AI helps you reading Science
AI generates interpretation videos
AI extracts and analyses the key points of the paper to generate videos automatically
AI parses the academic lineage of this thesis
AI extracts a summary of this paper
We conclude that the search for ways forward within the consent or anonymise paradigm becomes increasingly difficult in a data-intensive medical research context
Big Data in medical research and EU data protection law: challenges to the consent or anonymise approach
European Journal of Human Genetics, no. 7 (2016)
Medical research is increasingly becoming data-intensive; sensitive data are being re-used, linked and analysed on an unprecedented scale. The current EU data protection law reform has led to an intense debate about its potential effect on this processing of data in medical research. To contribute to this evolving debate, this paper revie...More
PPT (Upload PPT)
- Both medical research and the legal landscape have been changing as a result of the rapid developments in information technology (IT).
- To contribute to this evolving debate, this paper reviews how the dominant ‘consent or anonymise approach’ is challenged in a data-intensive medical research context, and discusses possible ways forwards within the EU legal framework on data protection.
- In recent years, both medical research and the legal landscape have been changing as a result of the rapid developments in information technology (IT)
- What can we learn from the above? In the debate on how to deal with the challenges to the consent or anonymise approach in the context of data-intensive medical research, within the European Union (EU) legal framework on data protection, we suggest that the following considerations should be taken into account
- We conclude that the search for ways forward within the consent or anonymise paradigm becomes increasingly difficult in a data-intensive medical research context
- The draft General Data Protection Regulation (GDPR) texts do provide an overlapping EU legal framework on this topic, but leave considerable room for a more detailed regulation on a national level. It seems that it will be largely up to the EU member states to determine the appropriate conditions of research exemptions
- Initiatives within the medical research community to coordinate the development of harmonised approaches, such as BBMRI-ERIC and the Global Alliance, may remain of vital importance to achieve the goal of international interoperability
- We notice that there is a lack of consensus on what the conditions of a research exemption from consent should be, while these conditions are of great influence to how relevant rights and interests need to be taken into account in a data-intensive medical research context
- They indicate that the combination of strict consent requirements and limited research exemptions will severely restrict medical research.[10,11,12,13,14,15,16] To contribute to this evolving debate, this paper reviews how the consent or anonymise approach is challenged in a data-intensive medical research context, and discusses possible ways forward within the EU legal framework on data protection.
- An alternative approach is to search for ways forward outside the consent or anonymise paradigm, by creating another legal basis than consent for the processing of sensitive personal data for medical research purposes.
- Some argue that research exemptions should be kept to a minimum by using dynamic consent approaches, taking into account the requirements of necessity and proportionality. Others suggest that consent should serve as ‘a default starting point from which departure is possible’ for a particular data usage, when there is evidence of a strong justification in the public interest. A more radical view is that providing another legal basis than consent should not be considered as an ‘exemption’, but as an acceptable route to achieve protection when data are re-used in large biobanks and data sets. some argue to reduce or eliminate the need for consent by focusing on solidarity arguments and harm mitigation.
- It is argued though that a strict interpretation of this requirement will possibly render most data useless for epidemiological research. According to Article 83 (2) of the Council’s draft GDPR, technological and/or organisational protection measures, such as pseudonymisation, could ensure that the processing of personal data is minimised, in pursuance of the proportionality and necessity principles.
- Technological and organisational or governance measures have been proposed in the literature to justify alternative legal bases to consent, such as opt-out registration, authorisation by an ethics committee, limiting data access and use, and engaging in public participation. To overcome some of the challenges related to implementing governance mechanisms on an international scale, an e-governance system is proposed.
- In the debate on how to deal with the challenges to the consent or anonymise approach in the context of data-intensive medical research, within the EU legal framework on data protection, the authors suggest that the following considerations should be taken into account.
- Further interdisciplinary research is needed to determine when a shift away from consent as a legal basis is necessary and proportionate in a data-intensive medical research context, and what technological and governance measures should be put in place when such a research exemption from consent is provided.
Study subjects and analysis
Vital to the collection, re-use and linkage of multiple data sources on a large scale are the research infrastructures and networks in and outside the EU. For example, the UK Biobank provides access to medical researchers from all around the world to a wide variety of health-related data and human samples from more than 500 000 participants.26. In Europe, the Biobanking and BioMolecular resources Research Infrastructure-European Research Infrastructure Consortium (BBMRI-ERIC) aims to facilitate the re-use of human samples and health-related data available in biobanks scattered across different nations.
- 1 Costa FF. Big Data in biomedicine. Drug Discov Today 2014; 19: 433–440.
- 2 Mooney SJ, Westreich DJ, El-Sayed AM. Epidemiology in the era of Big Data. Epidemiology 2015; 26: 390–394.
- 6 Council of the EU: Data Protection: Council Agrees on a General Approach, 2015. Available at http://www.consilium.europa.eu/en/press/press-releases/2015/06/15-jhadata-protection/.7 Academy of Medical Sciences: Personal Data for Public Good: Using Health Information in Medical Research, 2006. Available at http://www.acmedsci.ac.uk/download.php?f=file&i=13206.
- 8 Sethi N, Laurie G. Delivering proportionate governance in the era of eHealth: making linkage and privacy work together. Med Law Int 2013; 13: 168–204.
- 9 Ruyter KW, LOuk K, Jorqui M, Kvalheim V, Cekanauskaite A, Townend D: From research exemption to research norm: recognising an alternative to consent for large scale biobank research. Med Law Int 2010; 10: 287–313.
- 10 Ploem MC, Essink-Bot ML, Stronks K. Proposed EU data protection regulation is a threat to medical research. BMJ 2013; 346: f3534.
- 11 Di Lorio CT, Carinci F, Oderkirk J. Health research and systems’ governance are at risk: should the right to data protection override health? J Med Ethics 2014; 40: 488–492.
- 12 Kerr DJ. Policy: EU data protection regulation-harming cancer research. Nat Rev Clin Oncol 2014; 11: 563–564.
- 13 Dolgin E. New data protection rules could harm research, science groups say. Nat Med 2014; 20: 224.
- 14 Nyrén O, Stenbeck M, Grönberg H. The European Parliament proposal for the new EU General Data Protection Regulation may severely restrict European epidemiological research. Eur J Epidemiol 2014; 29: 227–230.
- 15 Dove ES, Townend D, Knoppers BM. Data protection and consent to biomedical research: a step forward? Lancet 2014; 384: 855.
- 16 Coppen R, van Veen EB, Groenewegen PP et al: Will the trilogue on the EU Data Protection Regulation recognise the importance of health research? Eur J Public Health 2015; 25: 757–758.
- 17 May M. Life Science Technologies: big biological impacts from Big Data. Science 2014; 344: 1298–1300.
- 18 Wang W, Krishnan E. Big Data and clinicians: a review on the state of the science. JMIR Med Informatics 2014; 2: e1.
- 19 Jensen PB, Jensen LJ, Brunak S. Mining electronic health records: towards better research applications and clinical care. Nat Rev Genet 2012; 13: 395–405.
- 20 Currie J: ‘Big Data’ versus ‘big brother’: on the appropriate use of large-scale data collections in pediatrics. Pediatrics 2013; 131: S127–S132.
- 21 Marx V. Biology: the big challenges of Big Data. Nature 2013; 498: 255–260.
- 23 Costa FF. Social networks, web-based tools and diseases: implications for biomedical research. Drug Discov Today 2013; 18: 272–281.
- 24 Pereira S, Gibbs RA, McGuire AL. Open access data sharing in genomic research. Genes (Basel) 2014; 5: 739–747.
- 26 Allen NE, Sudlow C, Peakman T, Collins R. UK biobank data: come and get it. Sci Transl Med 2014; 6: 224ed4.
- 27 Van Ommen G-JB, Törnwall O, Bréchot C et al: BBMRI-ERIC as a resource for pharmaceutical and life science industries: the development of biobank-based Expert Centres. Eur J Hum Genet 2015; 23: 893–900.
- 28 Knoppers BM. International ethics harmonization and the global alliance for genomics and health. Genome Med 2014; 6: 13.
- 29 Gellert R, Gutwirth S. The legal construction of privacy and data protection. Comput Law Secur Rev 2013; 29: 522–530.
- 30 Hallinan D, Friedewald M, De Hert P. Genetic data and the data protection regulation: anonymity, multiple subjects, sensitivity and a prohibitionary logic regarding genetic data? Comput Law Secur Rev 2013; 29: 317–329.
- 31 New challenges to data protection, Working Paper No. 2: Data protection laws in the EU. European Commission, 2010. Available at http://ec.europa.eu/justice/policies/privacy/docs/studies/new_privacy_challenges/final_report_working_paper_2_en.pdf.
- 32 Nuffield Council on Bioethics: The collection, linking and use of data in biomedical research and health care: ethical issues, 2015. Available at http://nuffieldbioethics.org/wp-content/uploads/Biological_and_health_data_web.pdf.
- 33 Mittelstadt BD, Floridi L. The ethics of Big Data: current and foreseeable issues in biomedical contexts. Sci Eng Ethics 2015; e-pub ahead of print 23 May 2015; doi:10.1007/s11948-015-9652-2.
- 34 Boddington P, Curren L, Kaye J et al: Consent forms in genomics: the difference between law and practice. Eur J Health Law 2011; 18: 491–519.
- 35 McGuire AL, Beskow LM. Informed consent in genomics and genetic research. Annu Rev Genomics Hum Genet 2010; 11: 361–381.
- 36 Steinsbekk KS, Kåre Myskja B, Solberg B. Broad consent versus dynamic consent in biobank research: is passive participation an ethical problem? Eur J Hum Genet 2013; 21: 897–902.
- 37 Casali PG. Risks of the new EU Data protection regulation: an ESMO position paper endorsed by the European oncology community. Ann Oncol 2014; 25: 1458–1461.
- 38 Petrini C: ‘Broad’ consent, exceptions to consent and the question of using biological samples for research purposes different from the initial collection purpose. Soc Sci Med 2010; 70: 217–220.
- 39 Laurie G, Postan E. Rhetoric or reality: what is the legal status of the consent form in health-related research? Med Law Rev 2013; 21: 371–414.
- 40 Master Z, Nelson E, Murdoch B, Caulfield T. Biobanks, consent and claims of consensus. Nat Methods 2012; 9: 885–888.
- 41 Kaye J. The tension between data sharing and the protection of privacy in genomics research. Annu Rev Genomics Hum Genet 2012; 13: 415–431.
- 42 Allen J, McNamara B. Reconsidering the value of consent in biobank research. Bioethics 2011; 25: 155–166.
- 43 Caulfield T, Kaye J. Broad consent in biobanking: reflections on seemingly insurmountable dilemmas. Med Law Int 2009; 10: 85–100.
- 44 Helgesson G. In defense of broad consent. Camb Q Healthc Ethics 2012; 21: 40–50.
- 45 Hallinan D, Friedewald M. Open consent, biobanking and data protection law: can open consent be ‘informed’ under the forthcoming data protection regulation? Life Sci Soc Policy 2015; 11: 1.
- 46 Kaye J, Curren L, Anderson N et al: From patients to partners: participant-centric initiatives in biomedical research. Nat Rev Genet 2012; 13: 371–376.
- 47 Kaye J, Whitley EA, Lund D, Morrison M, Teare H, Melham K. Dynamic consent: a patient interface for twenty-first century research networks. Eur J Hum Genet 2014; 23: 141–146.
- 48 Williams H, Spencer K, Sanders C et al: Dynamic consent: a possible solution to improve patient confidence and trust in how electronic patient records are used in medical research. JMIR Med Informatics 2015; 3: e3.
- 49 Heeney C, Hawkins N, de Vries J, Boddington P, Kaye J. Assessing the privacy risks of data sharing in genomics. Public Health Genomics 2011; 14: 17–25.
- 50 Mascalzoni D, Dove ES, Rubinstein Y et al: International Charter of principles for sharing bio-specimens and data. Eur J Hum Genet 2014; 23: 721–728.
- 51 McGuire AL, Caulfield T, Cho MK. Research ethics and the challenge of whole-genome sequencing. Nat Rev Genet 2008; 9: 152–156.
- 52 Rodriguez LL, Brooks LD, Greenberg JH, Green ED. Research ethics. The complexities of genomic identifiability. Science 2013; 339: 275–276.
- 53 Gymrek M, McGuire AL, Golan D, Halperin E, Erlich Y. Identifying personal genomes by surname inference. Science 2013; 339: 321–324.
- 54 Article 29 Data Protection Working Party. Opinion 05/2014 on Anonymisation Techniques, 2014. Available at http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf.
- 55 O'Brien SJ. Stewardship of human biospecimens, DNA, genotype, and clinical data in the GWAS era. Annu Rev Genomics Hum Genet 2009; 10: 193–209.
- 56 Knoppers BM, Zawati MH, Kirby ES. Sampling populations of humans across the world: ELSI issues. Annu Rev Genomics Hum Genet 2012; 13: 395–413.
- 57 Tene O, Polonetsky J. Privacy in the age of Big Data: a time for big decisions. Stanford Law Rev Online 2012; 64: 63–69.
- 58 Lowrance WW. Privacy, Confidentiality, and Health Research. Cambridge University Press: Cambridge, UK, 2012.
- 59 van Veen EB. Europe and tissue research: a regulatory patchwork. Diagn Histopathol 2013; 19: 331–336.
- 60 Ploem MC. Towards an appropriate privacy regime for medical data research. Eur J Health Law 2006; 13: 41–63.
- 61 Sethi N. The promotion of data sharing in pharmacoepidemiology. Eur J Health Law 2014; 21: 271–296.
- 62 Greely HT. The uneasy ethical and legal underpinnings of large-scale genomic biobanks. Annu Rev Genomics Hum Genet 2007; 8: 343–364.
- 63 Laurie G. Genetic privacy: A Challenge to Medico-Legal Norms. Oxford University Press: New York, 2002.
- 64 Gaye A, Marcon Y, Isaeva J et al: DataSHIELD: taking the analysis to the data, not the data to the analysis. Int J Epidemiol 2014; 43: 1929–1944.
- 65 Wolfson M, Wallace SE, Masca N et al: DataSHIELD: resolving a conflict in contemporary bioscience–performing a pooled analysis of individual-level data without sharing the data. Int J Epidemiol 2010; 39: 1372–1382.
- 66 Wallace SE, Gaye A, Shoush O, Burton PR. Protecting personal data in epidemiological research: DataSHIELD and UK Law. Public Health Genomics 2014; 17: 149–157.
- 67 Budin-Ljøsne I, Burton P, Isaeva J et al: DataSHIELD: an ethically robust solution to multiple-site individual-level data analysis. Public Health Genomics 2015; 18: 87–96.
- 68 Abbing HD. EU cross-border healthcare and health law. Eur J Health Law 2015; 22: 1–12.
- 69 Prainsack B, Buyx A. A solidarity-based approach to the governance of research biobanks. Med Law Rev 2013; 21: 71–91.
- 70 Kaye J. From single biobanks to international networks: developing e-governance. Hum Genet 2011; 130: 377–382.