ABSTRACT
In this article, we analyze legal and ethical issues raised in Big Data health research projects in the Covid‐19 era and consider how these issues might be addressed in ways that advance ...positive values (e.g., furtherance of respect for persons and accordance with relevant legal frameworks) while mitigating or eliminating any negative aspects (e.g., exacerbation of social inequality and injustice). We apply this analysis specifically to UK‐REACH (The United Kingdom Research Study into Ethnicity and Covid‐19 Outcomes in Healthcare Workers), a project with which we are involved. We argue that Big Data projects like UK‐REACH can be conducted in an ethically robust manner and that funders and sponsors ought to encourage similar projects to drive better evidence‐based public policy in public health. As part of this, we advocate that a Big Data ethics‐by‐design approach be undertaken when such projects are constructed. This principle extends the work of those who advocate ethics by design by addressing prominent issues in Big Data health research projects; it holds that ethical values and principles in Big Data health research projects are best adhered to when they are already integrated into the project aims and methods at the design stage. In advocating this principle, we present a unique perspective regarding pressing ethical problems around large‐scale, data‐driven Covid‐19 research, as well as legal issues associated with processing ostensibly anonymized health data.
Data sharing models designed to facilitate global business provide insights for improving transborder genomic data sharing. We argue that a flexible, externally endorsed, multilateral arrangement, ...combined with an objective third-party assurance mechanism, can effectively balance privacy with the need to share genomic data globally.
Discussions regarding responsible genomic data sharing often center around ethical and legal issues such as the consent, privacy, and confidentiality of individuals, families, and communities. To ...ensure the ethical grounds of genomic data sharing, oversight by both research ethics and Data Access Committees (DACs) across the research lifecycle is warranted. In this article, we review these oversight practices and argue that they reveal a compelling need to clarify the scope of ethical considerations by oversight bodies and to delineate core elements such as "objectionable" data uses. Ethical oversight of genomic data sharing would be considerably improved if the relevant ethical considerations by research ethics and DACs were coordinated. We therefore suggest several mechanisms to achieve greater clarification of ethical considerations by these committees, as well as greater communication and coordination between both to ensure robust and sustained ethical oversight of genomic data sharing.
The collapse of confidence in anonymization (sometimes also known as de-identification) as a robust approach for preserving the privacy of personal data has incited an outpouring of new approaches ...that aim to fill the resulting trifecta of technical, organizational, and regulatory privacy gaps left in its wake. In the latter category, and in large part due to the growth of Big Data–driven biomedical research, falls a growing chorus of calls for criminal and penal offences to sanction wrongful re-identification of “anonymized” data. This chorus cuts across the fault lines of polarized privacy law scholarship that at times seems to advocate privacy protection at the expense of Big Data research or vice versa. Focusing on Big Data in the context of biomedicine, this article surveys the approaches that criminal or penal law might take toward wrongful re-identification of health data. It contextualizes the strategies within their respective legal regimes as well as in relation to emerging privacy debates focusing on personal data use and data linkage and assesses the relative merit of criminalization. We conclude that this approach suffers from several flaws and that alternative social and legal strategies to deter wrongful re-identification may be preferable.
We promote a shared vision and guide for how and when to federate genomic and health-related data sharing, enabling connections and insights across independent, secure databases. The GA4GH encourages ...a federated approach wherein data providers have the mandate and resources to share, but where data cannot move for legal or technical reasons. We recommend a federated approach to connect national genomics initiatives into a global network and precision medicine resource.
Thorogood et al. provide a guide to federated approaches to data sharing, which aim to connect independent, secure genomic medicine databases through common standards, enabling users to derive insights across multiple databases. The authors argue that a federated approach is feasible and necessary to connect national genomics initiatives into a global network to advance precision medicine.
Genetic discrimination (GD) is the differential or unfair profiling of an individual on the basis of genetic data. This article summarizes the actions of the Genetic Discrimination Observatory (GDO) ...in addressing GD and recent developments in GD since late 2020. It shows how GD can take many forms in today’s rapidly evolving society.
Genomic and biosocial research data about individuals is rapidly proliferating, bringing the potential for novel opportunities for data integration and use. The scale, pace and novelty of these ...applications raise a number of urgent sociotechnical, ethical and legal questions, including optimal methods of data storage, management and access. Although the open science movement advocates unfettered access to research data, many of the UK's longitudinal cohort studies operate systems of managed data access, in which access is governed by legal and ethical agreements between stewards of research datasets and researchers wishing to make use of them. Amongst other things, these agreements aim to respect the reasonable expectations of the research participants who provided data and samples, as expressed in the consent process. Arguably, responsible data management and governance of data and sample use are foundational to the consent process in longitudinal studies and are an important source of trustworthiness in the eyes of those who contribute data to genomic and biosocial research.
This paper presents an ethnographic case study exploring the foundational principles of a governance infrastructure for Managing Ethico-social, Technical and Administrative issues in Data ACcess (METADAC), which are operationalised through a committee known as the METADAC Access Committee. METADAC governs access to phenotype, genotype and 'omic' data and samples from five UK longitudinal studies.
Using the example of METADAC, we argue that three key structural features are foundational for practising responsible data sharing: independence and transparency; interdisciplinarity; and participant-centric decision-making. We observe that the international research community is proactively working towards optimising the use of research data, integrating/linking these data with routine data generated by health and social care services and other administrative data services to improve the analysis, interpretation and utility of these data. The governance of these new complex data assemblages will require a range of expertise from across a number of domains and disciplines, including that of study participants. Human-mediated decision-making bodies will be central to ensuring achievable, reasoned and responsible decisions about the use of these data; the METADAC model described in this paper provides an example of how this could be realised.
Abstract
The General Data Protection Regulation (GDPR) of the European Union, which became applicable in 2018, contains a new accountability principle. Under this principle, controllers (ie parties ...determining the purposes and the means of the processing of personal data) are responsible for ensuring and demonstrating the overall compliance with the GDPR. However, interpretive uncertainties of the GDPR mean that controllers must exercise considerable judgement in designing and implementing an appropriate compliance strategy, making GDPR compliance both complex and resource-intensive. In this article, we provide conceptual clarity around GDPR compliance with respect to one core aspect of the law: the determination and relevance of the purpose of personal data processing. We derive from the GDPR’s text concrete requirements for purpose specification, which we subsequently apply to the area of secondary use of personal data for scientific research. We offer guidance for correctly specifying purposes of data processing under different research scenarios. To illustrate the practical necessity of purpose specification for GDPR compliance, we then show how our proposed approach can enable controllers to meet their compliance obligations, using the example of the overarching GDPR principle of lawfulness to highlight the relevance of purpose specification for the identification of a suitable legal basis.