Advanced search
1 file | 719.29 KB Add to list
Author
Organization
Abstract
The coming-into-force of the EU General Data Protection Regulation (GDPR) is a watershed moment in the legal recognition of enforceable rights to informational self-determination. The rapid evolution of legal requirements applicable to data use, however, has the potential to outstrip the capabilities of networks of biomedical data users to respond to the shifting norms. It can also delegitimate established institutional bodies that are responsible for assessing and authorising the downstream use of data, including research ethics committees and institutional data custodians. These burdens are especially pronounced for clinical and research networks that are of transnational scale, because the legal compliance burden for outbound international data transfers from the EEA is especially high. Legislatures, courts, and regulators in the EU should therefore implement the following three legal changes. First, the responsibilities of particular actors in a data sharing network should be delimited through the contractual allocation of responsibilities between collaborators. Second, the use of data through secure data processing environments should not trigger the international transfer provisions of the GDPR. Third, the use of federated data analysis methodologies that do not provide analysis nodes or downstream users access to identifiable personal data as part of the outputs of those analyses should not be considered circumstances of joint controllership, nor lead to the users of non-identifiable data to be considered controllers or processors. These small clarifications of, or modifications to, the GDPR would facilitate the exchange of biomedical data amongst clinicians and researchers.
Keywords
Genetics (clinical), Genetics

Downloads

  • s41431-023-01403-y.pdf
    • full text (Published version)
    • |
    • open access
    • |
    • PDF
    • |
    • 719.29 KB

Citation

Please use this url to cite or link to this publication:

MLA
Bernier, Alexander, et al. “Reconciling the Biomedical Data Commons and the GDPR : Three Lessons from the EUCAN ELSI Collaboratory.” EUROPEAN JOURNAL OF HUMAN GENETICS, Springer Science and Business Media LLC, 2023, doi:10.1038/s41431-023-01403-y.
APA
Bernier, A., Molnár-Gábor, F., Knoppers, B. M., Borry, P., Cesar, P. M. D. G., Devriendt, T., … Maxwell, L. (2023). Reconciling the biomedical data commons and the GDPR : three lessons from the EUCAN ELSI collaboratory. EUROPEAN JOURNAL OF HUMAN GENETICS. https://doi.org/10.1038/s41431-023-01403-y
Chicago author-date
Bernier, Alexander, Fruzsina Molnár-Gábor, Bartha M. Knoppers, Pascal Borry, Priscilla M. D. G. Cesar, Thijs Devriendt, Melanie Goisauf, et al. 2023. “Reconciling the Biomedical Data Commons and the GDPR : Three Lessons from the EUCAN ELSI Collaboratory.” EUROPEAN JOURNAL OF HUMAN GENETICS. https://doi.org/10.1038/s41431-023-01403-y.
Chicago author-date (all authors)
Bernier, Alexander, Fruzsina Molnár-Gábor, Bartha M. Knoppers, Pascal Borry, Priscilla M. D. G. Cesar, Thijs Devriendt, Melanie Goisauf, Madeleine Murtagh, Pilar Nicolás Jiménez, Mikel Recuero, Emmanuelle Rial-Sebbag, Mahsa Shabani, Rebecca C. Wilson, Davide Zaccagnini, and Lauren Maxwell. 2023. “Reconciling the Biomedical Data Commons and the GDPR : Three Lessons from the EUCAN ELSI Collaboratory.” EUROPEAN JOURNAL OF HUMAN GENETICS. doi:10.1038/s41431-023-01403-y.
Vancouver
1.
Bernier A, Molnár-Gábor F, Knoppers BM, Borry P, Cesar PMDG, Devriendt T, et al. Reconciling the biomedical data commons and the GDPR : three lessons from the EUCAN ELSI collaboratory. EUROPEAN JOURNAL OF HUMAN GENETICS. 2023;
IEEE
[1]
A. Bernier et al., “Reconciling the biomedical data commons and the GDPR : three lessons from the EUCAN ELSI collaboratory,” EUROPEAN JOURNAL OF HUMAN GENETICS, 2023.
@article{01H32T9M0SDGB00KQ6GFYJJHB6,
  abstract     = {{The coming-into-force of the EU General Data Protection Regulation (GDPR) is a watershed moment in the legal recognition of enforceable rights to informational self-determination. The rapid evolution of legal requirements applicable to data use, however, has the potential to outstrip the capabilities of networks of biomedical data users to respond to the shifting norms. It can also delegitimate established institutional bodies that are responsible for assessing and authorising the downstream use of data, including research ethics committees and institutional data custodians. These burdens are especially pronounced for clinical and research networks that are of transnational scale, because the legal compliance burden for outbound international data transfers from the EEA is especially high. Legislatures, courts, and regulators in the EU should therefore implement the following three legal changes. First, the responsibilities of particular actors in a data sharing network should be delimited through the contractual allocation of responsibilities between collaborators. Second, the use of data through secure data processing environments should not trigger the international transfer provisions of the GDPR. Third, the use of federated data analysis methodologies that do not provide analysis nodes or downstream users access to identifiable personal data as part of the outputs of those analyses should not be considered circumstances of joint controllership, nor lead to the users of non-identifiable data to be considered controllers or processors. These small clarifications of, or modifications to, the GDPR would facilitate the exchange of biomedical data amongst clinicians and researchers.}},
  author       = {{Bernier, Alexander and Molnár-Gábor, Fruzsina and Knoppers, Bartha M. and Borry, Pascal and Cesar, Priscilla M. D. G. and Devriendt, Thijs and Goisauf, Melanie and Murtagh, Madeleine and Jiménez, Pilar Nicolás and Recuero, Mikel and Rial-Sebbag, Emmanuelle and Shabani, Mahsa and Wilson, Rebecca C. and Zaccagnini, Davide and Maxwell, Lauren}},
  issn         = {{1018-4813}},
  journal      = {{EUROPEAN JOURNAL OF HUMAN GENETICS}},
  keywords     = {{Genetics (clinical),Genetics}},
  language     = {{eng}},
  pages        = {{8}},
  publisher    = {{Springer Science and Business Media LLC}},
  title        = {{Reconciling the biomedical data commons and the GDPR : three lessons from the EUCAN ELSI collaboratory}},
  url          = {{http://doi.org/10.1038/s41431-023-01403-y}},
  year         = {{2023}},
}

Altmetric
View in Altmetric
Web of Science
Times cited: