Building trust and transparency? Challenges of the opt-out system and the secondary use of health data in England

2019 ◽  
Vol 19 (2-3) ◽  
pp. 159-181 ◽  
Author(s):  
Janos Meszaros ◽  
Chih-hsing Ho
Keyword(s):  
United Kingdom ◽  
Data Protection ◽  
Health Data ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Secondary Use ◽  
Building Trust ◽  
The United Kingdom ◽  
Opt Out ◽  
General Data

After the failure of the care.data programme, a revised opt-out system has been introduced for British citizens to protect their health data from 2018. However, there are several exemptions from the previous and the revised opt-out systems, some of which are overly broad. For instance, the opt-outs may be completely ignored in the case of ‘anonymised’ data. The data protection terminology in the United Kingdom is slightly different from that in the European Union, and the key issue is that the terms are not used consistently, even in the most important documents and guidelines. This situation may lead to a weak opt-out system with transparency issues, which might erode public trust and lead to a repeat of the care.data failure. Furthermore, the United Kingdom intends to comply with the General Data Protection Regulation after Brexit, thus these differences may cause compatibility issues in the future.

scholarly journals The Policy Effect of the General Data Protection Regulation (GDPR) on the Digital Public Health Sector in the European Union: An Empirical Investigation

2019 ◽  
Vol 16 (6) ◽  
pp. 1070 ◽  
Author(s):  
Bocong Yuan ◽  
Jiannan Li
Keyword(s):  
European Union ◽  
Financial Performance ◽  
Data Protection ◽  
Digital Health ◽  
Rapid Development ◽  
Health Data ◽  
Personal Health ◽  
The European Union ◽  
General Data Protection Regulation ◽  
General Data

The rapid development of digital health poses a critical challenge to the personal health data protection of patients. The European Union General Data Protection Regulation (EU GDPR) works in this context; it was passed in April 2016 and came into force in May 2018 across the European Union. This study is the first attempt to test the effectiveness of this legal reform for personal health data protection. Using the difference-in-difference (DID) approach, this study empirically examines the policy influence of the GDPR on the financial performance of hospitals across the European Union. Results show that hospitals with the digital health service suffered from financial distress after the GDPR was published in 2016. This reveals that during the transition period (2016–2018), hospitals across the European Union indeed made costly adjustments to meet the requirements of personal health data protection introduced by this new regulation, and thus inevitably suffered a policy shock to their financial performance in the short term. The implementation of GDPR may have achieved preliminary success.

The journey of research data: Accessing nordic health data for the purposes of developing an algorithm

2021 ◽  
pp. 096853322110461
Author(s):  
Katharina Ó Cathaoir ◽  
Hrefna Dögg Gunnarsdóttir ◽  
Mette Hartlev
Keyword(s):  
Data Protection ◽  
Data Access ◽  
Ethics Committees ◽  
Health Data ◽  
Data Sets ◽  
Domestic Institutions ◽  
General Data Protection Regulation ◽  
Secondary Use ◽  
General Data ◽  
Access Data

This article traces the journey of Nordic health data requested for developing a healthcare algorithm. We focus on the legal requirements and highlight that differences in the legislation of Denmark, Norway and Iceland, and the interpretation thereof by responsible bodies, can pose a barrier for scientific researchers. In addition, non-legal institutional requirements or practices may hamper data access. First, despite some European harmonization, the mandate of research ethics committees and the data protection authorities vary in the three countries. Second, domestic institutions impose tailored requirements, sometimes only allowing domestic or affiliated researchers to access data sets. Third, the manner in which a dataset is collected, catalogued and stored has implications for data access. We make several recommendations for increasing transparency in Nordic data access, such as, increasing knowledge sharing regarding interpretation of General Data Protection Regulation (GDPR) criteria, adopting clearer regulations and pursuing greater citizen engagement in secondary use of health data.

OP279 Data Protection In The European Union Post-General Data Protection Regulation (GDPR): A Barrier Or An Enabler Of Pharmaceutical Innovation?

2021 ◽  
Vol 37 (S1) ◽  
pp. 10-11
Author(s):  
Amanda Cole ◽  
Adrian Towse
Keyword(s):  
Data Protection ◽  
Cyber Security ◽  
Digital Health ◽  
Good Practice ◽  
Unmet Need ◽  
Scientific Research ◽  
Health Data ◽  
The European Union ◽  
General Data Protection Regulation ◽  
General Data

IntroductionThe expansion of health data offers exciting opportunities to support better and more efficient drug discovery, development and implementation. Data protection and governance provide the legal framework to balance safeguarding patients’ privacy with the benefits to society of medical research. Our aim is to highlight current legal barriers to the better use of health data and propose ways to address them.MethodsAnalysis of the relevant legislative texts was supplemented by interviews with external experts in data protection, health research, informatics and cyber security and a workshop with pharmaceutical industry members. We investigated the legal issues arising for six key activities along the pharmaceutical lifecycle, from identifying unmet need through to health technology assessment and pharmacovigilance.ResultsThe General Data Protection Regulation (GDPR) was introduced in May 2018 to Harmonise data protection across Europe. However, considerable ambiguity remains, particularly around the appropriate legal bases for data processing in the absence of consent: scientific research, public interest, or provision of health or social care. Other key themes included data subject rights, anonymization, compatibility of primary and secondary (re-)use of data, heterogeneity arising from divergent interpretation, the need for guidance on digital health, and the importance of trust.ConclusionsWe speculate which legal bases are most appropriate for the six pharmaceutical activities studied, but clear guidance and consensus is required. The GDPR was not designed to hamper scientific research, and the issues identified arose from uncertainties rather than barriers per se. Industry and academic researchers should therefore deal proactively with the prevailing uncertainties, share good practice, and engender trust by co-creating a code of conduct and outlining principles of responsible use. Engagement with patients will be critical in encouraging a shared understanding of the value to society of health data for research.

Regulatory Challenges of Data Mining Practices: The Case of the Never-ending Lifecycles of ‘Health Data’

2018 ◽  
Vol 25 (3) ◽  
pp. 284-307
Author(s):  
Giovanni Comandè ◽  
Giulia Schneider
Keyword(s):  
Data Mining ◽  
Data Protection ◽  
Personal Data ◽  
Health Data ◽  
General Level ◽  
General Data Protection Regulation ◽  
The Face ◽  
General Data ◽  
Level Of Analysis

Abstract Health data are the most special of the ‘special categories’ of data under Art. 9 of the General Data Protection Regulation (GDPR). The same Art. 9 GDPR prohibits, with broad exceptions, the processing of ‘data concerning health’. Our thesis is that, through data mining technologies, health data have progressively undergone a process of distancing from the healthcare sphere as far as the generation, the processing and the uses are concerned. The case study aims thus to test the endurance of the ‘special category’ of health data in the face of data mining technologies and the never-ending lifecycles of health data they feed. At a more general level of analysis, the case of health data shows that data mining techniques challenge core data protection notions, such as the distinction between sensitive and non-sensitive personal data, requiring a shift in terms of systemic perspectives that the GDPR only partly addresses.

scholarly journals Data Sharing Under the General Data Protection Regulation

Hypertension ◽  
2021 ◽  
Vol 77 (4) ◽  
pp. 1029-1035
Author(s):  
Antonia Vlahou ◽  
Dara Hallinan ◽  
Rolf Apweiler ◽  
Angel Argiles ◽  
Joachim Beige ◽  
...  
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Research Approach ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Protection Legislation ◽  
General Data ◽  
Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

scholarly journals Datos relativos a la salud y datos genéticos: consecuencias jurídicas de su conceptualización / Health data and Genetic data: the legal consequences of their conceptualization

2018 ◽  
pp. 55-66
Author(s):  
Daniel Jove Villares
Keyword(s):  
Data Protection ◽  
Genetic Data ◽  
Health Data ◽  
General Data Protection Regulation ◽  
Related Information ◽  
Health Related ◽  
General Data ◽  
New Criteria ◽  
Legal Consequences ◽  
Scope Of Protection

Existen determinadas categorías de datos que, por sus características, requieren de un régimen más estricto, regulación que, en ocasiones está necesitada de concreción. El presente trabajo incide en la necesidad de repensar qué datos genéticos y qué informaciones relacionadas con la salud deben considerarse como sensibles, amén de proponer nuevos criterios para su delimitación. La clarificación de la esfera de protección de estas tipologías de datos se hace perentoria en aquellos ordenamientos en que se establezcan limitaciones adicionales para las categorías de datos que protagonizan este artículo. Situación que el Reglamento General de Protección de Datos de la Unión Europea habilita.   There are certain categories of data which, due to their characteristics, require a stricter regime, regulation which, at times, needs to be specified. This paper focuses on the need to rethink which genetic data and health-related information should be considered as sensitive and to propose new criteria for their delimitation. The clarification of the scope of protection of these types of data is urgently needed in those legal systems in which additional limitations are established for the categories of data covered by this article. Situation that the European Union's General Data Protection Regulation enables. 

scholarly journals Location Privacy in the Wake of the GDPR

2019 ◽  
Author(s):  
Yola Georgiadou ◽  
Rolf de By ◽  
Ourania Kounadi
Keyword(s):  
Data Protection ◽  
Location Privacy ◽  
Cultural Theory ◽  
Personal Data ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Digital Ecosystem ◽  
Protection Legislation ◽  
General Data ◽  
Conducting Research

The General Data Protection Regulation (GDPR) protects the personal data of natural persons and at the same time allows the free movement of such data within the European Union (EU). Hailed as majestic by admirers and dismissed as protectionist by critics, the Regulation is expected to have a profound impact around the world, including in the African Union (AU). For European–African consortia conducting research that may affect the privacy of African citizens, the question is ‘how to protect personal data of data subjects while at the same time ensuring a just distribution of the benefits of a global digital ecosystem?’ We use location privacy as a point of departure, because information about an individual’s location is different from other kinds of personally identifiable information. We analyse privacy at two levels, individual and cultural. Our perspective is interdisciplinary: we draw from computer science to describe three scenarios of transformation of volunteered/observed information to inferred information about a natural person and from cultural theory to distinguish four privacy cultures emerging within the EU in the wake of GDPR. We highlight recent data protection legislation in the AU and discuss factors that may accelerate or inhibit the alignment of data protection legislation in the AU with the GDPR.

The Second Internet: The Brussels Bourgeois Internet

2021 ◽  
pp. 77-91
Author(s):  
Kieron O’Hara
Keyword(s):  
European Union ◽  
Public Space ◽  
Data Protection ◽  
The European Union ◽  
Privacy Rights ◽  
General Data Protection Regulation ◽  
Internet Privacy ◽  
Data Protection Directive ◽  
General Data ◽  
Data Protection Law

This chapter describes the Brussels Bourgeois Internet. The ideal consists of positive, managed liberty where rights of others are respected, as in the bourgeois public space, where liberty follows only when rights are secured. The exemplar of this approach is the European Union, which uses administrative means, soft law, and regulation to project its vision across the Internet. Privacy and data protection have become the most emblematic struggles. Under the Data Protection Directive of 1995, the European Union developed data-protection law and numerous privacy rights, including a right to be forgotten, won in a case against Google Spain in 2014, the arguments about which are dissected. The General Data Protection Regulation (GDPR) followed in 2018, amplifying this approach. GDPR is having the effect of enforcing European data-protection law on international players (the ‘Brussels effect’), while the European Union over the years has developed unmatched expertise in data-protection law.

scholarly journals Data protection and ethics requirements for multisite research with health data: a comparative examination of legislative governance frameworks and the role of data protection technologies†

2020 ◽  
Vol 7 (1) ◽  
Author(s):  
James Scheibner ◽  
Marcello Ienca ◽  
Sotiria Kechagia ◽  
Juan Ramon Troncoso-Pastoriza ◽  
Jean Louis Raisaro ◽  
...  
Keyword(s):  
Research Ethics ◽  
Data Protection ◽  
Data Transfer ◽  
Homomorphic Encryption ◽  
Personalised Medicine ◽  
The United States ◽  
Health Data ◽  
The European Union ◽  
Data Accessibility ◽  
General Data Protection Regulation

Abstract Personalised medicine can improve both public and individual health by providing targeted preventative and therapeutic healthcare. However, patient health data must be shared between institutions and across jurisdictions for the benefits of personalised medicine to be realised. Whilst data protection, privacy, and research ethics laws protect patient confidentiality and safety they also may impede multisite research, particularly across jurisdictions. Accordingly, we compare the concept of data accessibility in data protection and research ethics laws across seven jurisdictions. These jurisdictions include Switzerland, Italy, Spain, the United Kingdom (which have implemented the General Data Protection Regulation), the United States, Canada, and Australia. Our paper identifies the requirements for consent, the standards for anonymisation or pseudonymisation, and adequacy of protection between jurisdictions as barriers for sharing. We also identify differences between the European Union and other jurisdictions as a significant barrier for data accessibility in cross jurisdictional multisite research. Our paper concludes by considering solutions to overcome these legislative differences. These solutions include data transfer agreements and organisational collaborations designed to `front load' the process of ethics approval, so that subsequent research protocols are standardised. We also allude to technical solutions, such as distributed computing, secure multiparty computation and homomorphic encryption.

Processing employees’ personal data during the Covid-19 pandemic

2020 ◽  
pp. 203195252097899
Author(s):  
Seili Suder
Keyword(s):  
Data Protection ◽  
Health And Safety ◽  
Personal Data ◽  
Health Data ◽  
Body Temperatures ◽  
National Data ◽  
Pragmatic Approach ◽  
General Data Protection Regulation ◽  
Nation States ◽  
General Data

While needing to ensure the health and safety of their employees during the Covid-19 pandemic, employers face many burning data protection questions, including under what conditions they can process employees’ personal data (in particular health data) and whether gathering personal data concerning employees’ medical history, trips and contacts with infected persons, is allowed. This article focuses on issues that are problematic, based on the analysis of guidance issued by the European Data Protection Board, as well as national data protection authorities and practitioners from 20 countries in response to these concerns. The first section of the article analyses concepts of personal data and health data in the context of Covid-19. Then the article proceeds with exploring what possible legal bases employers can use to process employees’ personal data in general, and health data in particular, under the General Data Protection Regulation when applying different measures to combat Covid-19. In the latter part of the article two practical questions raised by employers – concerning the checking of employees’ body temperatures and informing them of possible infection – are discussed. The analysis indicates that national data protection authorities seem to look for a reasonable and pragmatic approach regarding compliance with the GDPR in light of the Covid-19 emergency. However, their guidance differs in several areas and the views in between nation states are not always aligned. A more specific, clear and uniform pan-European vision concerning the processing of employees’ data in times of emergency is needed to better protect employees and limit the spread of the virus.

Sign in / Sign up

Export Citation Format

Share Document