Implementation of the Data Protection Directive in Relation to Medical Research in Europe
eBook - ePub

Implementation of the Data Protection Directive in Relation to Medical Research in Europe

  1. 488 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Implementation of the Data Protection Directive in Relation to Medical Research in Europe

About this book

The Data Protection and Medical Research in Europe: PRIVIREAL series focuses on the 'Privacy in Research Ethics and Law' EC-funded project examining the implementation of Directive 95/46/EC on data protection in relation to medical research and the role of ethics committees in European countries. The series consists of five separate volumes following the complete development of the PRIVIREAL project. This volume relates to the first stage of this project concerning the implementation of the Data Protection Directive, in particular in the area of medical research. It contains reports from 26 European countries on the implementation of the Directive, or the data protection regime, all with a specific focus on issues and questions relating to medical research. Presenting a unique resource for all those involved in data protection, medical research and their implications for each other, this title provides a valuable insight into the actual workings across Europe, including both the New Member States and the Newly Associated Member States.

Trusted byĀ 375,005 students

Access to over 1.5 million titles for a fair monthly price.

Study more efficiently using our study tools.

Information

Publisher
Routledge
Year
2017
Topic
Law
eBook ISBN
9781351155946
Subtopic
Financial Law
Index
Law

Chapter 1
Introduction

Deryck Beyleveld, SĆ©golĆØne RouillĆ©-Mirza, David Townend and Jessica Wright
This volume contains reports on the implementation of Directive 95/46/EC on data protection that were prepared for the first workshop of the EC funded 5th Framework Programme concerted action project, ā€˜Privacy in Medical Research and Lawā€™ (PRIVIREAL) (No. PL QLRT-2001-00056), which took place at the University of Sheffield from 9ā€“12 January 2003. This volume is a companion to another volume (also published by Ashgate Publishing Ltd). The companion volume contains an overview of Directive 95/46/EC on Data Protection, with special emphasis on provisions with implications for medical research, a number of papers on aspects of data protection in relation to medical research, and a report on the implementation of Directive 95/46/EC in the EU Member States and the Newly Associated States (NAS), the majority of which are now EU members, again with a special emphasis on medical research. This report was compiled from papers contained in the present volume. Reports were received from all the participating countries (see below) except Cyprus and the Slovak Republic. It is appropriate for this project to maintain the distinction between pre-2004 Member States and the group formerly known as the NAS because the duties in relation to the implementation of the Directive are different between the two groups. The term ā€˜NASā€™ is therefore used to indicate Bulgaria, the Czech Republic, Cyprus, Estonia, Hungary, Latvia, Lithuania, Malta, Poland, Romania, the Slovak Republic, and Slovenia; ā€˜EU Member Statesā€™ refers to pre-2004 Member States.

Aims of Privireal

Protection of privacy of subjects in medical research depends as much on ethics review as on data protection law, but little is known about how this interacts with the implementation of Directive 95/46/EC to protect privacy. PRIVIREAL brings together experts on relevant law and on ethics review of medical research from across all the EU Member States (except Luxembourg, which is nevertheless covered) and Norway (like Iceland and Liechtenstein, a member of the European Economic Area but not the EU, which has agreed to be bound by Directive 95/46/EC), as well as the NAS, to evaluate the interaction between implementation of the Directive and research ethics review in protecting Directive rights of research subjects, with a view to making recommendations to the Commission about how to optimise protection provided by research ethics review (taking into account the background EU and domestic legal and ethical culture/s).
To carry out these aims, PRIVIREAL has three phases. In the first phase leading to the first PRIVIREAL workshop, what the partner countries have done, or plan to do, to implement Directive 95/46/EC in relation to medical research is ascertained, and the adequacy of this is evaluated in relation to the requirements of the Directive. This volume and its companion present the results of this phase. In the second phase, which led to the second PRIVIREAL workshop (Helsinki, from 14ā€“17 August 2003), the remit and practice of ethics committees reviewing medical research (RECs) in relation to legal requirements generally and those of data protection law, in particular, were ascertained. In the third phase, which is the concern of the final PRIVIREAL workshop (Coimbra in July 2004), the protection of privacy of medical research subjects resulting from domestic implementation of Directive 95/46/EC together with the remit and practice of RECs to protect data protection rights of medical research subjects will be evaluated in the context of domestic legal and ethical culture in relation to the objectives of Directive 95/46/EC, and recommendations will be made to the European Commission about what it might do to better protect privacy of medical research subjects where protection is judged to be inadequate.

Methodology of Privireal

The primary source of data is reports (such as those contained in this volume) by experts in the partner countries. However, central to the project is a website (http://www.privireal.org). This contains relevant legislation and guidance on the topics of relevance to the project, with as much as possible being made available in translation to English as well as the original language. To assist with the second and third phases of the project, there is a questionnaire for RECs that can be completed on-line in English, French or German. There is also a public discussion forum in addition to sections that can only be accessed by the partners. The website is complementary to the published volumes, and readers of the volumes are invited to consult the website and use it actively.
The workshops have been open only to partners of PRIVIREAL. The purpose of the first two workshops was primarily to enable partners to discuss summaries and analyses of the material they submitted which form the basis of the reports prepared for the first two phases by the co-ordinating team. The purpose of the third workshop is to discuss and prepare recommendations for the European Commission. The first two workshops also provide for keynote papers given by invited partners or by persons from outside to project on controversial, but crucially important, topics for the relevant phase of the project. These papers do not represent a consensus among the partnership. They are merely the views of their authors. Only in the recommendations will concerted statements and judgments (where possible) be made.

Chapter 2
Data Protection in Austria

Helmut Ofner

Implementation of the Data Protection Directive

The drafting of the Directive on the protection of individuals with regard to the processing of personal data, and on the free movement of such data (95/46/EC Data Protection Directive)1 sparked a vigorous debate in Austria about whether the Data Protection Act from 1978, in force at the time, complied with the Directive.2 After extensive examination of this question in the literature, the Data Protection Act 2000 (Datenschutzgesetz 2000 or the DSG) was passed in 1999 to ensure implementation of the Directive.

Legal Sources

Overview

The regulation of data protection is addressed by the Datenschutzgesetz 2000, and in the data protection laws of the different Austrian States (BundesUinder). A part of the data protection law has constitutional ranking in Austria. Also, specific regulations were based on the law.

Datenschutzgesetz 2000

The Datenschutzgesetz 2000 is a Federal Act which contains constitutional and normal law. Fundamental rights The fundamental human right of data protection is set up in Ā§ 1 DSG. Not only the Austrian citizens but ā€˜everybodyā€™3 has a right to have data relating to him or her kept secret if there is an interest deserving protection (Ā§ 1 para. 1 DSG). The law rules that an interest does not deserve protection in cases where the data are commonly available, or not traceable to the individual, i.e. anonymous.4 Protection from unauthorized investigation is also derived from Ā§ 1. 5
The right to secrecy can only be impinged in the interest of the life of the subject,6 or if the subject agrees, or if there is an overruling interest of another.7 Derogations by a governmental body, in the functional sense,8 are only permissible if based on laws that are necessitated by the reasons given in Art. 8 para. 2 MRK. These laws may only permit such use of sensitive data for the sake of important public interest and must simultaneously provide for mechanisms to maintain the secrecy of the data subject.
Ā§ 1 does not inform about the permissibility of derogation by private persons. The government draft points to the executive regulations in Ā§7 and Ā§9 DSG.9
All restrictions are subject to the rule of proportionality (verhƤltnismƤƟigkeitsgebot). 10 Ā§ 1 para. 3 sets up basic rights other than the right to secrecy, namely a right to information (Z 1), rectification and erasure (Z 2). These rights too can only be limited by law under the conditions spelled out in paragraph 2 (para. 4). Section 1 para. 5 states that the Civil Court system is responsible for defence of the basic rights of data protection (except for the right to information) against private entities. For all other cases, jurisdiction is placed with a Data Protection Commission. This setting of venue is commonly regarded as giving the basic right to data protection direct legal effect. 11 Yet some maintain that the basic right to data protection, like all other fundamental rights, has only indirect effect, and thus to set up a legal claim framework between two parties there must be provisions in normal (non-constitutional) law. 12 The question as to when a legal norm establishes a subjective right was extensively discussed in relation with KAKuG (Bundesgesetz Ć¼iber Krankenanstalten und Kuranstaltenā€”a federal law dealing with hospitals and other health centres). At present, the law is certainly in the individual interest of the subject concerned. The norm sets out a venue and an agency to pursue a claim. According to Pscheidl this clearly marks the intention of the legislator to endow the subject with a subjective right.13

Legal Competence

The competence to legislate in relation to the basic right to data protection (Ā§ 1 DSG) is derived from Art. 10 para. 1 Z 1 B-VG, Bundesverfassung (Austrian Constitution).14
For this reason, legislative power in relation to the protection of personal data in automated data traffic is marked as a Federal responsibility by Ā§2 para. 1 DSG. Paragraph 2 also sets out the general Federal jurisdiction but exemptions occur for the States where they themselves, or others on their behalf, process data and no Federal Statutes assign jurisdiction to the Federal agencies. Thus, the DSG only encompasses automated data processing. For manual processing, States have to pass their own data protection laws. It seems doubtful whether the spirit of the Data Protection Directive to standardize the level of data protection is adequately expressed by having ten data protection laws in Austria. In exceptional cases, DSG 2000 can also be applied to manual data, the basis for this can be found in chapter 11 ā€˜Transitional and Final Provisionsā€™ in Ā§58. Ā§58 DSG requires that insofar as manual filing systems exist for purposes where the Federation (Bund) has jurisdiction, they are deemed to be data applications (Datenanwendungen) according to Sect. 4 sub-para. 7. This clause contains the legal definition of the term data application. Thus, Ā§58 declares certain manual applications to be automated applications, and thus subject to the non-constitutional aspects of the DSG. The dogmatic background for this construction is the idea that data protection is an annex topic, 15 which follows the main legal matter in jurisdiction. 16
In reality it is sometimes unclear which legislator has authority. This is the case for example with matters listed in Art. 12 B-VG. Here, the legislation is a matter for the Federation and the States alike. Thus, the Federal legislator is not empowered to regulate on these matters conclusively. The view that for such cases Ā§58 DSG was meant to establish a basic rule is not justified, as according to Art. 12 para. 4 B-VG, basic tenets (Grundsatzbestimmungen) must, if otherwise unconstitutional,17 always be designated as such. Therefore, one cannot assume that Ā§58 can be applied to manually processed data in matters pertaining to Art. 12 B-VG.
It has therefore rightly been remarked in the literature that accessibility and approachabil...

Table of contents

  1. Cover
  2. Half Title
  3. Title
  4. Copyright
  5. Contents
  6. List of Contributors
  7. 1 Introduction
  8. 2 Data Protection in Austria
  9. 3 Report on the Implementation of Directive 95/46/EC in Belgian Law
  10. 4 Implementation of Directive 95/46/EC in Relation to Medical Research in Bulgaria
  11. 5 Implementation of Directive 95/46/EC in the Domestic Law of the Czech Republic
  12. 6 The Implementation of Data Protection Directive 95/46/EC in Denmark
  13. 7 Personal Data Protection Regulation in Estonia and Directive 95/46/EC
  14. 8 The Implementation of EU Directive 95/46/EC and the Protection of Sensitive Health Data in Medical Research in Finland
  15. 9 Protection of the Private Life in Relation to Medical Research in French Law
  16. 10 The Implementation of the Data Protection Directive 95/46/EC in Germany
  17. 11 Report on Data Protection Law 2472/97 in Greece
  18. 12 Protection of Health Care Data in Hungarian Law
  19. 13 Implementation of Directive 95/46/EC in Relation to Medical Research in the Republic of Ireland
  20. 14 Processing of Personal Data and Medical/Scientific Research within the Framework of ltalyā€™s Legal System
  21. 15 The Implementation of Directive 95/46/EC into National Legislation with Regard to Medical Research in Latvia
  22. 16 The Implementation of Directive 95/46/EC in Relation to Medical Research in Lithuania
  23. 17 Implementation of Directive 95/46/EC and Medical Research in Luxembourg
  24. 18 The Implementation of the Data Protection Directive 1995/46/EC in Malta
  25. 19 The Implementation of the Directive 95/46/EC in Dutch Law and Medical Research
  26. 20 Implementation of the Data Protection Directive in Relation to Medical Research in Norway
  27. 21 Personal Data Protection and Medical Research in Poland
  28. 22 Report on the Implementation of Directive 95/46/EC in Relation to Medical Research in Portugal
  29. 23 The Implementation in Domestic Law of Directive 95/46/EC in Romania
  30. 24 Implementation of Directive 95/46/EC in Slovenia
  31. 25 The Implementation of Directive 95/46/EC in Spain
  32. 26 Processing of Personal Data in Swedish Health Care and Biomedical Research
  33. 27 The UKā€™s Implementation of Directive 95/46/EC
  34. Index
  35. List of Cases

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.5M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1.5 million books across 990+ topics, weā€™ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere ā€” even offline. Perfect for commutes or when youā€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Implementation of the Data Protection Directive in Relation to Medical Research in Europe by D. Townend,S. Rouille-Mirza,J. Wright,D. Beyleveld in PDF and/or ePUB format, as well as other popular books in Law & Financial Law. We have over 1.5 million books available in our catalogue for you to explore.