Explore the vast range of titles available.

The particular characteristics of COVID-19 demand the careful biomedical study of samples from patients who have shown different symptomatology, in order to understand the genetic foundations of its phenotypic expression. Research on genetic material from COVID-19 patients is indispensable for understanding the biological bases for its varied clinical manifestations. The issue of “informed consent” constitutes the crux of the problem in regulating research biobanks, because it concerns the relationship between the person and the parts separated from the body. There are several consensus models that can be adopted, varying from quite restricted models of specific informed consent to forms that allow very broad authorization (open consent). Our current understanding of COVID-19 is incomplete. Thus, we cannot plan, with precision, the research to be conducted on biological samples that have been, or will be, collected from patients infected by the novel coronavirus. Therefore, we suggest utilizing the “participation pact” between researchers and donors, based on a new form of participation in research, which offers a choice based on the principles of solidarity and reciprocity, which represent the communication of “values”. In the last part of this paper, the general data protection regulation concerning the matter is discussed. The treatment of personal data must be performed with explicit goals, and donors must be provided with a clear, transparent explanation of the methods, goals and time of storage. The data must not be provided to unauthorized subjects. In conclusion, open informed consent forms will be necessary for research on individual patients and on populations.

Abstract In July 2023, the United States and the European Union introduced the Data Privacy Framework (DPF), introducing the third generation of cross-border data transfer agreements constituting adequacy with respect to personal data transfers under the General Data Protection Regulation (GDPR) between the European Union (EU) and the US. This framework may be used in cross-border healthcare and research relationships, which are highly desirable and increasingly essential to innovative health technology development and health services deployment. A reliable model meeting EU adequacy requirements could enhance the transfer of patient and research participant data. While the DPF might present a familiar terrain for US organizations, it also brings unique challenges. A notable concern is the ability of individual EU Member States to establish individual and additional requirements for health data that are more restrictive than GDPR requirements, which are not anticipated by the DPF. This article highlights the DPF’s potential impact on the healthcare and research sectors, finding that the DPF may not provide the degree of lawful health data transfer desirable for healthcare entities. We examine the DPF against a background of existing Health Insurance Portability and Accountability Act obligations and other GDPR transfer tools to offer alternatives that can improve the likelihood of reliable, lawful health data transfer between the US and EU.

Suicide remains a problem of public health importance worldwide. Cognizant of the emerging links between social media use and suicide, social media platforms, such as Facebook, have developed automated algorithms to detect suicidal behavior. While seemingly a well-intentioned adjunct to public health, there are several ethical and legal concerns to this approach. For example, the role of consent to use individual data in this manner has only been given cursory attention. Social media users may not even be aware that their social media posts, movements, and Internet searches are being analyzed by non-health professionals, who have the decision-making ability to involve law enforcement upon suspicion of potential self-harm. Failure to obtain such consent presents privacy risks and can lead to exposure and wider potential harms. We argue that Facebook’s practices in this area should be subject to well-established protocols. 1 These should resemble those utilized in the field of human subjects research, which upholds standardized, agreed-upon, and well-recognized ethical practices based on generations of precedent. Prior to collecting sensitive data from social media users, an ethical review process should be carried out. The fiduciary framework seems to resonate with the emergent roles and obligations of social media platforms to accept more responsibility for the content being shared.

Federated Learning (FL) promises to enhance data-driven health research by enabling collaborative machine learning across distributed datasets without direct data exchange. However, current FL implementations primarily reflect the data-sharing interests of institutional controllers rather than those of individual patients whose data are at stake. Existing consent mechanisms—like broad consent under HIPAA or explicit consent under the GDPR—fail to provide patients with control over how their data is used. This article explores the integration of smart contracts (SCs) into FL as a mechanism for automating, enforcing, and documenting consent in data transactions. SCs, encoded in decentralized ledger technologies, can ensure that FL processes align with patient preferences by providing an immutable, and dynamically updatable consent architecture. Integrating SCs into FL and swarm learning (SL) frameworks can mitigate ethico-legal concerns related to patient autonomy, data re-identification, and data use. This approach addresses persistent principle-agent asymmetries in biomedical data sharing by ensuring that patients, rather than data controllers alone, can specify the terms of access to insights derived from their health data. We discuss the implications of this model for regulatory compliance, data governance, and patient engagement, emphasizing its potential to foster public trust in health data ecosystems.

On July 14th, 2022, the Danish Data Protection Authority issued a reprimand against Helsingor Municipality. It imposed a general ban on using Google Chromebooks and Google Workspace for education in primary schools in the Municipality. The Danish DPA banned such processing and suspended any related data transfers to the United States (U.S.) until it is brought in line with the General Data Protection Regulation (GDPR). The suspension took effect immediately, and the Municipality had until August 3rd, 2022, to withdraw and terminate the processing, as well as delete data already transferred. Finally, in a new decision on August 18th, 2022, the Danish DPA has ratified the ban to the use of Google Chromebooks and Workspace. In the eyes of the Danish DPA, the Municipality failed for example to document that they have assessed and reduced the relevant risks to the rights and freedoms of the pupils. This article is structured as follows: section II provides the background concerning the unfolding events after the Schrems II ruling. Section III discusses the origins and facts of the Danish DPA case. Section IV examines the reasoning and critical findings of the Danish DPA decision. Finally, section V concludes with some general recommendations the Danish municipalities must follow based on the ensuing effects stemming from this case.

The European Commission adequacy decision on the EU US Data Privacy Framework, adopted on July 10th, 2023, marks a crucial moment in transatlantic data protection. Following an Executive Order issued by President Biden in October 2022, this decision confirms that the United States meets European Union standards for personal data protection. The decision extends to all transfers from the European Economic Area to US entities participating in the framework, promoting privacy rights while facilitating data exchange. Key aspects include oversight of US public authorities access to transferred data, the introduction of a dual tier redress mechanism, and granting new rights to EU individuals, encompassing data access and rectification. However, the framework presents both promise and challenges in health data transfers. While streamlining exchange and aligning legal standards, it grapples with the complexities of divergent privacy laws. The recent bill for the introduction of a US federal privacy law emphasizes the urgent need for ongoing reform. Lingering concerns persist regarding the framework resilience, especially amid potential legal battles before the Court of Justice of the EU. The history of transatlantic data transfers between the EU and the US is riddled with vulnerabilities, reminiscent of the Ouroboros, an ancient symbol of a serpent or dragon eating its own tail, hinting at the looming possibility of the framework facing invalidation once again. This article delves into the main requirements of the framework and offers insights on how healthcare organizations can navigate it effectively.

This chapter explores the essential role of Binding Corporate Rules (BCRs) in managing and facilitating secure health data transfers within corporate groups under the EU General Data Protection Regulation (GDPR). BCRs are tailored to ensure compliance with the GDPR and similar international data protection laws, presenting a flexible mechanism for transferring sensitive health and genomic data. The chapter situates BCRs within the broader spectrum of the GDPR international data transfer mechanisms, addressing the unique challenges posed by the sensitive nature of health data and the increased adoption of AI technologies. The European Data Protection Board (EDPB) Recommendations 1/2022 on BCRs, issued following the Schrems II decision, are critically analyzed, highlighting their stringent requirements and the need for a balanced approach that prioritizes data protection and an AI governance framework. The chapter outlines the BCR approval process, stressing the importance of streamlining this process to encourage broader adoption. It underscores the necessity of a multidisciplinary approach in developing BCRs, incorporating recently adopted international standards and frameworks, which offer valuable guidance for organizations to build trustworthy AI management systems. They guarantee the ethical development, deployment, and operation of AI, which is essential for its successful integration and the broader digital transformation. In conclusion, BCRs are positioned as essential tools for secure health data management, fostering transparency, accountability, and collaboration across international borders. The chapter calls for proactive measures to incentivize BCR adoption, streamline approval processes, and promote more innovative approaches, ensuring BCRs remain a robust mechanism for global data protection and compliance.

The General Data Protection Regulation contains a blanket prohibition on the transfer of personal data outside of the European Economic Area unless strict requirements are met. The rationale for this provision is to protect personal data and data subject rights by restricting data transfers to countries that may not have the same level of protection as the EEA. However, the ubiquitous and permeable character of new technologies such as cloud computing, and the increased inter connectivity between societies, has made international data transfers the norm and not the exception. The Schrems II case and subsequent regulatory developments have further raised the bar for companies to comply with complex and, often, opaque rules. Many firms are, therefore, pursuing technology-based solutions in order to mitigate this new legal risk. These emerging technological alternatives reduce the need for open-ended cross-border transfers and the practical challenges and legal risk that such transfers create after Schrems. This article examines one such alternative, namely a user-held data model. This approach takes advantage of personal data clouds that allows data subjects to store their data locally and in a more decentralised manner, thus decreasing the need for cross-border transfers and offering end-users the possibility of greater control over their data.