scholarly journals Explicit Consent and Alternative Data Protection Processing Grounds for Health Research

2021 ◽  
Author(s):  
Jiahong Chen ◽  
Edward S. Dove ◽  
Himani Bhakuni
Keyword(s):  
Data Protection ◽  
Health Research ◽  
Scientific Research ◽  
Research Participant ◽  
Normative Values ◽  
Sensitive Data ◽  
Public Interests ◽  
Legal Context ◽  
Explicit Consent ◽  
The Uk

In this chapter, we discuss the boundaries between explicit consent and other available legitimizing mechanisms in EU data protection law for health research, focusing on sensitive data. This begins with an overview of the normative values and limitations of consent, highlighting the partially overlapping but not entirely identical roles of consent in health research and data protection, and the possibility of relying on alternative safeguards when public interests are involved. Such normative debates, including the differences between research participant consent and data subject consent, are then put into a legal context, with an analysis of the interplay between explicit consent and other exemptions under Article 9(2) GDPR, such as the scientific research exemption. Grounded in this baseline framework, all 30 jurisdictions currently subject to the GDPR (as well as the UK) are compared in terms of how national laws have treated explicit consent and the scientific research exemption differently. Our analysis shows a divergent regulatory landscape when it comes to the rules governing the use of sensitive data for health research.

scholarly journals Biobanks and GDPR: A Look at the Portuguese Panorama

2021 ◽  
pp. 345-362
Author(s):  
Carla Barbosa ◽  
Andreia da Costa Andrade
Keyword(s):  
Data Protection ◽  
Biological Samples ◽  
Health Research ◽  
Scientific Research ◽  
Research Activity ◽  
One Year ◽  
Privacy And Confidentiality ◽  
Associated Data ◽  
Scientific Research Activity ◽  
Special Protection

AbstractThe need for the existence of biobanks for health research purposes is something of which government authorities have been aware for several years. One year after the full entry into force of the GDPR, the Portuguese legislature has finally passed the law that ensures the full implementation of the data protection regime’s points left open by the European legislature. However, Portugal has also in place a range of legislation regulating the establishment and functioning of biobanks. The regulation of biobanks for research purposes imposes special protection duties on scientific research activity in which biological samples and associated data are used in order to guarantee protection of privacy and confidentiality.

scholarly journals Linking survey responses and administrative records without respondent consent to link; a discussion paper

2017 ◽  
Vol 1 (1) ◽  
Author(s):  
Frances Burns ◽  
Dermot O Reilly
Keyword(s):  
Survey Data ◽  
Data Linkage ◽  
Research Question ◽  
Research Network ◽  
Discussion Paper ◽  
Sensitive Data ◽  
Administrative Records ◽  
Explicit Consent ◽  
The Uk ◽  
Survey Responses

ABSTRACTObjectives(i) Review the application and interpretation of the Data Protection Act (DPA) 1998; clarifying whether individual consent is required for data linkage for secondary research purposes, in consideration of the policies and principles of the UK Administrative Data Research Network (ADRN). (ii) Determine ethical, logistical or ‘tactical’ factors researchers might have to take into consideration. ApproachLinking survey data to administrative records offer potential advantage to both researchers and survey respondents. Informed, specific and explicit consent is typically a prerequisite for linkage. However, not all respondents consent to data-linkage resulting in a reduced and potentially biased sub-sample for analysis. In Northern Ireland consent rates for record linkage are typically about 50%. Discussion with the ICO confirms that the DPA may encourage rather than restrict research. S33 ‘research exemption’ supports secondary use of survey data subject to conditions such as that is for research purposes, it is not incompatible with the original purpose, and would not cause the data subjects substantial damage or distress. Other DPA principles remain in force; Principle 1 (fair and lawful processing) and the need to make data subjects ‘aware’ of the research: explicit consent is only one route by which this can be achieved. The Processing Sensitive Data Order (2000) protects the privacy of individuals. Research must be of substantial public interest with access only to data necessary to answer the research question. The ADRN enables access to de identified data for research purposes where identified public benefit is independently assured, maintains the privacy of individuals and ensures lawful “conditions of processing” are met. Resulting discussionLegal considerations aside, researchers may face other obstacles; the first is technical as the surveying agency may have deleted all linkable identifiers. The second is ethical as research ethics committee approval is a usual precondition. De-identification of individual subjects should be grounds for ethical approval where the research proposal includes a publication plan with appropriate methods to inform participants of research conducted and findings. Finally, the data custodians may not agree to the linkage for sound ‘tactical’ longer-term reasons, even if convinced of its legality. ConclusionUse of de identified survey data for research purposes is possible via the UK ADRN but raises other considerations for researchers and data custodians. We argue that this option should be used in limited circumstances.

scholarly journals Big Tech platforms in health research: Re-purposing big data governance in light of the General Data Protection Regulation’s research exemption

2021 ◽  
Vol 8 (1) ◽  
pp. 205395172110187
Author(s):  
Luca Marelli ◽  
Giuseppe Testa ◽  
Ine van Hoyweghen
Keyword(s):  
Big Data ◽  
Data Protection ◽  
Health Research ◽  
Digital Health ◽  
Scientific Research ◽  
Current Data ◽  
Data Governance ◽  
General Data Protection Regulation ◽  
Research Activities ◽  
General Data

The emergence of a global industry of digital health platforms operated by Big Tech corporations, and its growing entanglements with academic and pharmaceutical research networks, raise pressing questions on the capacity of current data governance models, regulatory and legal frameworks to safeguard the sustainability of the health research ecosystem. In this article, we direct our attention toward the challenges faced by the European General Data Protection Regulation in regulating the potentially disruptive engagement of Big Tech platforms in health research. The General Data Protection Regulation upholds a rather flexible regime for scientific research through a number of derogations to otherwise stricter data protection requirements, while providing a very broad interpretation of the notion of “scientific research”. Precisely the breadth of these exemptions combined with the ample scope of this notion could provide unintended leeway to the health data processing activities of Big Tech platforms, which have not been immune from carrying out privacy-infringing and socially disruptive practices in the health domain. We thus discuss further finer-grained demarcations to be traced within the broadly construed notion of scientific research, geared to implementing use-based data governance frameworks that distinguish health research activities that should benefit from a facilitated data protection regime from those that should not. We conclude that a “re-purposing” of big data governance approaches in health research is needed if European nations are to promote research activities within a framework of high safeguards for both individual citizens and society.

scholarly journals Introduction

2021 ◽  
pp. 1-7
Author(s):  
Santa Slokenberga ◽  
Olga Tzortzatou ◽  
Jane Reichel
Keyword(s):  
Data Protection ◽  
Scientific Research ◽  
Personal Data ◽  
Practical Experience ◽  
General Data Protection Regulation ◽  
Eu Member States ◽  
General Data ◽  
The Uk ◽  
Shed Light

AbstractThe General Data Protection Regulation (GDPR) is already four years old legal instrument, with over two years of practical experience, yet, several central questions on its application, its importance in scientific research, rights of the data subjects, and obligations on the controllers and processors remain uncharted. In this edited volume, questions ranging from the meaning of the GDPR provisions for a particular research project to impact of the GDPR on long term collaborations, when the UK is leaving the EU are is discussed. This chapter sets out the aim of this book and provides an overview of how various contributions interplay to shed light on how the GDPR shapes the research regimes on the use of personal data in biobanking by EU Member States.

scholarly journals Semantic-enabled architecture for auditable privacy-preserving data analysis

Semantic Web ◽  
2022 ◽  
pp. 1-34
Author(s):  
Fajar J. Ekaputra ◽  
Andreas Ekelhart ◽  
Rudolf Mayer ◽  
Tomasz Miksa ◽  
Tanja Šarčević ◽  
...  
Keyword(s):  
Data Analysis ◽  
Data Protection ◽  
Personal Data ◽  
Data Representation ◽  
Privacy Preserving ◽  
Sufficient Information ◽  
Full Potential ◽  
Sensitive Data ◽  
Explicit Consent ◽  
Audit Trails

Small and medium-sized organisations face challenges in acquiring, storing and analysing personal data, particularly sensitive data (e.g., data of medical nature), due to data protection regulations, such as the GDPR in the EU, which stipulates high standards in data protection. Consequently, these organisations often refrain from collecting data centrally, which means losing the potential of data analytics and learning from aggregated user data. To enable organisations to leverage the full-potential of the collected personal data, two main technical challenges need to be addressed: (i) organisations must preserve the privacy of individual users and honour their consent, while (ii) being able to provide data and algorithmic governance, e.g., in the form of audit trails, to increase trust in the result and support reproducibility of the data analysis tasks performed on the collected data. Such an auditable, privacy-preserving data analysis is currently challenging to achieve, as existing methods and tools only offer partial solutions to this problem, e.g., data representation of audit trails and user consent, automatic checking of usage policies or data anonymisation. To the best of our knowledge, there exists no approach providing an integrated architecture for auditable, privacy-preserving data analysis. To address these gaps, as the main contribution of this paper, we propose the WellFort approach, a semantic-enabled architecture for auditable, privacy-preserving data analysis which provides secure storage for users’ sensitive data with explicit consent, and delivers a trusted, auditable analysis environment for executing data analytic processes in a privacy-preserving manner. Additional contributions include the adaptation of Semantic Web technologies as an integral part of the WellFort architecture, and the demonstration of the approach through a feasibility study with a prototype supporting use cases from the medical domain. Our evaluation shows that WellFort enables privacy preserving analysis of data, and collects sufficient information in an automated way to support its auditability at the same time.

scholarly journals Data protection and the processing of personal data of very preterm (VPT) and very low birth weight (VLBW) children for scientific health research

2019 ◽  
Vol 20 (3) ◽  
pp. 88-112
Author(s):  
Inês Camarinha Lopes ◽  
Julia Doetsch ◽  
Maria Regina Redinha ◽  
Henrique Barros
Keyword(s):  
Data Protection ◽  
Very Low Birth Weight ◽  
Scientific Research ◽  
Personal Data ◽  
Sensitive Data ◽  
Horizon 2020 ◽  
General Data Protection Regulation ◽  
Research And Innovation ◽  
Challenges And Opportunities ◽  
Legislative Changes

The present article emerges from the project ‘RECAP preterm – Research on European Children and Adults Born Preterm’ which has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 733280. Under this project, a report, whose objective was to describe and compare the Challenges and Opportunities of Record-Linkage Processes, was developed by an ISPUP partner and presented in September 2019. Now, we discuss the issue focused on General Data Protection Regulation (GDPR) and national law, with a critical view as to how the legal regime for accessing routinely collected health and educational data and its subsequent processing for research purposes. The main results of this article are the reflection on the difficulties that scientific research faces and the consideration of future legislative changes in a world where data protection is a priority policy concern. Although scientific research in health is recognised by International, European and National law as an asset for the development of society, this article seeks to demonstrate that the possibilities for access and use of personal data, including sensitive data, are not broad.

Sign in / Sign up

Export Citation Format

Share Document