eBook - ePub
Implementation of the Data Protection Directive in Relation to Medical Research in Europe
D. Townend, S. Rouille-Mirza, J. Wright, D. Beyleveld
This is a test
Share book
- 488 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Implementation of the Data Protection Directive in Relation to Medical Research in Europe
D. Townend, S. Rouille-Mirza, J. Wright, D. Beyleveld
Book details
Book preview
Table of contents
Citations
About This Book
The Data Protection and Medical Research in Europe: PRIVIREAL series focuses on the 'Privacy in Research Ethics and Law' EC-funded project examining the implementation of Directive 95/46/EC on data protection in relation to medical research and the role of ethics committees in European countries. The series consists of five separate volumes following the complete development of the PRIVIREAL project. This volume relates to the first stage of this project concerning the implementation of the Data Protection Directive, in particular in the area of medical research. It contains reports from 26 European countries on the implementation of the Directive, or the data protection regime, all with a specific focus on issues and questions relating to medical research. Presenting a unique resource for all those involved in data protection, medical research and their implications for each other, this title provides a valuable insight into the actual workings across Europe, including both the New Member States and the Newly Associated Member States.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Implementation of the Data Protection Directive in Relation to Medical Research in Europe an online PDF/ePUB?
Yes, you can access Implementation of the Data Protection Directive in Relation to Medical Research in Europe by D. Townend, S. Rouille-Mirza, J. Wright, D. Beyleveld in PDF and/or ePUB format, as well as other popular books in Law & Law Theory & Practice. We have over one million books available in our catalogue for you to explore.
Chapter 1
Introduction
This volume contains reports on the implementation of Directive 95/46/EC on data protection that were prepared for the first workshop of the EC funded 5th Framework Programme concerted action project, âPrivacy in Medical Research and Lawâ (PRIVIREAL) (No. PL QLRT-2001-00056), which took place at the University of Sheffield from 9â12 January 2003. This volume is a companion to another volume (also published by Ashgate Publishing Ltd). The companion volume contains an overview of Directive 95/46/EC on Data Protection, with special emphasis on provisions with implications for medical research, a number of papers on aspects of data protection in relation to medical research, and a report on the implementation of Directive 95/46/EC in the EU Member States and the Newly Associated States (NAS), the majority of which are now EU members, again with a special emphasis on medical research. This report was compiled from papers contained in the present volume. Reports were received from all the participating countries (see below) except Cyprus and the Slovak Republic. It is appropriate for this project to maintain the distinction between pre-2004 Member States and the group formerly known as the NAS because the duties in relation to the implementation of the Directive are different between the two groups. The term âNASâ is therefore used to indicate Bulgaria, the Czech Republic, Cyprus, Estonia, Hungary, Latvia, Lithuania, Malta, Poland, Romania, the Slovak Republic, and Slovenia; âEU Member Statesâ refers to pre-2004 Member States.
Aims of Privireal
Protection of privacy of subjects in medical research depends as much on ethics review as on data protection law, but little is known about how this interacts with the implementation of Directive 95/46/EC to protect privacy. PRIVIREAL brings together experts on relevant law and on ethics review of medical research from across all the EU Member States (except Luxembourg, which is nevertheless covered) and Norway (like Iceland and Liechtenstein, a member of the European Economic Area but not the EU, which has agreed to be bound by Directive 95/46/EC), as well as the NAS, to evaluate the interaction between implementation of the Directive and research ethics review in protecting Directive rights of research subjects, with a view to making recommendations to the Commission about how to optimise protection provided by research ethics review (taking into account the background EU and domestic legal and ethical culture/s).
To carry out these aims, PRIVIREAL has three phases. In the first phase leading to the first PRIVIREAL workshop, what the partner countries have done, or plan to do, to implement Directive 95/46/EC in relation to medical research is ascertained, and the adequacy of this is evaluated in relation to the requirements of the Directive. This volume and its companion present the results of this phase. In the second phase, which led to the second PRIVIREAL workshop (Helsinki, from 14â17 August 2003), the remit and practice of ethics committees reviewing medical research (RECs) in relation to legal requirements generally and those of data protection law, in particular, were ascertained. In the third phase, which is the concern of the final PRIVIREAL workshop (Coimbra in July 2004), the protection of privacy of medical research subjects resulting from domestic implementation of Directive 95/46/EC together with the remit and practice of RECs to protect data protection rights of medical research subjects will be evaluated in the context of domestic legal and ethical culture in relation to the objectives of Directive 95/46/EC, and recommendations will be made to the European Commission about what it might do to better protect privacy of medical research subjects where protection is judged to be inadequate.
Methodology of Privireal
The primary source of data is reports (such as those contained in this volume) by experts in the partner countries. However, central to the project is a website (http://www.privireal.org). This contains relevant legislation and guidance on the topics of relevance to the project, with as much as possible being made available in translation to English as well as the original language. To assist with the second and third phases of the project, there is a questionnaire for RECs that can be completed on-line in English, French or German. There is also a public discussion forum in addition to sections that can only be accessed by the partners. The website is complementary to the published volumes, and readers of the volumes are invited to consult the website and use it actively.
The workshops have been open only to partners of PRIVIREAL. The purpose of the first two workshops was primarily to enable partners to discuss summaries and analyses of the material they submitted which form the basis of the reports prepared for the first two phases by the co-ordinating team. The purpose of the third workshop is to discuss and prepare recommendations for the European Commission. The first two workshops also provide for keynote papers given by invited partners or by persons from outside to project on controversial, but crucially important, topics for the relevant phase of the project. These papers do not represent a consensus among the partnership. They are merely the views of their authors. Only in the recommendations will concerted statements and judgments (where possible) be made.
Chapter 2
Data Protection in Austria
Implementation of the Data Protection Directive
The drafting of the Directive on the protection of individuals with regard to the processing of personal data, and on the free movement of such data (95/46/EC Data Protection Directive)1 sparked a vigorous debate in Austria about whether the Data Protection Act from 1978, in force at the time, complied with the Directive.2 After extensive examination of this question in the literature, the Data Protection Act 2000 (Datenschutzgesetz 2000 or the DSG) was passed in 1999 to ensure implementation of the Directive.
Legal Sources
Overview
The regulation of data protection is addressed by the Datenschutzgesetz 2000, and in the data protection laws of the different Austrian States (BundesUinder). A part of the data protection law has constitutional ranking in Austria. Also, specific regulations were based on the law.
Datenschutzgesetz 2000
The Datenschutzgesetz 2000 is a Federal Act which contains constitutional and normal law. Fundamental rights The fundamental human right of data protection is set up in § 1 DSG. Not only the Austrian citizens but âeverybodyâ3 has a right to have data relating to him or her kept secret if there is an interest deserving protection (§ 1 para. 1 DSG). The law rules that an interest does not deserve protection in cases where the data are commonly available, or not traceable to the individual, i.e. anonymous.4 Protection from unauthorized investigation is also derived from § 1. 5
The right to secrecy can only be impinged in the interest of the life of the subject,6 or if the subject agrees, or if there is an overruling interest of another.7 Derogations by a governmental body, in the functional sense,8 are only permissible if based on laws that are necessitated by the reasons given in Art. 8 para. 2 MRK. These laws may only permit such use of sensitive data for the sake of important public interest and must simultaneously provide for mechanisms to maintain the secrecy of the data subject.
§ 1 does not inform about the permissibility of derogation by private persons. The government draft points to the executive regulations in §7 and §9 DSG.9
All restrictions are subject to the rule of proportionality (verhĂ€ltnismĂ€Ăigkeitsgebot). 10 § 1 para. 3 sets up basic rights other than the right to secrecy, namely a right to information (Z 1), rectification and erasure (Z 2). These rights too can only be limited by law under the conditions spelled out in paragraph 2 (para. 4). Section 1 para. 5 states that the Civil Court system is responsible for defence of the basic rights of data protection (except for the right to information) against private entities. For all other cases, jurisdiction is placed with a Data Protection Commission. This setting of venue is commonly regarded as giving the basic right to data protection direct legal effect. 11 Yet some maintain that the basic right to data protection, like all other fundamental rights, has only indirect effect, and thus to set up a legal claim framework between two parties there must be provisions in normal (non-constitutional) law. 12 The question as to when a legal norm establishes a subjective right was extensively discussed in relation with KAKuG (Bundesgesetz ĂŒiber Krankenanstalten und Kuranstaltenâa federal law dealing with hospitals and other health centres). At present, the law is certainly in the individual interest of the subject concerned. The norm sets out a venue and an agency to pursue a claim. According to Pscheidl this clearly marks the intention of the legislator to endow the subject with a subjective right.13
Legal Competence
The competence to legislate in relation to the basic right to data protection (§ 1 DSG) is derived from Art. 10 para. 1 Z 1 B-VG, Bundesverfassung (Austrian Constitution).14
For this reason, legislative power in relation to the protection of personal data in automated data traffic is marked as a Federal responsibility by §2 para. 1 DSG. Paragraph 2 also sets out the general Federal jurisdiction but exemptions occur for the States where they themselves, or others on their behalf, process data and no Federal Statutes assign jurisdiction to the Federal agencies. Thus, the DSG only encompasses automated data processing. For manual processing, States have to pass their own data protection laws. It seems doubtful whether the spirit of the Data Protection Directive to standardize the level of data protection is adequately expressed by having ten data protection laws in Austria. In exceptional cases, DSG 2000 can also be applied to manual data, the basis for this can be found in chapter 11 âTransitional and Final Provisionsâ in §58. §58 DSG requires that insofar as manual filing systems exist for purposes where the Federation (Bund) has jurisdiction, they are deemed to be data applications (Datenanwendungen) according to Sect. 4 sub-para. 7. This clause contains the legal definition of the term data application. Thus, §58 declares certain manual applications to be automated applications, and thus subject to the non-constitutional aspects of the DSG. The dogmatic background for this construction is the idea that data protection is an annex topic, 15 which follows the main legal matter in jurisdiction. 16
In reality it is sometimes unclear which legislator has authority. This is the case for example with matters listed in Art. 12 B-VG. Here, the legislation is a matter for the Federation and the States alike. Thus, the Federal legislator is not empowered to regulate on these matters conclusively. The view that for such cases §58 DSG was meant to establish a basic rule is not justified, as according to Art. 12 para. 4 B-VG, basic tenets (Grundsatzbestimmungen) must, if otherwise unconstitutional,17 always be designated as such. Therefore, one cannot assume that §58 can be applied to manually processed data in matters pertaining to Art. 12 B-VG.
It has therefore rightly been remarked in the literature that accessibility and approachabil...