Interaction btw. the GDPR and Clinical Trials Regulation

Similar documents
The General Data Protection Regulation and use of health data: challenges for pharmaceutical regulation

Biometric Data, Deidentification. E. Kindt Cost1206 Training school 2017

Towards Code of Conduct on Processing of Personal Data for Purposes of Scientific Research in the Area of Health

European Union General Data Protection Regulation Effects on Research

IAB Europe Guidance THE DEFINITION OF PERSONAL DATA. IAB Europe GDPR Implementation Working Group WHITE PAPER

PRIVACY ANALYTICS WHITE PAPER

The EFPIA Perspective on the GDPR. Brendan Barnes, EFPIA 2 nd Nordic Real World Data Conference , Helsinki

ARTICLE 29 Data Protection Working Party

Justice Select Committee: Inquiry on EU Data Protection Framework Proposals

clarification to bring legal certainty to these issues have been voiced in various position papers and statements.

The Information Commissioner s response to the Draft AI Ethics Guidelines of the High-Level Expert Group on Artificial Intelligence

Global Alliance for Genomics & Health Data Sharing Lexicon

Ministry of Justice: Call for Evidence on EU Data Protection Proposals

EXIN Privacy and Data Protection Foundation. Preparation Guide. Edition

Robert Bond Partner, Commercial/IP/IT

Having regard to the Treaty establishing the European Community, and in particular its Article 286,

Guidance on the anonymisation of clinical reports for the purpose of publication in accordance with policy 0070

Convergence and Differentiation within the Framework of European Scientific and Technical Cooperation on HTA

EMA Technical Anonymisation Group (TAG)

This policy sets out how Legacy Foresight and its Associates will seek to ensure compliance with the legislation.

Data Protection by Design and by Default. à la European General Data Protection Regulation

What does the revision of the OECD Privacy Guidelines mean for businesses?

Guidance on the anonymisation of clinical reports for the purpose of publication

GDPR Implications for ediscovery from a legal and technical point of view

THE EUROPEAN DATA PROTECTION SUPERVISOR, Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

HBM4EU project. Information, Invitation and Informed Consent Lisbeth E. Knudsen, Berit A. Faber. Information and recruitment of participants

Swedish Proposal for Research Data Act

BBMRI-ERIC WEBINAR SERIES #2

European Network for Health Technology Assessment (EUnetHTA) Joint Action 3

EU-GDPR The General Data Protection Regulation

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

EU Research Integrity Initiative

12 April Fifth World Congress for Freedom of Scientific research. Speech by. Giovanni Buttarelli

ICC POSITION ON LEGITIMATE INTERESTS

The EU's new data protection regime Key implications for marketers and adtech service providers Nick Johnson and Stephen Groom 11 February 2016

Interest Balancing Test Assessment on the processing of the copies of data subjects driving licences for the MOL Limo service

Ethical Governance Framework

ICO submission to the inquiry of the House of Lords Select Committee on Communications - The Internet : To Regulate or not to Regulate?

IMI2 Intellectual Property rules in light of Call 10 topics. Magali Poinot, IMI Legal Manager IMI Stakeholder Forum 28 September 2016

SHTG primary submission process

ANEC-ICT-2014-G-020final April 2014

2

Andalusian Agency for Health Technology Assessment (AETSA)

Enpr EMA. Enpr-EMA. European Network of Paediatric Research at the European Medicines Agency

European Charter for Access to Research Infrastructures - DRAFT

Details of the Proposal

Data Protection and Ethics in Healthcare

The new GDPR legislative changes & solutions for online marketing

Legal Aspects of the Internet of Things. Richard Kemp June 2017

EN Official Journal of the European Union L 117/176 REGULATION (EU) 2017/746 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL.

How Paediatric Research Networks can help drug development

International Seminar on Personal Data Protection and Privacy Câmara Dos Deputados-BRAZIL

(Non-legislative acts) REGULATIONS

The GDPR and Upcoming mhealth Code of Conduct. Dr Etain Quigley Postdoctoral Research Fellow (ARCH, UCD)

NCRIS Capability 5.7: Population Health and Clinical Data Linkage

First Components Ltd, Savigny Oddie Ltd, & Datum Engineering Ltd. is pleased to provide the following

Identification number : Jean-Louis MARTINAUD. 1, Place Samuel de Champlain PARIS LA DEFENSE Cedex. Address

RECOMMENDATIONS. COMMISSION RECOMMENDATION (EU) 2018/790 of 25 April 2018 on access to and preservation of scientific information

Efese, ethics in research

Ocean Energy Europe Privacy Policy

Council of the European Union Brussels, 8 March 2017 (OR. en)

PC-07- PUBLIC CONSULTATION ON DRAFT FRAMEWORK GUIDELINES ON INTEROPERABILITY RULES AND DATA EXCHANGE FOR THE EUROPEAN GAS TRANSMISSION NETWORKS

ARTICLE 29 DATA PROTECTION WORKING PARTY

IoT in Health and Social Care

9 October Opportunities to Promote Data Sharing UCL and the YODA Project. Emma White. Associate Director

'INNOVATIVE SOLUTIONS FOR RESEARCH IN HEALTHCARE' Developing a novel approach to deliver better precision medicine in Europe The EMA standpoint

8365/18 CF/nj 1 DG G 3 C

(Non-legislative acts) DECISIONS

TBT Provisions in RTAs: Do they go beyond the TBT Agreement?

December Eucomed HTA Position Paper UK support from ABHI

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

Finn Børlum Kristensen, MD, PhD Director, EUnetHTA Secretariat Danish Health and Medicines Authority (EUnetHTA Coordinator) Copenhagen, Denmark

ARTICLE 29 DATA PROTECTION WORKING PARTY

Official Journal of the European Union L 117. Legislation. Legislative acts. Volume May English edition. Contents REGULATIONS

Access to scientific information in the digital age: European Commission initiatives

From registers to personal data

EN Official Journal of the European Union L 117/1 REGULATION (EU) 2017/745 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL.

Marie Skłodowska-Curie Actions Individual Fellowships. Cross-cutting issues in MSCA

Cross-border Flow of Health Information: is Privacy by Design sufficient to obtain complete and accurate data for Public Health in Europe?

510 Data Responsibility Policy

EMA experience with the review of digital technology proposals in medicine development programmes

Committee on the Internal Market and Consumer Protection. of the Committee on the Internal Market and Consumer Protection

The General Data Protection Regulation

I m sorry, my friend, but you re implicit in the algorithm Privacy and internal access to #BigDataStream

Whatever Happened to the. Fair Information Practices?

2. Evidence themes and their importance along the development path

Open access in the ERA and Horizon 2020 Daniel Spichtinger DG Research & Innovation, European Commission

Preparing for the new Regulations for healthcare providers

New Approaches to Safety and Risk Management

Privacy by Design with or without information security? Kirsten Bock CPDP

Access to personal data within our research collections

DEVELOPMENTS IN EU MDD & IVDD SOFTWARE REGULATION

WEON 2018 COREON (1) Marjolein Timmers. What is COREON? CO = Commissie (Committee) RE = Regelgeving (Regulation) ON = Onderzoek (Research)

SMA Europe Code of Practice on Relationships with the Pharmaceutical Industry

Topic: Centre Of Excellence Remote Decentralised Clinical Trials

GDPR Awareness. Kevin Styles. Certified Information Privacy Professional - Europe Member of International Association of Privacy professionals

Big Data and Personal Data Protection Challenges and Opportunities

Data Protection Regulation: Keeping Health Research Alive in the EU. A Roundtable Event Hosted by Nessa Childers MEP. European Parliament, Brussels

EU Cooperation on Health Technology Assessment

ENTSO-E Draft Network Code on High Voltage Direct Current Connections and DCconnected

Transcription:

Interaction btw. the GDPR and Clinical Trials Marjut Salokannel SaReCo Oslo,

Clinical Trials (CTR) approved in 2014 and will most likely come into effect as of Oct. 2018 all information btw. the parties circulated through EU portal and database strict transparency requirements; with the exception of personal data commercial confidential information unless overriding public interest confidential communication btw. Member States in the preparation of the assessement supervison of the clinical trial

Processing of personal data under CTR GDPR is applicable to all processing of personal data in clinical trials by the Member States (CTR Art. 93); for processing of personal data within EMA, incl. in the EU portal and database the 45/2001 on the protection of individuals with regard to the processing of personal data by the Union institutions and other bodies applies; a proposal for a new regulation was given on 10.1.2017 (COM(2017) 8 final

EMA anonymisation guidelines External guidance on the implementation of the European Medicines Agency policy on the publication of clinical data for medicinal products for human use, 16.3.2016,EMA/90915/2016 recommends anonymisation by randomisation or generalisation; masking destroys the usability of data supporting documentation to EMA 0070 Publication policy 1. Phase one: publication of clinical reports (1 Jan. 2015) 2. Phase two: publishing of individual patient data (later)

CTR provisions on consent Informed consent for processing personal health data for clinical trials according to CTR (Arts 28 & 29) Qualified informational requirements when subjects belong to vulnerable groups Consent may be withdrawn at any time relates to consenting in participating in the clinical trial as required by the Charter of Fundamental Rights; any intervention in the field of biology and medicine cannot be performed without the free and informed consent of person concerned. (Recital 27)

CTR consent cont. consent under CTR does not relate to processing of personal data according to EDPS also according to GDPR for the purpose of consenting to the participation in scientific research activities in clinical trials the CTR should apply (Rec. 161)

Consenting for further research uses under CTR At the time of giving informed consent the data subject may consent to the use of her personal data outside the protocol of the clinical trial exclusively for scientific purposes (Art. 28.2) universities and other research institutions should be able to collect data as appropriate under applicable data protection law to be used for future scientific research for this processing GDPR applies research projects based on secondary use of clinical trials data subject to reviews that are appropriate for research on human data, e.g. on ethical aspects, before being conducted. (Recital 29 CTR)

Defining scientific research uses CTR: furher scientific research tied to universities and research institutions (Rec. 29) GDPR: scientific research purposes should be interpreted in a broad manner incl., e.g., technological development and demonstration, fundamental research, applied research and privately funded research and studies conducted in the public interest in the area of public health (Rec. 159) processing of health data in the public interest for research purposes must be based on Union or Member State law which has to meet an objective public interest (Rec. 53)

General Data Protection (GDPR) in force and will be applied as of 25 May 2018 in all EEA States. applies to all data processing conducted in connection with clinical trials in the Member States; complemented by local law general principles, i.a.: determination of the data controller and possible data processor data protection by default and by design secure data protection environment data breach notification procedures

GDPR general provisions cont. data protection officer possible data protection impact assessement rules relating to transfer of data to third countries; note! applies also to data processing in cloud outside of EU when the the data processed is from EU administrative fines

GDPR and consent Consent must be given for one or more specific purposes; for sensitive data, such as health related data, explicit consent for one or more specified purposes consent can be granted for certain areas of scientific research when in keeping with recognised ethical standards for scientific research => common Nordic approach?

Consent cont. All consents must include an opportunity for data subject to give their consent only to certain areas of research or parts of research projects to the extent allowed by the intended purpose. (Recital 33) consent is presumed not to be freely given if it does not allow separate consent to be given to different data processing operations despite it is appropriate in the individual case (Recital 43) consent shouldn t provide a valid legal ground in a specific case where there is a clear imbalance btw. the data subject and the controller, in particular where the controller is a public authority (Rec.43)

Consent cont. Transitory provisions of the GDPR: all consents must be in line with the if processing still continues after the is being applied (25 May 2018) WP29 will issue guidelines on consent in 2017

Consent for secondary use of CT data Consent for secondary use of clinical trial data should be separate from the consent for CT, but may be given in connection with the original consent WP 29: future research too wide as a purpose for consent Recommendable: draft the consent according to GDPR Nordic approach?

Legitimate basis for processing health data for scientific research under GDPR Consent Legal basis: processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) if the processing involves sensitive personal data, legal basis under art. 89.1 requires that the basis is statutory

Processing of health data for scientific research based on Union or Member State law which shall be 1) proportionate to the aim pursued, 2) respect the essence of the right to data protection, and 3) provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject

Further safeguards according to Art. 89 Organisational and technological safeguards for the rights and freedoms of the data subject to ensure, i.a. that no more data is collected than strictly necessary If possible, data should be processed in anonymised form If this is not feasible for the research in question, pseudonymisation of data may be considered as one of the safeguards

Possibilities for Nordic cooperation Technological safeguards for cross-border research use of sensitive data are already being tried out in the Tryggve pilot project (part of Nordforsk funded Nordic E-Infrastructure Collaboration) Common legal provisions with regard to national implementation of the safeguards applicable to processing personal data for scientific research could lay part of the legal foundations for the Nordic research area e.g. with regard to ethical review and interoperable technological solutions

QUESTIONS AND COMMENTS WELCOME! THANK YOU! marjut.salokannel@sareco.fi

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback