RESUMO
This paper contributes to the exploration of the potential application of duties related to the diligent anticipation of the (imminent) harms and (potential) benefits to humans that scientific innovation engenders to health-related contexts. In particular, it addresses the intersection between the human right to science and health-related data processing, which plays a key role in the production, translation and implementation of biomedical knowledge. The first part of the paper provides a brief recap of the interpretation of the right to science based on Art. 15 (1) (b) of the United Nations International Covenant on Economic, Social and Cultural Rights (hereafter ICESCR or Covenant) and the resulting obligations for States in the context of health and related data processing. The second part of the paper defines the relevance of the ICESCR for EU Member States and the European Union. In the third part, theses are put forward on how the human right to science and the obligations under Art. 15 (1) (b) ICESCR influence the interpretation and application of the General Data Protection Regulation as secondary EU law. By examining the justifications for using the right to science to interpret EU data protection law and by providing interpretation and application guidance on the main data protection principles in the area of health-related data processing, taking this right into account, the aim is to shape the EU data governance framework to meet the requirements of this human right. In doing so, the paper aims to close the gaps in the interpretation and application of the main rules of EU data protection law. Such standardization in the health-related context can contribute to a coherent interpretation and application of existing rules by referring to this emerging human right. Against this background, the paper identifies governance measures that the EU legislator could take to guide the processing of health-related data in line with the requirements of the right to science.
RESUMO
The General Data Protection Regulation (GDPR) of the European Union, which became applicable in 2018, contains a new accountability principle. Under this principle, controllers (ie parties determining the purposes and the means of the processing of personal data) are responsible for ensuring and demonstrating the overall compliance with the GDPR. However, interpretive uncertainties of the GDPR mean that controllers must exercise considerable judgement in designing and implementing an appropriate compliance strategy, making GDPR compliance both complex and resource-intensive. In this article, we provide conceptual clarity around GDPR compliance with respect to one core aspect of the law: the determination and relevance of the purpose of personal data processing. We derive from the GDPR's text concrete requirements for purpose specification, which we subsequently apply to the area of secondary use of personal data for scientific research. We offer guidance for correctly specifying purposes of data processing under different research scenarios. To illustrate the practical necessity of purpose specification for GDPR compliance, we then show how our proposed approach can enable controllers to meet their compliance obligations, using the example of the overarching GDPR principle of lawfulness to highlight the relevance of purpose specification for the identification of a suitable legal basis.
RESUMO
The coming-into-force of the EU General Data Protection Regulation (GDPR) is a watershed moment in the legal recognition of enforceable rights to informational self-determination. The rapid evolution of legal requirements applicable to data use, however, has the potential to outstrip the capabilities of networks of biomedical data users to respond to the shifting norms. It can also delegitimate established institutional bodies that are responsible for assessing and authorising the downstream use of data, including research ethics committees and institutional data custodians. These burdens are especially pronounced for clinical and research networks that are of transnational scale, because the legal compliance burden for outbound international data transfers from the EEA is especially high. Legislatures, courts, and regulators in the EU should therefore implement the following three legal changes. First, the responsibilities of particular actors in a data sharing network should be delimited through the contractual allocation of responsibilities between collaborators. Second, the use of data through secure data processing environments should not trigger the international transfer provisions of the GDPR. Third, the use of federated data analysis methodologies that do not provide analysis nodes or downstream users access to identifiable personal data as part of the outputs of those analyses should not be considered circumstances of joint controllership, nor lead to the users of non-identifiable data to be considered controllers or processors. These small clarifications of, or modifications to, the GDPR would facilitate the exchange of biomedical data amongst clinicians and researchers.
Assuntos
Segurança Computacional , Segurança Computacional/legislação & jurisprudência , União EuropeiaRESUMO
Data sharing is central to the rapid translation of research into advances in clinical medicine and public health practice. In the context of COVID-19, there has been a rush to share data marked by an explosion of population-specific and discipline-specific resources for collecting, curating, and disseminating participant-level data. We conducted a scoping review and cross-sectional survey to identify and describe COVID-19-related platforms and registries that harmonise and share participant-level clinical, omics (eg, genomic and metabolomic data), imaging data, and metadata. We assess how these initiatives map to the best practices for the ethical and equitable management of data and the findable, accessible, interoperable, and reusable (FAIR) principles for data resources. We review gaps and redundancies in COVID-19 data-sharing efforts and provide recommendations to build on existing synergies that align with frameworks for effective and equitable data reuse. We identified 44 COVID-19-related registries and 20 platforms from the scoping review. Data-sharing resources were concentrated in high-income countries and siloed by comorbidity, body system, and data type. Resources for harmonising and sharing clinical data were less likely to implement FAIR principles than those sharing omics or imaging data. Our findings are that more data sharing does not equate to better data sharing, and the semantic and technical interoperability of platforms and registries harmonising and sharing COVID-19-related participant-level data needs to improve to facilitate the global collaboration required to address the COVID-19 crisis.
Assuntos
COVID-19 , Humanos , COVID-19/epidemiologia , Estudos Transversais , Disseminação de Informação/métodos , Sistema de Registros , MetadadosRESUMO
The technical development of high-throughput sequencing technologies and the parallel development of targeted therapies in the last decade have enabled a transition from traditional medicine to personalized treatment and care. In this way, by using comprehensive genomic testing, more effective treatments with fewer side effects are provided to each patient-that is, precision or personalized medicine (PM). In several European countries-such as in England, France, Denmark, and Spain-the governments have adopted national strategies and taken "top-down" decisions to invest in national infrastructure for PM. In other countries-such as Sweden, Germany, and Italy with regionally organized healthcare systems-the profession has instead taken "bottom-up" initiatives to build competence networks and infrastructure to enable equal access to PM. In this review, we summarize key learnings at the European level on the implementation process to establish sustainable governance and organization for PM at the regional, national, and EU/international levels. We also discuss critical ethical and legal aspects of implementing PM, and the importance of access to real-world data and performing clinical trials for evidence generation, as well as the need for improved reimbursement models, increased cross-disciplinary education and patient involvement. In summary, PM represents a paradigm shift, and modernization of healthcare and all relevant stakeholders-that is, healthcare, academia, policymakers, industry, and patients-must be involved in this system transformation to create a sustainable, non-siloed ecosystem for precision healthcare that benefits our patients and society at large.
Assuntos
Ecossistema , Medicina de Precisão , Humanos , Atenção à Saúde , Europa (Continente) , AlemanhaRESUMO
The rise of neurotechnologies, especially in combination with artificial intelligence (AI)-based methods for brain data analytics, has given rise to concerns around the protection of mental privacy, mental integrity and cognitive liberty - often framed as "neurorights" in ethical, legal, and policy discussions. Several states are now looking at including neurorights into their constitutional legal frameworks, and international institutions and organizations, such as UNESCO and the Council of Europe, are taking an active interest in developing international policy and governance guidelines on this issue. However, in many discussions of neurorights the philosophical assumptions, ethical frames of reference and legal interpretation are either not made explicit or conflict with each other. The aim of this multidisciplinary work is to provide conceptual, ethical, and legal foundations that allow for facilitating a common minimalist conceptual understanding of mental privacy, mental integrity, and cognitive liberty to facilitate scholarly, legal, and policy discussions.
RESUMO
Merging sensitive data and tracing their analysis results back to the data subjects is an essential part of data processing in the health sector. This challenges the protection of the data and thus its very purpose, the protection of the data subjects, since the scientific and health findings are often based on certain characteristics in the datasets, which should be preserved in their property as personal in order to make the results of the data analysis fruitful. The EU General Data Protection Regulation (GDPR) establishes a risk-based approach that determines both the identifiability of data and the proportionality of their processing.This paper analyses how the risk-based approach opens the scope of the GDPR and relates it to the risks for the rights and freedoms of data subjects posed by the processing of personal data. Furthermore, the question is explored to what extent the risk-based approach of the GDPR influences the rules for international data transfer and how international data processing in the health sector is currently organised on its basis.Overall, the present analysis sheds light on how the technical measures of data processing and the organisational measures for handling them can contribute to maintaining the proportionality of data processing under the GDPR, which can essentially be determined on a risk-based basis, while at the same time taking into account the specificity of data processing in the health sector.
Assuntos
Segurança Computacional , Liberdade , Humanos , União Europeia , AlemanhaRESUMO
In this viewpoint, we argue for the importance of creating data spaces for genomic research that are detached from contexts in which fundamental rights concerns related to surveillance measures override a purpose-specific balancing of fundamental rights. Genomic research relies on molecular and phenotypic data, on comparing findings within large data sets, on searchable metadata, and on translating research results into a clinical setting. These methods require sensitive genetic and health data to be shared across borders. International data sharing between the European Union (EU) or the European Economic Area and third countries has accordingly become a cornerstone of genomics. The EU General Data Protection Regulation contains rules that accord privileged status to data processing for research purposes to ensure that strict data protection requirements do not impede biomedical research. However, the General Data Protection Regulation rules applicable to international transfers of data accord no such preferential treatment to international data transfers made in the research context. The rules that govern the international transfer of data create considerable barriers to international data sharing because of the cost-intensive procedural and substantive compliance burdens that they impose. For certain jurisdictions and select use cases, there exist practically no lawful mechanisms to enable the international transfer of data because of concerns about the protection of fundamental rights. The proposed solutions further fail to address the need to share large data sets of local and regional cohorts across national borders to enable joint analyses. The European Health Data Space is an emerging federated, EU-wide data infrastructure that is intended to function as an infrastructure bringing together EU health data to improve patient care and enable the secondary use of health-related data for research purposes. Such infrastructure is implementing new institutions to support its functioning and is being implemented in reliance on a new enabling law, the regulation on the European Health Data Space. This innovation provides the opportunity to facilitate EU contribution to international genomic research efforts. The draft regulation for this data space provides for a concept of data infrastructure intended to enable cross-border data exchange and access, including access to genetic and health data for scientific analysis purposes. The draft regulation also provides for obligations of national actors aimed at making data widely available. This effort is laudable. However, in the absence of further, more fundamental changes to the manner in which the EU regulates the secondary use of health data, it is reasonable to believe that EU participation in international genomic research efforts will remain impeded.
Assuntos
Pesquisa Biomédica , Segurança Computacional , Humanos , União Europeia , Genômica , Disseminação de InformaçãoRESUMO
As the adoption of digital health accelerates health research increasingly relies on large quantities of biomedical data. Research institutions scattered across a large number of jurisdictions collaborate in producing and analyzing biomedical big data. National data protection legislation, for its part, grows increasingly complex and localized. To respond to heterogeneous legal requirements arising in numerous jurisdictions, decentralized health consortia must develop scalable organizational and 6 technological arrangements that enable data flows across jurisdictional boundaries. In this article, proposals are made to enable health sector organisations to align established biomedical ethics process and data analysis practices to shifting data protection norms through both public law co-regulation, private law tools, and design-oriented approaches.
RESUMO
The EU member states' healthcare and health-related research sectors are both characterized by an emerging infrastructural coalescence on a national and European level. The culmination of this coalescence is the planned creation of a European Health Data Space, an EU-wide infrastructure for the processing of personal data for healthcare and for secondary uses such as scientific research. In contrast to growing technical interoperability, the legal framework for such integration is not yet defined in detail, particularly with regard to data protection law. Its development is accompanied by discussions about divergent member state implementations of the EU General Data Protection Regulation (GDPR) that affect data sharing between healthcare and scientific research actors and across various sectors driven by divergent processing purposes. The article presents four member states' main rules on data sharing based on the respective provision of the GDPR in six health-related contexts regarding data sharing across the healthcare and research sector and between the main actors of those sectors. The striking differences are then evaluated from the perspective of their factual effect on European data sharing depending on the legal characteristics of the GDPR provisions they rely on. Against this backdrop, the planned regulatory measures for the setup of the European Health Data Space are introduced and evaluated with regard to further harmonization between member states' laws and possibilities to overcome divergences in data protection rules relevant for European data sharing. The results of the analysis point to the conclusion that the destructive effect of divergent member state rules depends on the legal qualification of the EU provisions they rely on and that this qualification also determines which further EU regulatory measure would be the most effective to set the framework for the European Health Data Space.
Assuntos
Segurança Computacional , Disseminação de Informação , União Europeia , Alemanha , Grécia , Humanos , Letônia , SuéciaRESUMO
Genomic data sharing is becoming more important as scientists join forces across borders in biomedical research for the benefit of patients and society. The EU's General Data Protection Regulation (GDPR) helps simplify sharing of such data at the European and international level. However, initial optimism has dried up as EU member states go their own ways in implementing the GDPR into national laws, and as legal cases challenging data sharing reach courts. Codes of conduct could facilitate data sharing in Europe and better connect it to global health research. This commentary explains the potential of codes of conduct for addressees and drafters. Codes are no panacea though; other measures may be necessary to ensure that Europe remains collaborative and competitive in biomedical research. Nevertheless, codes of conduct would bring immediate benefits and, in the long term, could foster a true European ecosystem for joint biomedical research and easier international data sharing.
Assuntos
Pesquisa Biomédica , Genômica , Disseminação de Informação , Europa (Continente) , HumanosAssuntos
Códigos de Ética , Bases de Dados Genéticas/ética , Genômica/ética , Disseminação de Informação/ética , Computação em Nuvem/economia , Computação em Nuvem/ética , Computação em Nuvem/tendências , Bases de Dados Genéticas/normas , Bases de Dados Genéticas/tendências , Genômica/normas , Genômica/tendências , Humanos , Cooperação InternacionalRESUMO
Dynamic consent (DC) is an approach to consent that enables people, through an interactive digital interface, to make granular decisions about their ongoing participation. This approach has been explored within biomedical research, in fields such as biobanking and genomics, where ongoing contact is required with participants. It is posited that DC can enhance decisional autonomy and improve researcher-participant communication. Currently, there is a lack of evidence about the measurable effects of DC-based tools. This article outlines a framework for DC evaluation and reporting. The article draws upon the evidence for enhanced modes of informed consent for research as the basis for a logic model. It outlines how future evaluations of DC should be designed to maximize their quality, replicability, and relevance based on this framework. Finally, the article considers best-practice for reporting studies that assess DC, to enable future research and implementation to build upon the emerging evidence base.
Assuntos
Bancos de Espécimes Biológicos , Pesquisa Biomédica , Consentimento Livre e Esclarecido , Comunicação , Humanos , PesquisadoresRESUMO
With the German Bundestag's adoption of the Data Protection Adaptation and Implementation Act EU (DSAnpUG-EU) on 30 June 2017, the adaptation of German law to the General Data Protection Regulation (GDPR) has begun (Gesetz zur Anpassung des Datenschutzrechts an die Verordnung (EU) 2016/679 und zur Umsetzung der Richtlinie (EU) 2016/680 (Datenschutz-Anpassungs- und -Umsetzungsgesetz-DSAnpUG-EU) v. 30. Juni 2017, BGBl. 2017 I p. 2097 et seq.). Despite being directly binding on all EU member states, the GDPR does not render national data protection provision obsolete-they are covered by the GDPR's opening clauses which include regulatory mandates and room for derogation. This creates considerable need for national legislative adaptation. Art. 1 DSAnpUG-EU contains the necessary amendments to the Federal Data Protection Law (BDSG(neu)), thus creating the second major building block of future German data protection alongside the GDPR itself. Nevertheless, there are still numerous sector-specific regulations in other federal laws and the data protection laws of the 16 states also need amendments. Adjustment in Germany is well on its way, but implementation in general is still ongoing, with further consequences for data processing and sharing.
Assuntos
Segurança Computacional , Bases de Dados Genéticas , Privacidade Genética , Pesquisa em Genética/legislação & jurisprudência , Disseminação de Informação/legislação & jurisprudência , Segurança Computacional/legislação & jurisprudência , Segurança Computacional/normas , Bases de Dados Genéticas/legislação & jurisprudência , Bases de Dados Genéticas/normas , Privacidade Genética/legislação & jurisprudência , Privacidade Genética/normas , Alemanha , HumanosRESUMO
Biomedical research is becoming increasingly large-scale and international. Cloud computing enables the comprehensive integration of genomic and clinical data, and the global sharing and collaborative processing of these data within a flexibly scalable infrastructure. Clouds offer novel research opportunities in genomics, as they facilitate cohort studies to be carried out at unprecedented scale, and they enable computer processing with superior pace and throughput, allowing researchers to address questions that could not be addressed by studies using limited cohorts. A well-developed example of such research is the Pan-Cancer Analysis of Whole Genomes project, which involves the analysis of petabyte-scale genomic datasets from research centers in different locations or countries and different jurisdictions. Aside from the tremendous opportunities, there are also concerns regarding the utilization of clouds; these concerns pertain to perceived limitations in data security and protection, and the need for due consideration of the rights of patient donors and research participants. Furthermore, the increased outsourcing of information technology impedes the ability of researchers to act within the realm of existing local regulations owing to fundamental differences in the understanding of the right to data protection in various legal systems. In this Opinion article, we address the current opportunities and limitations of cloud computing and highlight the responsible use of federated and hybrid clouds that are set up between public and private partners as an adequate solution for genetics and genomics research in Europe, and under certain conditions between Europe and international partners. This approach could represent a sensible middle ground between fragmented individual solutions and a "one-size-fits-all" approach.
Assuntos
Pesquisa Biomédica , Computação em Nuvem/legislação & jurisprudência , Segurança Computacional/legislação & jurisprudência , Genômica , Europa (Continente) , HumanosRESUMO
Biobanks have been heralded as essential tools for translating biomedical research into practice, driving precision medicine to improve pathways for global healthcare treatment and services. Many nations have established specific governance systems to facilitate research and to address the complex ethical, legal and social challenges that they present, but this has not lead to uniformity across the world. Despite significant progress in responding to the ethical, legal and social implications of biobanking, operational, sustainability and funding challenges continue to emerge. No coherent strategy has yet been identified for addressing them. This has brought into question the overall viability and usefulness of biobanks in light of the significant resources required to keep them running. This review sets out the challenges that the biobanking community has had to overcome since their inception in the early 2000s. The first section provides a brief outline of the diversity in biobank and regulatory architecture in seven countries: Australia, Germany, Japan, Singapore, Taiwan, the UK, and the USA. The article then discusses four waves of responses to biobanking challenges. This article had its genesis in a discussion on biobanks during the Centre for Health, Law and Emerging Technologies (HeLEX) conference in Oxford UK, co-sponsored by the Centre for Law and Genetics (University of Tasmania). This article aims to provide a review of the issues associated with biobank practices and governance, with a view to informing the future course of both large-scale and smaller scale biobanks.
Assuntos
Temas Bioéticos , Bancos de Espécimes Biológicos , Pesquisa Biomédica , Apoio Financeiro , Medicina de Precisão , Controle Social Formal , Bancos de Espécimes Biológicos/economia , Bancos de Espécimes Biológicos/ética , Bancos de Espécimes Biológicos/legislação & jurisprudência , Pesquisa Biomédica/economia , Pesquisa Biomédica/ética , Pesquisa Biomédica/legislação & jurisprudência , HumanosRESUMO
Next-Generation Sequencing has been used as a diagnostic tool in an increasing manner. Compared to conventional medical interventions, NGS, as a medical intervention, has its own special characteristics. NGS allows us to obtain a multitude of additional findings. However, their correct interpretation requires molecular biological expertise and is still unknown at the time of the sampling. These factors, when applying NGS, lead to a dynamic process of informational interference with the patients' rights. The physician-patient relationship that becomes successive, is loosened by involving non-physician researchers in the validation of the findings and by the fact that genetic data also gives information about the relatives of the patient. Moreover, dealing with risk information lays the burden on the patients and strengthens their responsibility. These challenges increase in international translational medicine and they demand solutions for the protection of the patients' rights.
