Landi ◽  
Mark Thompson ◽  
Viviana Giannuzzi ◽  
Fedele Bonifazi ◽  
Ignasi Labastida ◽  
...  
Keyword(s):  
Data Sharing ◽  
Data Protection ◽  
Personal Data ◽  
Health Data ◽  
Privacy Rights ◽  
Regulatory Requirements ◽  
Data Set ◽  
General Data Protection Regulation ◽  
Digital Era ◽  
General Data

In order to provide responsible access to health data by reconciling benefits of data sharing with privacy rights and ethical and regulatory requirements, Findable, Accessible, Interoperable and Reusable (FAIR) metadata should be developed. According to the H2020 Program Guidelines on FAIR Data, data should be “as open as possible and as closed as necessary”, “open” in order to foster the reusability and to accelerate research, but at the same time they should be “closed” to safeguard the privacy of the subjects. Additional provisions on the protection of natural persons with regard to the processing of personal data have been endorsed by the European General Data Protection Regulation (GDPR), Reg (EU) 2016/679, that came into force in May 2018. This work aims to solve accessibility problems related to the protection of personal data in the digital era and to achieve a responsible access to and responsible use of health data. We strongly suggest associating each data set with FAIR metadata describing both the type of data collected and the accessibility conditions by considering data protection obligations and ethical and regulatory requirements. Finally, an existing FAIR infrastructure component has been used as an example to explain how FAIR metadata could facilitate data sharing while ensuring protection of individuals.

The Proposed New EU General Data Protection Regulation

2012 ◽  
Vol 13 (2) ◽  
Author(s):  
Peter Traung
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Net Benefit ◽  
General Data Protection Regulation ◽  
Administrative Burden ◽  
General Data ◽  
The Law ◽  
Compliance With The Law ◽  
Considerable Work ◽  
The Impact

AbstractAmong other things, the proposed General Data Protection Regulation aims at substantially reducing fragmentation, administrative burden and cost and to provide clear rules, simplifying the legal environment. This article argues that considerable work is needed to achieve those goals and that the proposal fails to provide either substantial legal certainty or simplification, that it adds administrative burden while leaving ample risk of fragmentation. In particular, the proposal misses the opportunity of strengthening data protection while achieving substantial simplification through abolishing the controller/ processor distinction and allowing transfers with no reduction of the controller’s liability. Large parts of the proposal depend entirely on clarification through delegated acts issued by the Commission. Prospects for those being adopted look dire. Failing either delegated acts or substantial redrafting, those parts may become dead letter or worse. There is a highly problematic obligation to “demonstrate compliance” with the law. The proportionate alternative to a number of other obligations on controllers, such as to maintain various documentation, appoint data protection officers etc, is to include such obligations as possible behavioural sanctions in case of a proven breach of the law. The proposal also appears to raise issues regarding freedom of movement. The impact assessment largely fails to demonstrate a need and net benefit from the proposed additional obligations. It also appears to severely underestimate the costs of the proposals, partly due to what appears to be arithmetic errors. The proposal does interestingly and rudimentarily put a value on personal data, but the approach could be extended.

Sign in / Sign up

Export Citation Format

Share Document