Health informatics. Guidance for handling personal health data in international applications in the context of the EU data protection directive

2015 ◽  
Keyword(s):  
Data Protection ◽  
Health Informatics ◽  
Health Data ◽  
Personal Health ◽  
Data Protection Directive ◽  
The Eu

The Anonymisation of Research Data — A Pyric Victory for Privacy that Should Not Be Pushed Too Hard by the eu Data Protection Framework?

2017 ◽  
Vol 24 (4) ◽  
pp. 347-367 ◽  
Author(s):  
Paul Quinn
Keyword(s):  
Data Protection ◽  
Scientific Research ◽  
Health Data ◽  
Research Data ◽  
Point Of View ◽  
Personal Health ◽  
Legal Basis ◽  
Health Records ◽  
The Public ◽  
The Eu

Abstract Personal health data is essential to many forms of scientific research. Such data may come from a large variety of sources including electronic health records (ehrs), datasets used for previous research and from data linked to biobanks. European data protection law recognises that in addition to using consent as a legal basis for the processing of personal health data for scientific research, such data may be used without consent where it is in the ‘public interest’. Despite the existence of such a legal option, ethics bodies in a number of states have shown reticence to utilise it, often pushing researchers into either obtaining consent or anonymising the data in question. Whilst the latter option may be appealing from a legal point of view, if carried out properly, the result may be that the research value of the data is reduced or even destroyed.

scholarly journals Public Interest, Health Research and Data Protection Law: Establishing a Legitimate Trade-Off between Individual Control and Research Access to Health Data

Laws ◽  
2020 ◽  
Vol 9 (1) ◽  
pp. 6 ◽  
Author(s):  
Mark J. Taylor ◽  
Tess Whitton
Keyword(s):  
Public Interest ◽  
Data Protection ◽  
Health Research ◽  
Health Data ◽  
Personal Health ◽  
Positive Contribution ◽  
Data Governance ◽  
The Public ◽  
Individual Control ◽  
Data Protection Law

The United Kingdom’s Data Protection Act 2018 introduces a new public interest test applicable to the research processing of personal health data. The need for interpretation and application of this new safeguard creates a further opportunity to craft a health data governance landscape deserving of public trust and confidence. At the minimum, to constitute a positive contribution, the new test must be capable of distinguishing between instances of health research that are in the public interest, from those that are not, in a meaningful, predictable and reproducible manner. In this article, we derive from the literature on theories of public interest a concept of public interest capable of supporting such a test. Its application can defend the position under data protection law that allows a legal route through to processing personal health data for research purposes that does not require individual consent. However, its adoption would also entail that the public interest test in the 2018 Act could only be met if all practicable steps are taken to maximise preservation of individual control over the use of personal health data for research purposes. This would require that consent is sought where practicable and objection respected in almost all circumstances. Importantly, we suggest that an advantage of relying upon this concept of the public interest, to ground the test introduced by the 2018 Act, is that it may work to promote the social legitimacy of data protection legislation and the research processing that it authorises without individual consent (and occasionally in the face of explicit objection).

scholarly journals The EU General Data Protection Regulation (GDPR)

2020 ◽  
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Privacy Regulation ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
Ongoing Work ◽  
Protection Legislation ◽  
Recent Reform ◽  
General Data ◽  
The Eu

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.

scholarly journals The GDPR as Global Data Protection Regulation?

AJIL Unbound ◽  
2020 ◽  
Vol 114 ◽  
pp. 5-9 ◽  
Author(s):  
Cedric Ryngaert ◽  
Mistale Taylor
Keyword(s):  
International Law ◽  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
Protection Legislation ◽  
General Data ◽  
Global Data ◽  
The Eu

The deterritorialization of the Internet and international communications technology has given rise to acute jurisdictional questions regarding who may regulate online activities. In the absence of a global regulator, states act unilaterally, applying their own laws to transborder activities. The EU's “extraterritorial” application of its data protection legislation—initially the Data Protection Directive (DPD) and, since 2018, the General Data Protection Regulation (GDPR)—is a case in point. The GDPR applies to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services . . . to such data subjects in the Union; or (b) the monitoring of their behaviour . . . within the Union.” It also conditions data transfers outside the EU on third states having adequate (meaning essentially equivalent) data protection standards. This essay outlines forms of extraterritoriality evident in EU data protection law, which could be legitimized by certain fundamental rights obligations. It then looks at how the EU balances data protection with third states’ countervailing interests. This approach can involve burdens not only for third states or corporations, but also for the EU political branches themselves. EU law viewed through the lens of public international law shows how local regulation is going global, despite its goal of protecting only EU data subjects.

Sign in / Sign up

Export Citation Format

Share Document