Justice Select Committee: Inquiry on EU Data Protection Framework Proposals

Similar documents
Ministry of Justice: Call for Evidence on EU Data Protection Proposals

TechAmerica Europe comments for DAPIX on Pseudonymous Data and Profiling as per 19/12/2013 paper on Specific Issues of Chapters I-IV

The EFPIA Perspective on the GDPR. Brendan Barnes, EFPIA 2 nd Nordic Real World Data Conference , Helsinki

clarification to bring legal certainty to these issues have been voiced in various position papers and statements.

The General Data Protection Regulation and use of health data: challenges for pharmaceutical regulation

Data Protection Regulation: Keeping Health Research Alive in the EU. A Roundtable Event Hosted by Nessa Childers MEP. European Parliament, Brussels

Ethical Governance Framework

IAB Europe Guidance THE DEFINITION OF PERSONAL DATA. IAB Europe GDPR Implementation Working Group WHITE PAPER

Questions and answers on the revised directive on restrictions of certain dangerous substances in electrical and electronic equipment (RoHS)

Biometric Data, Deidentification. E. Kindt Cost1206 Training school 2017

Towards Code of Conduct on Processing of Personal Data for Purposes of Scientific Research in the Area of Health

ICC POSITION ON LEGITIMATE INTERESTS

BBMRI-ERIC WEBINAR SERIES #2

ARTICLE 29 Data Protection Working Party

PRIVACY ANALYTICS WHITE PAPER

Medical Technology Association of NZ. Proposed European Union/New Zealand Free Trade Agreement. Submission to Ministry of Foreign Affairs & Trade

European Union General Data Protection Regulation Effects on Research

ITAC RESPONSE: Modernizing Consent and Privacy in PIPEDA

Interaction btw. the GDPR and Clinical Trials Regulation

Global Alliance for Genomics & Health Data Sharing Lexicon

Chemicals Risk Management and Critical Raw Materials

EU Research Integrity Initiative

What does the revision of the OECD Privacy Guidelines mean for businesses?

Parenteral Nutrition Down Under Inc. (PNDU) Working with Pharmaceutical Companies Policy (Policy)

GOVERNMENT RESOLUTION ON THE OBJECTIVES OF THE NATIONAL INFORMATION SOCIETY POLICY FOR

24 May Committee Secretariat Justice Committee Parliament Buildings Wellington. Dear Justice Select Committee member,

Triennial Review of the Medicines and Healthcare Products Regulatory Agency. Call for Evidence

December Eucomed HTA Position Paper UK support from ABHI

B) Issues to be Prioritised within the Proposed Global Strategy and Plan of Action:

I hope you will find these comments constructive and helpful.

DERIVATIVES UNDER THE EU ABS REGULATION: THE CONTINUITY CONCEPT

Before the FEDERAL COMMUNICATIONS COMMISSION Washington, D.C. ) ) ) ) )

Draft Plan of Action Chair's Text Status 3 May 2008

Robert Bond Partner, Commercial/IP/IT

The Information Commissioner s response to the Draft AI Ethics Guidelines of the High-Level Expert Group on Artificial Intelligence

19 Progressive Development of Protection Framework for Pharmaceutical Invention under the TRIPS Agreement Focusing on Patent Rights

European Regulatory Approach to Orbital / Spectrum Registrations

2

The New Delhi Communiqué

Guidance on the anonymisation of clinical reports for the purpose of publication

Herts Valleys Clinical Commissioning Group. Review of NHS Herts Valleys CCG Constitution

Mineral Exploration and Development Section Regulation 308/12 Update

Supporting Innovation through Regulation and Science

Reform of the Community Plant Health Regime

4. A set of morally reasonable expectations about the governance and use of data should be determined in accordance with four principles:

IN VITRO DIAGNOSTICS: CAPITA EXOTICA

The General Data Protection Regulation

Lexis PSL Competition Practice Note

An Essential Health and Biomedical R&D Treaty

Twenty-Thirty Health care Scenarios - exploring potential changes in health care in England over the next 20 years

Details of the Proposal

Guidance on the anonymisation of clinical reports for the purpose of publication in accordance with policy 0070

Revision of the Public Law Outline

This policy sets out how Legacy Foresight and its Associates will seek to ensure compliance with the legislation.

Legal Aspects of Identity Management and Trust Services

E5 Implementation Working Group Questions & Answers (R1) Current version dated June 2, 2006

THE LABORATORY ANIMAL BREEDERS ASSOCIATION OF GREAT BRITAIN

European Law as an Instrument for Avoiding Harmful Interference 5-7 June Gerry Oberst, SES Sr. Vice President, Global Regulatory & Govt Strategy

NHS Next Stage Review: Innovation

NCRIS Capability 5.7: Population Health and Clinical Data Linkage

The EU's new data protection regime Key implications for marketers and adtech service providers Nick Johnson and Stephen Groom 11 February 2016

DEVELOPMENTS IN EU MDD & IVDD SOFTWARE REGULATION

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

IMI2 Intellectual Property rules in light of Call 10 topics. Magali Poinot, IMI Legal Manager IMI Stakeholder Forum 28 September 2016

TGA Discussion Paper 3D Printing Technology in the Medical Device Field Australian Regulatory Considerations

Note by the Executive Secretary

South-South Exchange Meeting on the Conservation and Sustainable Use of Forest Biodiversity, 8-10 July 2009

GDPR Implications for ediscovery from a legal and technical point of view

TOOL #21. RESEARCH & INNOVATION

NHS South Kent Coast. Clinical Commissioning Group. Complaints, Comments and Compliments Policy

Mr Hans Hoogervorst International Accounting Standards Board 1 st Floor 30 Cannon Street London EC4M 6XH. MV/288 Mark Vaessen.

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

North York Moors National Park Authority

28 March Report of the Working Group on Pharmaceuticals and Public Health of the High Level Committee on Health.

Submission to the Productivity Commission inquiry into Intellectual Property Arrangements

Health Technology Assessment of Medical Devices in Low and Middle Income countries: challenges and opportunities

The Biological Weapons Convention and dual use life science research

Convention on Biological Diversity: ABS. The Nagoya Protocol on Access and Benefit-sharing

The Royal College of Radiologists Response to: House of Lords Select Committee on Artificial Intelligence 6 September 2017

ATMP GMP requirements. Andrew Hopkins

Health Based Exposure Limits (HBEL) and Q&As

Doing, supporting and using public health research. The Public Health England strategy for research, development and innovation

Horizon Societal Challenge 1: Health, demographic change and wellbeing. Jeremy Bray DG Research & Innovation European Commission

The Revised EU Block Exemption Regulation for Research and Development Agreements

Committee on the Internal Market and Consumer Protection

Decision regarding PHARMAC s Implementation of Trans-Pacific Partnership (TPP) provisions and other Amendments to Application Processes

Session 1, Part 2: Emerging issues in e-commerce Australian experiences of privacy and consumer protection regulation

Operational Objectives Outcomes Indicators

Policies for the Commissioning of Health and Healthcare

Further Consultation on the Release of the / MHz Sub-band

Position Paper.

Human Biological Material Collection, Storage and Use

Preparing for the new Regulations for healthcare providers

ABHI Response to the Kennedy short study on Valuing Innovation

Policy guidance regarding authorisation for Earth Stations on Vessels (ESVs)

Recast de la législation européenne et impact sur l organisation hospitalière

A Brief Introduction to the Regulatory Environment of Medical Device Supervision. CFDA Department of Legal Affairs Liu Pei

Elements of a global strategy and plan of action

The NHS England Assurance Framework: national report for consultation Chief Officer, Barnet Clinical Commissioning Group

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT. pursuant to Article 294(6) of the Treaty on the Functioning of the European Union

Transcription:

Justice Select Committee: Inquiry on EU Data Protection Framework Proposals Response by the Wellcome Trust KEY POINTS The Government must make the protection of research one of their priorities in negotiations on the Regulation. It is essential that Article 83 and associated derogations are maintained as the Regulation moves through the legislative process. Amendments to clarify and strengthen the research provisions would be beneficial to ensure these achieve their intended purpose and do not inhibit important health research. Amendments are needed to ensure that the use of pseudonymised data in health research is regulated proportionately and to ensure clarity in the scope of the Regulation. INTRODUCTION 1. We welcome the opportunity to respond to this inquiry since it is vital that the EU and UK can establish a regulatory framework that balances the rights and interests of individuals with the societal benefits of research using patient information. Our response focuses on the aspects of the proposed Regulation that affect health research. We are also submitting a joint statement from the Trust and other health research organisations that was presented to the Ministry of Justice during their call for evidence. This statement sets out the impacts of the data protection proposals for the sector and includes a number of case studies. 2. Information from patient records provides the foundation for much health research, and offers significant potential to answer questions about the factors that influence health and disease. Information from patient records can be used for epidemiological research; to understand more about the causes of disease; to detect outbreaks of infectious diseases; to monitor the safety and efficacy of drugs and medical devices; and to study the effectiveness of treatments and interventions. Patient information is also used to identify participants for research studies. Researchers may wish to approach individuals in order to gain their consent to participating in a particular piece of research, for example the trial of a new treatment for a particular disease. 1

Will the proposed Regulation strike the right balance between the need, on the one hand, for a proportionate, practicable but effective system of data protection in the EU, and on the other for business and public authorities not to be stifled by regulatory, financial and administrative burdens placed upon them? Research derogations 3. The Regulation provides a number of derogations from particular requirements for the use of personal data for scientific research, providing that personal data is processed in accordance with the conditions set out in Article 83. These derogations do not exempt research studies from all the requirements set out in the Regulation. The Wellcome Trust warmly welcomes this approach since it provides a framework that balances the facilitation of research with the protection of the interests of research participants. However, to safeguard this balance the Government must prioritise the protection of Article 83 and ensure the associated derogations for research are protected as the Regulation moves through the legislative process. 4. There are a number of issues around Article 83 and the associated derogations that would benefit from clarification to better reflect the intent of the clauses. The lack of clarity in the current UK Data Protection Act has contributed to a risk-averse culture among those sharing and using data for research, which has led to delays to important research. 5. In order to avoid replicating these difficulties, it is essential that any lack of clarity is rectified in the new Regulation. The following clarifications are needed: Clarification of Article 6.4 and Recital 40 to ensure that the processing of personal data for other purposes intends scientific research to be viewed as a compatible purpose in itself. Clarification that the reference to Article 83 (processing for historical, statistical and scientific research purposes) within Article 81 (processing of personal data concerning health) is intended to link the two sections, rather than to impose an additional restriction on research. 6. A number of aspects of the research requirements and derogations rely on demonstrating necessity. 1 While this approach is reasonable in principle, it will be important that an appropriate and consistent definition of necessity can be applied in this context to ensure clarity and proportionality in implementation. Scope of the Regulation 7. The scope of the Regulation is personal data that identifies a natural person, or from which a natural person can be identified. 2 It is important that the research community is clear about when the different types of data used in research anonymised data; keycoded or pseudonymised data; and identifiable data (see Annex A) are considered to be personal data. This determines whether a research study is brought within the remit of the Data Protection Act and therefore must comply with its requirements. Clarity in the scope is essential so that those sharing and using patient data in research are fully 1 For example Articles 6.2; 9.29(i); 17.3(c); 83.1(a); and 83.2(c). 2 Articles 3 and 4 2

aware of their responsibilities, but do not impose unnecessary additional requirements that will stifle research. 8. The Regulation is not explicit on whether pseudonymised data are intended to be included within its scope. Pseudonymised or key-coded data underpin a substantial amount of research, for example studies at the Wellcome Trust Sanger Institute and the UK Biobank research resource. In the UK, the Information Commissioner has published draft guidance 3 to the effect that pseudonymised data can be considered anonymous where identification does not take place, or where identification does take place and the data protection principles are not breached and therefore falls outside the scope of the Data Protection Act. Inclusion of pseudonymised data within the scope of the Regulation would therefore dramatically increase the regulatory burden on research. 9. The use of pseudonymised data in health research is well-established and operates within a system designed to reduce the possibility of re-identification of participants. It is important that the use of pseudonymised data in research is handled within a proportionate regulatory framework that takes into account the actual likelihood of reidentification under current conditions, not just the technical possibility of re-identification. Conditions that will reduce the actual likelihood of re-identification could include the use of safe havens, such as England s new Clinical Practice Research Datalink and comparable services in the devolved nations; contractual data sharing agreements; and professional standards for researchers that prohibit re-identification. In many instances the identifying code will not be held at the research site where the pseudonymised data are used in research, but at a hospital or by a safe haven. The Regulation should be amended to provide greater clarity on this issue for research, for example by noting that conditions could be established in a Member State that preclude re-identification, therefore ensuring that re-identification would not be considered reasonably likely. The UK Government must ensure that the proposed Regulation does not increase the regulatory burden of using pseudonymised data in research. 10. Anonymous data falls outside of the scope of the Regulation. However, the act of removing identifiers to ensure that data are no longer personal anonymisation could fall within the definition of processing (Article 4). This would mean that the process of anonymisation itself would have to comply with the requirements of the Regulation to be lawful. We suggest that the Regulation should be revised to expressly permit anonymisation, while prohibiting re-identification for data that has been anonymised. 11. Clarification is needed around genetic data and data concerning health to ensure that these definitions are only intended to apply to personal data that falls within these categories, rather than all related data. Further, the definition of data concerning health should be clarified and must be consistent with Recital 26 to make it clear that data concerning health does not include biological samples per se, but rather to personal data obtained from testing such material. 3 http://www.ico.gov.uk/about_us/consultations/our_consultations.aspx 3

Are the next steps the UK Government proposes to take during the negotiations, set out in the Summary of responses to its Call for evidence, the right approach? 12. The Government s Summary of Responses to the Call for Evidence recognises the issues for research in the draft Regulation (pp31-32). However, research is not reflected as a priority in the Government s proposed next steps. It is important that this is rectified to ensure that the draft Regulation does not hinder research in the public interest. Particular steps the UK Government must take to protect the balance between the rights and interests of individuals and the societal benefits of research using patient information, include: Protecting Article 83 and the associated derogations for research as the Regulation moves through the legislative process. Seeking amendments to clarify and strengthen the research provisions to ensure these achieve their intended purpose and do not inhibit important health research. Ensuring that the proposed Regulation does not increase the regulatory burden of using pseudonymised data in research. The Wellcome Trust is a global charitable foundation dedicated to achieving extraordinary improvements in human and animal health. We support the brightest minds in biomedical research and the medical humanities. Our breadth of support includes public engagement, education and the application of research to improve health. We are independent of both political and commercial interests 4

ANNEX A: THE TYPES OF PATIENT DATA USED IN HEALTH RESEARCH Health data can be accessed by researchers in the following forms: Identifiable data these include information in patient records such as patients names, addresses, dates of birth and NHS numbers. There are also aspects of health data that could become identifying when they relate to a diagnosis of a rare condition or when combined with other data. Identifiable data are needed when future contact is needed with the participant, for example to contact them to take part in a study, or to link information across different data sets. Key-coded or pseudonymised data these cannot directly identify an individual, but are provided with an identifier that enables the patient s identity to be reconnected to the data by reference to a separate database containing the identifiers and identifiable data. Pseudonymised data can often be used in place of identifiable data. Anonymised data these data cannot be connected to the original patient record. Anonymised data are suitable when no contact is needed with the participant or where the data does not need to be linked to any other data sources. 5

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback