scholarly journals COVID-19: Putting the General Data Protection Regulation to the Test (Preprint)

2020 ◽  
Author(s):  
Stuart McLennan ◽  
Leo Anthony Celi ◽  
Alena Buyx
Keyword(s):  
Health Care ◽  
Data Protection ◽  
Health Research ◽  
Health Care Organizations ◽  
Digital Health ◽  
Health Data ◽  
Individual Risk ◽  
Risk Minimization ◽  
General Data Protection Regulation ◽  
General Data

UNSTRUCTURED The coronavirus disease (COVID-19) pandemic is very much a global health issue and requires collaborative, international health research efforts to address it. A valuable source of information for researchers is the large amount of digital health data that are continuously collected by electronic health record systems at health care organizations. The European Union’s General Data Protection Regulation (GDPR) will be the key legal framework with regard to using and sharing European digital health data for research purposes. However, concerns persist that the GDPR has made many organizations very risk-averse in terms of data sharing, even if the regulation permits such sharing. Health care organizations focusing on individual risk minimization threaten to undermine COVID-19 research efforts. In our opinion, there is an ethical obligation to use the research exemption clause of the GDPR during the COVID-19 pandemic to support global collaborative health research efforts. Solidarity is a European value, and here is a chance to exemplify it by using the GDPR regulatory framework in a way that does not hinder but actually fosters solidarity during the COVID-19 pandemic.

scholarly journals COVID-19: Putting the General Data Protection Regulation to the Test

10.2196/19279 ◽  
2020 ◽  
Vol 6 (2) ◽  
pp. e19279 ◽  
Author(s):  
Stuart McLennan ◽  
Leo Anthony Celi ◽  
Alena Buyx
Keyword(s):  
Health Care ◽  
Data Protection ◽  
Health Research ◽  
Health Care Organizations ◽  
Digital Health ◽  
Health Data ◽  
Individual Risk ◽  
Risk Minimization ◽  
General Data Protection Regulation ◽  
General Data

The coronavirus disease (COVID-19) pandemic is very much a global health issue and requires collaborative, international health research efforts to address it. A valuable source of information for researchers is the large amount of digital health data that are continuously collected by electronic health record systems at health care organizations. The European Union’s General Data Protection Regulation (GDPR) will be the key legal framework with regard to using and sharing European digital health data for research purposes. However, concerns persist that the GDPR has made many organizations very risk-averse in terms of data sharing, even if the regulation permits such sharing. Health care organizations focusing on individual risk minimization threaten to undermine COVID-19 research efforts. In our opinion, there is an ethical obligation to use the research exemption clause of the GDPR during the COVID-19 pandemic to support global collaborative health research efforts. Solidarity is a European value, and here is a chance to exemplify it by using the GDPR regulatory framework in a way that does not hinder but actually fosters solidarity during the COVID-19 pandemic.

scholarly journals To What Extent Does the EU General Data Protection Regulation (GDPR) Apply to Citizen Scientist-Led Health Research with Mobile Devices?

2020 ◽  
Vol 48 (S1) ◽  
pp. 187-195
Author(s):  
Edward S. Dove ◽  
Jiahong Chen
Keyword(s):  
Mobile Devices ◽  
Data Protection ◽  
Health Research ◽  
Health Data ◽  
Specific Context ◽  
General Data Protection Regulation ◽  
Citizen Scientist ◽  
Open Questions ◽  
General Data ◽  
The Eu

In this article, we consider the possible application of the European General Data Protection Regulation (GDPR) to “citizen scientist”-led health research with mobile devices. We argue that the GDPR likely does cover this activity, depending on the specific context and the territorial scope. Remaining open questions that result from our analysis lead us to call for lex specialis that would provide greater clarity and certainty regarding the processing of health data by for research purposes, including these non-traditional researchers.

scholarly journals The Policy Effect of the General Data Protection Regulation (GDPR) on the Digital Public Health Sector in the European Union: An Empirical Investigation

2019 ◽  
Vol 16 (6) ◽  
pp. 1070 ◽  
Author(s):  
Bocong Yuan ◽  
Jiannan Li
Keyword(s):  
European Union ◽  
Financial Performance ◽  
Data Protection ◽  
Digital Health ◽  
Rapid Development ◽  
Health Data ◽  
Personal Health ◽  
The European Union ◽  
General Data Protection Regulation ◽  
General Data

The rapid development of digital health poses a critical challenge to the personal health data protection of patients. The European Union General Data Protection Regulation (EU GDPR) works in this context; it was passed in April 2016 and came into force in May 2018 across the European Union. This study is the first attempt to test the effectiveness of this legal reform for personal health data protection. Using the difference-in-difference (DID) approach, this study empirically examines the policy influence of the GDPR on the financial performance of hospitals across the European Union. Results show that hospitals with the digital health service suffered from financial distress after the GDPR was published in 2016. This reveals that during the transition period (2016–2018), hospitals across the European Union indeed made costly adjustments to meet the requirements of personal health data protection introduced by this new regulation, and thus inevitably suffered a policy shock to their financial performance in the short term. The implementation of GDPR may have achieved preliminary success.

scholarly journals Big Tech platforms in health research: Re-purposing big data governance in light of the General Data Protection Regulation’s research exemption

2021 ◽  
Vol 8 (1) ◽  
pp. 205395172110187
Author(s):  
Luca Marelli ◽  
Giuseppe Testa ◽  
Ine van Hoyweghen
Keyword(s):  
Big Data ◽  
Data Protection ◽  
Health Research ◽  
Digital Health ◽  
Scientific Research ◽  
Current Data ◽  
Data Governance ◽  
General Data Protection Regulation ◽  
Research Activities ◽  
General Data

The emergence of a global industry of digital health platforms operated by Big Tech corporations, and its growing entanglements with academic and pharmaceutical research networks, raise pressing questions on the capacity of current data governance models, regulatory and legal frameworks to safeguard the sustainability of the health research ecosystem. In this article, we direct our attention toward the challenges faced by the European General Data Protection Regulation in regulating the potentially disruptive engagement of Big Tech platforms in health research. The General Data Protection Regulation upholds a rather flexible regime for scientific research through a number of derogations to otherwise stricter data protection requirements, while providing a very broad interpretation of the notion of “scientific research”. Precisely the breadth of these exemptions combined with the ample scope of this notion could provide unintended leeway to the health data processing activities of Big Tech platforms, which have not been immune from carrying out privacy-infringing and socially disruptive practices in the health domain. We thus discuss further finer-grained demarcations to be traced within the broadly construed notion of scientific research, geared to implementing use-based data governance frameworks that distinguish health research activities that should benefit from a facilitated data protection regime from those that should not. We conclude that a “re-purposing” of big data governance approaches in health research is needed if European nations are to promote research activities within a framework of high safeguards for both individual citizens and society.

OP279 Data Protection In The European Union Post-General Data Protection Regulation (GDPR): A Barrier Or An Enabler Of Pharmaceutical Innovation?

2021 ◽  
Vol 37 (S1) ◽  
pp. 10-11
Author(s):  
Amanda Cole ◽  
Adrian Towse
Keyword(s):  
Data Protection ◽  
Cyber Security ◽  
Digital Health ◽  
Good Practice ◽  
Unmet Need ◽  
Scientific Research ◽  
Health Data ◽  
The European Union ◽  
General Data Protection Regulation ◽  
General Data

IntroductionThe expansion of health data offers exciting opportunities to support better and more efficient drug discovery, development and implementation. Data protection and governance provide the legal framework to balance safeguarding patients’ privacy with the benefits to society of medical research. Our aim is to highlight current legal barriers to the better use of health data and propose ways to address them.MethodsAnalysis of the relevant legislative texts was supplemented by interviews with external experts in data protection, health research, informatics and cyber security and a workshop with pharmaceutical industry members. We investigated the legal issues arising for six key activities along the pharmaceutical lifecycle, from identifying unmet need through to health technology assessment and pharmacovigilance.ResultsThe General Data Protection Regulation (GDPR) was introduced in May 2018 to Harmonise data protection across Europe. However, considerable ambiguity remains, particularly around the appropriate legal bases for data processing in the absence of consent: scientific research, public interest, or provision of health or social care. Other key themes included data subject rights, anonymization, compatibility of primary and secondary (re-)use of data, heterogeneity arising from divergent interpretation, the need for guidance on digital health, and the importance of trust.ConclusionsWe speculate which legal bases are most appropriate for the six pharmaceutical activities studied, but clear guidance and consensus is required. The GDPR was not designed to hamper scientific research, and the issues identified arose from uncertainties rather than barriers per se. Industry and academic researchers should therefore deal proactively with the prevailing uncertainties, share good practice, and engender trust by co-creating a code of conduct and outlining principles of responsible use. Engagement with patients will be critical in encouraging a shared understanding of the value to society of health data for research.

Regulatory Challenges of Data Mining Practices: The Case of the Never-ending Lifecycles of ‘Health Data’

2018 ◽  
Vol 25 (3) ◽  
pp. 284-307
Author(s):  
Giovanni Comandè ◽  
Giulia Schneider
Keyword(s):  
Data Mining ◽  
Data Protection ◽  
Personal Data ◽  
Health Data ◽  
General Level ◽  
General Data Protection Regulation ◽  
The Face ◽  
General Data ◽  
Level Of Analysis

Abstract Health data are the most special of the ‘special categories’ of data under Art. 9 of the General Data Protection Regulation (GDPR). The same Art. 9 GDPR prohibits, with broad exceptions, the processing of ‘data concerning health’. Our thesis is that, through data mining technologies, health data have progressively undergone a process of distancing from the healthcare sphere as far as the generation, the processing and the uses are concerned. The case study aims thus to test the endurance of the ‘special category’ of health data in the face of data mining technologies and the never-ending lifecycles of health data they feed. At a more general level of analysis, the case of health data shows that data mining techniques challenge core data protection notions, such as the distinction between sensitive and non-sensitive personal data, requiring a shift in terms of systemic perspectives that the GDPR only partly addresses.

scholarly journals Datos relativos a la salud y datos genéticos: consecuencias jurídicas de su conceptualización / Health data and Genetic data: the legal consequences of their conceptualization

2018 ◽  
pp. 55-66
Author(s):  
Daniel Jove Villares
Keyword(s):  
Data Protection ◽  
Genetic Data ◽  
Health Data ◽  
General Data Protection Regulation ◽  
Related Information ◽  
Health Related ◽  
General Data ◽  
New Criteria ◽  
Legal Consequences ◽  
Scope Of Protection

Existen determinadas categorías de datos que, por sus características, requieren de un régimen más estricto, regulación que, en ocasiones está necesitada de concreción. El presente trabajo incide en la necesidad de repensar qué datos genéticos y qué informaciones relacionadas con la salud deben considerarse como sensibles, amén de proponer nuevos criterios para su delimitación. La clarificación de la esfera de protección de estas tipologías de datos se hace perentoria en aquellos ordenamientos en que se establezcan limitaciones adicionales para las categorías de datos que protagonizan este artículo. Situación que el Reglamento General de Protección de Datos de la Unión Europea habilita.   There are certain categories of data which, due to their characteristics, require a stricter regime, regulation which, at times, needs to be specified. This paper focuses on the need to rethink which genetic data and health-related information should be considered as sensitive and to propose new criteria for their delimitation. The clarification of the scope of protection of these types of data is urgently needed in those legal systems in which additional limitations are established for the categories of data covered by this article. Situation that the European Union's General Data Protection Regulation enables. 

scholarly journals Coming Out to Play: Privacy, Data Protection, Children’s Health, and COVID-19 Research

2021 ◽  
Vol 12 ◽  
Author(s):  
Michael J. S. Beauvais ◽  
Bartha Maria Knoppers
Keyword(s):  
Data Protection ◽  
Coming Out ◽  
Health Research ◽  
Well Being ◽  
Moral Rights ◽  
Best Interests ◽  
Data Retention ◽  
General Data Protection Regulation ◽  
Research With Children ◽  
General Data

The COVID-19 pandemic has underscored the need for new ways of thinking about data protection. This is especially so in the case of health research with children. The responsible use of children’s data plays a key role in promoting children’s well-being and securing their right to health and to privacy. In this article, we contend that a contextual approach that appropriately balances children’s legal and moral rights and interests is needed when thinking about data protection issues with children. We examine three issues in health research through a child-focused lens: consent to data processing, data retention, and data protection impact assessments. We show that these issues present distinctive concerns for children and that the General Data Protection Regulation provides few bright-line rules. We contend that there is an opportunity for creative approaches to children’s data protection when child-specific principles, such as the best interests of the child and the child’s right to be heard, are put into dialogue with the structure and logic of data protection law.

Processing employees’ personal data during the Covid-19 pandemic

2020 ◽  
pp. 203195252097899
Author(s):  
Seili Suder
Keyword(s):  
Data Protection ◽  
Health And Safety ◽  
Personal Data ◽  
Health Data ◽  
Body Temperatures ◽  
National Data ◽  
Pragmatic Approach ◽  
General Data Protection Regulation ◽  
Nation States ◽  
General Data

While needing to ensure the health and safety of their employees during the Covid-19 pandemic, employers face many burning data protection questions, including under what conditions they can process employees’ personal data (in particular health data) and whether gathering personal data concerning employees’ medical history, trips and contacts with infected persons, is allowed. This article focuses on issues that are problematic, based on the analysis of guidance issued by the European Data Protection Board, as well as national data protection authorities and practitioners from 20 countries in response to these concerns. The first section of the article analyses concepts of personal data and health data in the context of Covid-19. Then the article proceeds with exploring what possible legal bases employers can use to process employees’ personal data in general, and health data in particular, under the General Data Protection Regulation when applying different measures to combat Covid-19. In the latter part of the article two practical questions raised by employers – concerning the checking of employees’ body temperatures and informing them of possible infection – are discussed. The analysis indicates that national data protection authorities seem to look for a reasonable and pragmatic approach regarding compliance with the GDPR in light of the Covid-19 emergency. However, their guidance differs in several areas and the views in between nation states are not always aligned. A more specific, clear and uniform pan-European vision concerning the processing of employees’ data in times of emergency is needed to better protect employees and limit the spread of the virus.

Sign in / Sign up

Export Citation Format

Share Document