eBook - ePub
The Data Protection Directive and Medical Research Across Europe
D. Townend, J. Wright, D. Beyleveld, D. Beyleveld
This is a test
Share book
- 264 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
The Data Protection Directive and Medical Research Across Europe
D. Townend, J. Wright, D. Beyleveld, D. Beyleveld
Book details
Book preview
Table of contents
Citations
About This Book
The Data Protection and Medical Research in Europe: PRIVIREAL series focuses on the 'Privacy in Research Ethics and Law' EC-funded project examining the implementation of Directive 95/46/EC on data protection in relation to medical research and the role of ethics committees in European countries. The series consists of five separate volumes following the complete development of the PRIVIREAL project. This volume relates to the first stage of the project regarding the implementation of the Data Protection Directive, in particular in the area of medical research. It contains an introduction and overview of this topic, keynote papers addressing specific questions on the subject, and a report on both the general implementation of the Directive and the implementation in relation to medical research in 26 European countries. The book will be invaluable for those people with an interest in data protection, medical research and their implications for each other. It lays open the actual situation across Europe, including both New Member States and Newly Associated Member States.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is The Data Protection Directive and Medical Research Across Europe an online PDF/ePUB?
Yes, you can access The Data Protection Directive and Medical Research Across Europe by D. Townend, J. Wright, D. Beyleveld, D. Beyleveld in PDF and/or ePUB format, as well as other popular books in Jura & Zivilverfahren. We have over one million books available in our catalogue for you to explore.
Information
PART I
INTRODUCTION AND KEYNOTE PAPERS
Chapter 1
Introduction
The papers in this volume contain keynote papers given at the first workshop of the EC funded 5 th Framework Programme concerted action project, âPrivacy in Medical Research and Lawâ (PRIVIREAL) (PL QLRT-2001-00056), which took place at the University of Sheffield from 9-12 January 2003. The volume also contains an overview of Directive 95/46/EC on Data Protection, with special emphasis on provisions with implications for medical research, and a report on the implementation of this Directive in the EU Member States and the Newly Associated States (NAS), the majority of which are now EU members, again with special emphasis on medical research. This report was compiled from papers prepared by experts in the countries concerned who are partners in the PRIVIREAL project (with the exception of Cyprus and the Slovak Republic, on which information was not received). These papers are published in a separate volume. It is appropriate for this project to maintain the distinction between pre- 2004 Member States and the group formerly known as the NAS because the duties in relation to the implementation of the Directive are different between the two groups. The term âNASâ is therefore used to indicate Bulgaria, the Czech Republic, Cyprus, Estonia, Hungary, Latvia, Lithuania, Malta, Poland, Romania, the Slovak Republic, and Slovenia; âEU Member Statesâ refers to pre-2004 Member States.
Aims of PRIVIREAL
Protection of privacy of subjects in medical research depends as much on ethics review as on data protection law, but little is known about how this interacts with implementation of Directive 95/46/EC to protect privacy. PRIVIREAL brings together experts on relevant law and on ethics review of medical research from across all the EU Member States (except Luxembourg, which is nevertheless covered) and Norway (like Iceland and Liechtenstein, a member of the European Economic Area but not the EU, but which has agreed to be bound by Directive 95/46/EC) as well as the NAS, to evaluate the interaction between implementation of the Directive and research ethics review in protecting Directive rights of research subjects, with a view to making recommendations to the Commission about how to optimize the protection provided by research ethics review (taking into account the background EU and domestic legal and ethical culture/s).
To carry out these aims, PRIVIREAL has three phases. In the first phase, leading to the first PRIVIREAL workshop, what the partner countries have done, or plan to do, to implement Directive 95/46/EC in relation to medical research is ascertained, and the adequacy of this is evaluated in relation to the requirements of the Directive. This volume and its companion present the results of this phase. In the second phase, which led to the second PRIVIREAL workshop (Helsinki from 14-17 August 2003), the remit and practice of ethics committees reviewing medical research (RECs) in relation to legal requirements generally and those of data protection law, in particular, were ascertained. In the third phase, which is the concern of the final PRIVIREAL workshop (Coimbra in July 2004), the protection of privacy of medical research subjects resulting from domestic implementation of Directive 95/46/EC together with the remit and practice of RECs to protect data protection rights of medical research subjects will be evaluated in the context of domestic legal and ethical culture in relation to the objectives of Directive 95/46/EC, and recommendations will be made to the European Commission about what it might do to better protect privacy of medical research subjects where protection is judged to be inadequate. The results of the second and third phases will also be published by Ashgate Publishing Ltd.
Methodology of PRIVIREAL
The primary source of data is reports by experts in the partner countries. However, central to the project is a website (http://www.privireal.org. This contains relevant legislation and guidance on the topics of relevance to the project, with as much as possible being made available in translation to English as well as the original language. To assist with the second and third phases of the project, there is a questionnaire for RECs that can be completed on-line in English, French or German. There is also a public discussion forum in addition to sections that can only be accessed by the partners. The website is complementary to the published volumes, and readers of the volumes are invited to consult the website and use it actively.
The workshops have been only open to partners of PRIVIREAL. The purpose of the first two workshops was primarily to enable partners to discuss summaries and analyses of the material they submitted which form the basis of the reports prepared for the first two phases by the co-ordinating team. The purpose of the third workshop is to discuss and prepare recommendations for the European Commission. The first two workshops also provide for keynote papers given by invited partners or by persons from outside to discuss controversial, but crucially important, topics for the relevant phase of the project. These papers do not represent a consensus among the partnership. They are merely the views of their authors. Only in the recommendations will concerted statements and judgments (where possible) be made.
Chapter 2
An Overview of Directive 95/46/EC in Relation to Medical Research
Introduction
This chapter outlines the provisions of Directive 95/46/EC with the use of personal data for medical research centrally in mind. The Directive makes no specific mention of medical research and, consequently, it contains no provisions for medical research as an explicitly delineated category. However, at times, the Directive refers to medical purposes (though medical research is not explicitly listed under this category) and there are provisions relating to the use of data relating to a personâs health. It also refers to the use of personal data for scientific research or statistics. Consequently, this overview is an analytic construction from these related provisions together with any other of the Directiveâs provisions that could apply to medical research, including those of a wholly general nature that apply to any processing of personal data.
The overview that follows represents my personal view, rather than the collective view of the participants in the PRIVIREAL project. It is presented here for the benefit of the general reader and also because it might assist in understanding the questions that participants were asked to address for the purpose of gathering the information for the comparative analysis presented in Chapters 10 and 11.
Objective of the Directive
The purpose of Directive 95/46/EC is to enable the free flow of personal data from one European Union (EU) Member State to another for the purposes of the internal market by ensuring that fundamental rights and freedoms of individuals (in particular, privacy) are safeguarded (see Recitals 3 and 10 and Article 1(1)) and a high level of equivalent protection of these rights and freedoms is ensured in all the Member States (see Recitals 7 and 8). The Directive gives substance to and amplifies the fundamental rights and freedoms contained in the Council of Europe Convention of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data (see Recital 11). Since at least the Second Nold Case (Case-4/73) [1974] E.C.R. 507, the European Court of Justice (ECJ) has recognized, at least in principle, that violation of fundamental rights as fundamental principles of EC law (in which are included the fundamental rights and freedoms of the European Convention on Human Rights (ECHR) of the Council of Europe [which is alluded to in Recital 10]), is sufficient to invalidate at least secondary Community Acts.2 However, despite the fact that a commitment to fundamental rights and freedoms has subsequently been enshrined in Article 6 of the Treaty of European Union (the Treaty of Maastrichtâ), it must not be forgotten that the EU does not have competence to legislate for fundamental rights and freedoms for their own sakes. The legal basis of EC law generally lies in the aim of constructing a single European market (and the legal basis of the Directive lies specifically in the aspect of the single market referred to as âthe internal marketâ). Thus, the competence of the EU to legislate to protect fundamental freedoms and rights only arises for the reason that this protection is deemed necessary for achieving the purposes of the single market. For this reason (as well as for the reason that the Directive is concerned in its attention to fundamental rights and freedoms not only to protect privacy but all fundamental rights and freedoms to the extent that they may be interfered with in the use of personal data)3 it can be misleading to refer, as is often done, to the Directive as âthe Privacy Directiveâ.
Article 1(2) asserts that Member States shall not restrict or prohibit the free flow of personal data between themselves for reasons connected with the protection of fundamental rights and freedoms. However, this does not mean that the Directive is essentially concerned with legislating a balance between fundamental rights and freedoms and economic objectives of the internal market (let alone that the purpose of free flow between Member States overrides all considerations of fundamental rights and freedoms). Instead, adequate safeguarding of fundamental rights and freedoms must be viewed as a condition of the free flow of personal data, in line with which Article 1(2) signifies, primarily, that if a Member State (A) implements the Directive correctly then another Member State (B) may not restrict or prohibit the flow of personal data from B to A because B does not consider the level of protection for fundamental rights and freedoms provided by Aâs implementation to be adequate (see Recital 9). Presumably, it also means that if B does not consider that A provides the protection required by the Directive, then B may not restrict or prohibit the flow of personal data from B to A on that ground either (but should refer the matter to the Commission or the ECJ). This, however, is not to say that the Directive is not concerned with a balance between economic objectives and the protection of fundamental rights and freedoms. However, such a balance is best viewed, in my opinion, as âinternalâ to the activity of protecting fundamental rights and freedoms rather than as signifying a conflict between the protection of fundamental rights and freedoms as such and other factors. This is because to view the matter âinternallyâ is to observe that, e.g., Article 8(1) (the right to private and family life) of the ECHR may be derogated from in terms laid down by Article 8(2) ECHR, and relevant considerations include the economic well-being of the country, and may include economic objectives more generally to the extent that they serve, e.g., the fundamental rights and freedoms of others, or the public interest. To view the matter âexternallyâ, on the other hand, requires the objectives of the internal market to be seen as in conflict with the entire framework set up by, e.g., Article 8(1) together with Article 8(2), which is both unnecessary and not consistent with the concept of a fundamental right or freedom.
Definition of Personal Data and Scope of the Directive
The Directive defines personal data as any information relating to an identified or identifiable natural person (âdata subjectâ) (see Article 2(a); Recital 26), and this includes âsound and image data relating to natural personsâ (see Recital 14). An identifiable person is, in turn, defined as a person who can be identified directly or indirectly from the data in conjunction with other factors (see Article 2(a)) âlikely reasonably to be usedâ by any person (see Recital 26âwhich also specifies that codes of conduct under Article 27 may provide guidance about when data have been rendered anonymous).
Recital 26 states that the principles of data protection (see below) apply to all personal data (within the scope of the Directive), but that they do not apply to data that have been rendered anonymous so as to render the data subject no longer identifiable (i.e. that has rendered the data non-personal). That data remains personal if any person is reasonably likely to be able to identify the data, seems to imply that data are not to be considered anonymous for the purposes of processing by a data controller (whom Article 2(d) defines as any person or body (private or public) that individually or jointly determines the purposes and means of pro...