eBook - ePub

Implementation of the Data Protection Directive in Relation to Medical Research in Europe

Name: Implementation of the Data Protection Directive in Relation to Medical Research in Europe
Author: D. Townend, S. Rouille-Mirza, J. Wright, D. Beyleveld

D. Townend, S. Rouille-Mirza, J. Wright, D. Beyleveld

Partager le livre

488 pages
English
ePUB (adapté aux mobiles)
Disponible sur iOS et Android

eBook - ePub

Implementation of the Data Protection Directive in Relation to Medical Research in Europe

D. Townend, S. Rouille-Mirza, J. Wright, D. Beyleveld

Détails du livre

Aperçu du livre

Table des matières

Citations

À propos de ce livre

The Data Protection and Medical Research in Europe: PRIVIREAL series focuses on the 'Privacy in Research Ethics and Law' EC-funded project examining the implementation of Directive 95/46/EC on data protection in relation to medical research and the role of ethics committees in European countries. The series consists of five separate volumes following the complete development of the PRIVIREAL project. This volume relates to the first stage of this project concerning the implementation of the Data Protection Directive, in particular in the area of medical research. It contains reports from 26 European countries on the implementation of the Directive, or the data protection regime, all with a specific focus on issues and questions relating to medical research. Presenting a unique resource for all those involved in data protection, medical research and their implications for each other, this title provides a valuable insight into the actual workings across Europe, including both the New Member States and the Newly Associated Member States.

Foire aux questions

Comment puis-je résilier mon abonnement ?

Il vous suffit de vous rendre dans la section compte dans paramètres et de cliquer sur « Résilier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez résilié votre abonnement, il restera actif pour le reste de la période pour laquelle vous avez payé. Découvrez-en plus ici.

Puis-je / comment puis-je télécharger des livres ?

Pour le moment, tous nos livres en format ePub adaptés aux mobiles peuvent être téléchargés via l’application. La plupart de nos PDF sont également disponibles en téléchargement et les autres seront téléchargeables très prochainement. Découvrez-en plus ici.

Quelle est la différence entre les formules tarifaires ?

Les deux abonnements vous donnent un accès complet à la bibliothèque et à toutes les fonctionnalités de Perlego. Les seules différences sont les tarifs ainsi que la période d’abonnement : avec l’abonnement annuel, vous économiserez environ 30 % par rapport à 12 mois d’abonnement mensuel.

Qu’est-ce que Perlego ?

Nous sommes un service d’abonnement à des ouvrages universitaires en ligne, où vous pouvez accéder à toute une bibliothèque pour un prix inférieur à celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! Découvrez-en plus ici.

Prenez-vous en charge la synthèse vocale ?

Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte à haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accélérer ou le ralentir. Découvrez-en plus ici.

Est-ce que Implementation of the Data Protection Directive in Relation to Medical Research in Europe est un PDF/ePUB en ligne ?

Oui, vous pouvez accéder à Implementation of the Data Protection Directive in Relation to Medical Research in Europe par D. Townend, S. Rouille-Mirza, J. Wright, D. Beyleveld en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Law et Law Theory & Practice. Nous disposons de plus d’un million d’ouvrages à découvrir dans notre catalogue.

Informations

Éditeur

Routledge

Année

2017

ISBN

9781351155946

Édition

Sujet

Law

Sous-sujet

Law Theory & Practice

Chapter 1
Introduction

Deryck Beyleveld, Ségolène Rouillé-Mirza, David Townend and Jessica Wright

This volume contains reports on the implementation of Directive 95/46/EC on data protection that were prepared for the first workshop of the EC funded 5th Framework Programme concerted action project, ‘Privacy in Medical Research and Law’ (PRIVIREAL) (No. PL QLRT-2001-00056), which took place at the University of Sheffield from 9–12 January 2003. This volume is a companion to another volume (also published by Ashgate Publishing Ltd). The companion volume contains an overview of Directive 95/46/EC on Data Protection, with special emphasis on provisions with implications for medical research, a number of papers on aspects of data protection in relation to medical research, and a report on the implementation of Directive 95/46/EC in the EU Member States and the Newly Associated States (NAS), the majority of which are now EU members, again with a special emphasis on medical research. This report was compiled from papers contained in the present volume. Reports were received from all the participating countries (see below) except Cyprus and the Slovak Republic. It is appropriate for this project to maintain the distinction between pre-2004 Member States and the group formerly known as the NAS because the duties in relation to the implementation of the Directive are different between the two groups. The term ‘NAS’ is therefore used to indicate Bulgaria, the Czech Republic, Cyprus, Estonia, Hungary, Latvia, Lithuania, Malta, Poland, Romania, the Slovak Republic, and Slovenia; ‘EU Member States’ refers to pre-2004 Member States.

Aims of Privireal

Protection of privacy of subjects in medical research depends as much on ethics review as on data protection law, but little is known about how this interacts with the implementation of Directive 95/46/EC to protect privacy. PRIVIREAL brings together experts on relevant law and on ethics review of medical research from across all the EU Member States (except Luxembourg, which is nevertheless covered) and Norway (like Iceland and Liechtenstein, a member of the European Economic Area but not the EU, which has agreed to be bound by Directive 95/46/EC), as well as the NAS, to evaluate the interaction between implementation of the Directive and research ethics review in protecting Directive rights of research subjects, with a view to making recommendations to the Commission about how to optimise protection provided by research ethics review (taking into account the background EU and domestic legal and ethical culture/s).

To carry out these aims, PRIVIREAL has three phases. In the first phase leading to the first PRIVIREAL workshop, what the partner countries have done, or plan to do, to implement Directive 95/46/EC in relation to medical research is ascertained, and the adequacy of this is evaluated in relation to the requirements of the Directive. This volume and its companion present the results of this phase. In the second phase, which led to the second PRIVIREAL workshop (Helsinki, from 14–17 August 2003), the remit and practice of ethics committees reviewing medical research (RECs) in relation to legal requirements generally and those of data protection law, in particular, were ascertained. In the third phase, which is the concern of the final PRIVIREAL workshop (Coimbra in July 2004), the protection of privacy of medical research subjects resulting from domestic implementation of Directive 95/46/EC together with the remit and practice of RECs to protect data protection rights of medical research subjects will be evaluated in the context of domestic legal and ethical culture in relation to the objectives of Directive 95/46/EC, and recommendations will be made to the European Commission about what it might do to better protect privacy of medical research subjects where protection is judged to be inadequate.

Methodology of Privireal

The primary source of data is reports (such as those contained in this volume) by experts in the partner countries. However, central to the project is a website (http://www.privireal.org). This contains relevant legislation and guidance on the topics of relevance to the project, with as much as possible being made available in translation to English as well as the original language. To assist with the second and third phases of the project, there is a questionnaire for RECs that can be completed on-line in English, French or German. There is also a public discussion forum in addition to sections that can only be accessed by the partners. The website is complementary to the published volumes, and readers of the volumes are invited to consult the website and use it actively.

The workshops have been open only to partners of PRIVIREAL. The purpose of the first two workshops was primarily to enable partners to discuss summaries and analyses of the material they submitted which form the basis of the reports prepared for the first two phases by the co-ordinating team. The purpose of the third workshop is to discuss and prepare recommendations for the European Commission. The first two workshops also provide for keynote papers given by invited partners or by persons from outside to project on controversial, but crucially important, topics for the relevant phase of the project. These papers do not represent a consensus among the partnership. They are merely the views of their authors. Only in the recommendations will concerted statements and judgments (where possible) be made.

Chapter 2
Data Protection in Austria

Helmut Ofner

Implementation of the Data Protection Directive

The drafting of the Directive on the protection of individuals with regard to the processing of personal data, and on the free movement of such data (95/46/EC Data Protection Directive)¹ sparked a vigorous debate in Austria about whether the Data Protection Act from 1978, in force at the time, complied with the Directive.² After extensive examination of this question in the literature, the Data Protection Act 2000 (Datenschutzgesetz 2000 or the DSG) was passed in 1999 to ensure implementation of the Directive.

Legal Sources

Overview

The regulation of data protection is addressed by the Datenschutzgesetz 2000, and in the data protection laws of the different Austrian States (BundesUinder). A part of the data protection law has constitutional ranking in Austria. Also, specific regulations were based on the law.

Datenschutzgesetz 2000

The Datenschutzgesetz 2000 is a Federal Act which contains constitutional and normal law. Fundamental rights The fundamental human right of data protection is set up in § 1 DSG. Not only the Austrian citizens but ‘everybody’³ has a right to have data relating to him or her kept secret if there is an interest deserving protection (§ 1 para. 1 DSG). The law rules that an interest does not deserve protection in cases where the data are commonly available, or not traceable to the individual, i.e. anonymous.⁴ Protection from unauthorized investigation is also derived from § 1. ⁵

The right to secrecy can only be impinged in the interest of the life of the subject,⁶ or if the subject agrees, or if there is an overruling interest of another.⁷ Derogations by a governmental body, in the functional sense,⁸ are only permissible if based on laws that are necessitated by the reasons given in Art. 8 para. 2 MRK. These laws may only permit such use of sensitive data for the sake of important public interest and must simultaneously provide for mechanisms to maintain the secrecy of the data subject.

§ 1 does not inform about the permissibility of derogation by private persons. The government draft points to the executive regulations in §7 and §9 DSG.⁹

All restrictions are subject to the rule of proportionality (verhältnismäßigkeitsgebot). ¹⁰ § 1 para. 3 sets up basic rights other than the right to secrecy, namely a right to information (Z 1), rectification and erasure (Z 2). These rights too can only be limited by law under the conditions spelled out in paragraph 2 (para. 4). Section 1 para. 5 states that the Civil Court system is responsible for defence of the basic rights of data protection (except for the right to information) against private entities. For all other cases, jurisdiction is placed with a Data Protection Commission. This setting of venue is commonly regarded as giving the basic right to data protection direct legal effect. ¹¹ Yet some maintain that the basic right to data protection, like all other fundamental rights, has only indirect effect, and thus to set up a legal claim framework between two parties there must be provisions in normal (non-constitutional) law. ¹² The question as to when a legal norm establishes a subjective right was extensively discussed in relation with KAKuG (Bundesgesetz üiber Krankenanstalten und Kuranstalten—a federal law dealing with hospitals and other health centres). At present, the law is certainly in the individual interest of the subject concerned. The norm sets out a venue and an agency to pursue a claim. According to Pscheidl this clearly marks the intention of the legislator to endow the subject with a subjective right.¹³

Legal Competence

The competence to legislate in relation to the basic right to data protection (§ 1 DSG) is derived from Art. 10 para. 1 Z 1 B-VG, Bundesverfassung (Austrian Constitution).¹⁴

For this reason, legislative power in relation to the protection of personal data in automated data traffic is marked as a Federal responsibility by §2 para. 1 DSG. Paragraph 2 also sets out the general Federal jurisdiction but exemptions occur for the States where they themselves, or others on their behalf, process data and no Federal Statutes assign jurisdiction to the Federal agencies. Thus, the DSG only encompasses automated data processing. For manual processing, States have to pass their own data protection laws. It seems doubtful whether the spirit of the Data Protection Directive to standardize the level of data protection is adequately expressed by having ten data protection laws in Austria. In exceptional cases, DSG 2000 can also be applied to manual data, the basis for this can be found in chapter 11 ‘Transitional and Final Provisions’ in §58. §58 DSG requires that insofar as manual filing systems exist for purposes where the Federation (Bund) has jurisdiction, they are deemed to be data applications (Datenanwendungen) according to Sect. 4 sub-para. 7. This clause contains the legal definition of the term data application. Thus, §58 declares certain manual applications to be automated applications, and thus subject to the non-constitutional aspects of the DSG. The dogmatic background for this construction is the idea that data protection is an annex topic, ¹⁵ which follows the main legal matter in jurisdiction. ¹⁶

In reality it is sometimes unclear which legislator has authority. This is the case for example with matters listed in Art. 12 B-VG. Here, the legislation is a matter for the Federation and the States alike. Thus, the Federal legislator is not empowered to regulate on these matters conclusively. The view that for such cases §58 DSG was meant to establish a basic rule is not justified, as according to Art. 12 para. 4 B-VG, basic tenets (Grundsatzbestimmungen) must, if otherwise unconstitutional,¹⁷ always be designated as such. Therefore, one cannot assume that §58 can be applied to manually processed data in matters pertaining to Art. 12 B-VG.

It has therefore rightly been remarked in the literature that accessibility and approachabil...