Broad consentthe act of gaining one consent for multiple potential future research projectssits at the core of much current genomic research practice. Since the 25th May 2018, the General Data Protection Regulation (GDPR) has applied as valid law concerning genomic research in the EU and now occupies a dominant position in the legal landscape. Yet, the position of the GDPR concerning broad consent has recently been cause for concern in the genomic research community. Whilst the text of the GDPR apparently supports the practice, recent jurisprudence contains language which is decidedly less positive. This article takes an in-depth look at the situation concerning broad consent under the GDPR anddespite the understandable concern flowing from recent jurisprudenceoffers a positive outlook. This positive outlook is argued from three perspectives, each of which is significant in defining the current, and ongoing, legitimacy and utility of broad consent under the GDPR: the principled, the legal technical, and the practical.
This article focuses on whether a certain form of consent used by biobanks – open consent – is compatible with the Proposed Data Protection Regulation. In an open consent procedure, the biobank requests consent once from the data subject for all future research uses of genetic material and data. However, as biobanks process personal data, they must comply with data protection law. Data protection law is currently undergoing reform. The Proposed Data Protection Regulation is the culmination of this reform and, if voted into law, will constitute a new legal framework for biobanking. The Regulation puts strict conditions on consent – in particular relating to information which must be given to the data subject. It seems clear that open consent cannot meet these requirements. 4 categories of information cannot be provided with adequate specificity: purpose, recipient, possible third country transfers, data collected. However, whilst open consent cannot meet the formal requirements laid out by the Regulation, this is not to say that these requirements are substantially undebateable. Two arguments could be put forward suggesting the applicable consent requirements should be rethought. First, from policy documents regarding the drafting process, it seems that the informational requirements in the Regulation are so strict in order to protect the data subject from risks inherent in the use of the consent mechanism in a certain context – exemplified by the online context. There are substantial differences between this context and the biobanking context. Arguably, a consent transaction in the biobanking does not present the same type of risk to the data subject. If the risks are different, then perhaps there are also grounds for a reconsideration of consent requirements? Second, an argument can be made that the legislator drafted the Regulation based on certain assumptions as to the nature of ‘data’. The authors argue that these assumptions are difficult to apply to genetic data and accordingly a different approach to consent might be preferable. Such an approach might be more open consent friendly.
The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.
There are a number of novel technologies and a broad range of research aimed at the collection and use of data drawn directly from the human brain. Given that this data – neurodata – is data collected from individuals, one area of law which will be of relevance is data protection. The thesis of this paper is that neurodata is a unique form of data and that this will raise questions for the application of data protection law. Issues may arise on two levels. On a legal technical level, it is uncertain whether the definitions and mechanisms used in the data protection framework can be easily applied to neurodata. On a more fundamental level, there may be interests in neurodata, particularly those related to the protection of the mind, the framework was not designed to represent and may be insufficiently equipped, or constructed, to deal with.
on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ 2016 L 119/1, Article 5(1)(d).
EU data protection law and medical research ethics overlap in scope and content in numerous instances in which personal data are processed in medical research. It is not always the case, however, that the conditions outlined by the two rule-sets precisely coincide. In the past few years, this lack of confluence has led to confusion as to how the two rule-sets should best relate to one another. This confusion has led to different approaches to the relationship being taken, on occasion leading to counter-intuitive conclusions. Unfortunately, there has hitherto been little effort to provide clarity to this confusion. In this regard, this article attempts to provide a general normative framework aimed at facilitating optimally cogent and just reconciliations of EU data protection law and medical research ethics.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.