School of Law, University of Sheffield, Bartolome House, Winter Street, Sheffield, UK.
Br Med Bull. 2018 Dec 1;128(1):109-118. doi: 10.1093/bmb/ldy038.
On the May 25, 2018 the General Data Protection Regulation (hereafter the GDPR or the Regulation) came into force, replacing the Data Protection Directive 95/46/EC (upon which the Data Protection Act 1998 is based), and imposing new responsibilities on organizations which process the data of European Union citizens.
This piece examines the impact of the Regulation on health research.
The Regulation seeks to harmonize data privacy laws across Europe, to protect and empower all EU citizen's data privacy and to reshape the way that organizations approach data privacy (See the GDPR portal at: https://www.eugdpr.org/ (accessed 8 May 2018). As a Regulation the GDPR is directly applicable in all member states as opposed to a directive which requires national implementing measures (In the UK the Data Protection Act 1998 was the implementing legislation for the Data Protection Directive 95/46/EC.).
The Regulation is sector wide, but its impact on organizations us sector specific. In some sectors, the Regulation inhibits the processing of personal data, whilst in others it enables that processing. The Regulation takes the position that the 'processing of data should be designed to serve mankind' (Recital 4). Whilst it does not spell out what exactly is meant by this, it indicates that a proportionate approach will be taken to the protection of personal data, where that data can be processed for common goods such as healthcare. Thus, the protection of personal data is not absolute, but considered in relation to its function in society and balance with other fundamental rights in accordance with the principle of proportionality (Recital 4). Differing interpretations of proportionality can detract from the harmonization objective of the Regulation.
Reflecting the commitment to proportionality, scientific research holds a privileged position in the Regulation. Throughout the Regulation provision is made for organizations that process personal data for scientific research purposes to avoid restrictive measures which might impede the increase of knowledge. However, the application of the Regulation differs across health research sectors and across jurisdictions. Transparency and engagement across the health research sector is required to promote alignment.
Research which focuses on the particular problems which arise in the context of the regulation's application to health research would be welcome. Particularly in the context of the operation of the Regulation alongside the duty of confidentiality and the variation in approaches across Member States.
2018 年 5 月 25 日,《通用数据保护条例》(以下简称 GDPR 或条例)生效,取代了《数据保护指令 95/46/EC》(英国 1998 年的数据保护法案就是以此为基础),并对处理欧盟公民数据的组织施加了新的责任。
本文研究了该条例对健康研究的影响。
该条例旨在协调欧洲各地的数据隐私法,保护和增强所有欧盟公民的数据隐私,并重塑组织处理数据隐私的方式(参见 GDPR 门户网站:https://www.eugdpr.org/(访问日期:2018 年 5 月 8 日)。作为一项条例,GDPR 在所有成员国直接适用,而指令则需要国家实施措施(在英国,1998 年的数据保护法案是 95/46/EC 数据保护指令的实施立法)。
该条例是全面的,但对组织的影响是特定于部门的。在某些部门,该条例禁止处理个人数据,而在其他部门则允许处理。该条例采取的立场是,“数据的处理应该服务于人类”(第 4 段)。虽然它没有具体说明这意味着什么,但它表明,将采取相称的方法来保护个人数据,在这些数据可以为共同利益(如医疗保健)处理的情况下。因此,对个人数据的保护不是绝对的,而是根据相称性原则,根据其在社会中的功能及其与其他基本权利的平衡来考虑(第 4 段)。相称性的不同解释可能会影响条例的协调目标。
反映相称性的承诺,科学研究在条例中占据着特殊地位。在整个条例中,为处理个人数据用于科学研究目的的组织提供了规定,以避免可能阻碍知识增长的限制措施。然而,条例在不同的健康研究部门和司法管辖区的应用有所不同。需要在整个健康研究领域进行透明度和参与,以促进协调。
欢迎关注条例适用于健康研究的背景下出现的特定问题的研究。特别是在条例与保密义务一并运作以及成员国之间方法差异的背景下。
