Explore the vast range of titles available.

Genomic data sharing is becoming more important as scientists join forces across borders in biomedical research for the benefit of patients and society. The EU's General Data Protection Regulation (GDPR) helps simplify sharing of such data at the European and international level. However, initial optimism has dried up as EU member states go their own ways in implementing the GDPR into national laws, and as legal cases challenging data sharing reach courts. Codes of conduct could facilitate data sharing in Europe and better connect it to global health research. This commentary explains the potential of codes of conduct for addressees and drafters. Codes are no panacea though; other measures may be necessary to ensure that Europe remains collaborative and competitive in biomedical research. Nevertheless, codes of conduct would bring immediate benefits and, in the long term, could foster a true European ecosystem for joint biomedical research and easier international data sharing. Graphical Abstract In this commentary, F. Molnár‐Gábor and J.O. Korbel help us to understand how Codes of Conduct would facilitate the EU's General Data Protection Regulation (GDPR) in simplifying sharing of genomic data at the European and international level.

Efforts to protect people’s privacy in a massive international cancer project offer lessons for data sharing. Efforts to protect people’s privacy in a massive international cancer project offer lessons for data sharing. Coloured scanning electron micrograph of a migrating breast cancer cell

In this viewpoint, we argue for the importance of creating data spaces for genomic research that are detached from contexts in which fundamental rights concerns related to surveillance measures override a purpose-specific balancing of fundamental rights. Genomic research relies on molecular and phenotypic data, on comparing findings within large data sets, on searchable metadata, and on translating research results into a clinical setting. These methods require sensitive genetic and health data to be shared across borders. International data sharing between the European Union (EU) or the European Economic Area and third countries has accordingly become a cornerstone of genomics. The EU General Data Protection Regulation contains rules that accord privileged status to data processing for research purposes to ensure that strict data protection requirements do not impede biomedical research. However, the General Data Protection Regulation rules applicable to international transfers of data accord no such preferential treatment to international data transfers made in the research context. The rules that govern the international transfer of data create considerable barriers to international data sharing because of the cost-intensive procedural and substantive compliance burdens that they impose. For certain jurisdictions and select use cases, there exist practically no lawful mechanisms to enable the international transfer of data because of concerns about the protection of fundamental rights. The proposed solutions further fail to address the need to share large data sets of local and regional cohorts across national borders to enable joint analyses. The European Health Data Space is an emerging federated, EU-wide data infrastructure that is intended to function as an infrastructure bringing together EU health data to improve patient care and enable the secondary use of health-related data for research purposes. Such infrastructure is implementing new institutions to support its functioning and is being implemented in reliance on a new enabling law, the regulation on the European Health Data Space. This innovation provides the opportunity to facilitate EU contribution to international genomic research efforts. The draft regulation for this data space provides for a concept of data infrastructure intended to enable cross-border data exchange and access, including access to genetic and health data for scientific analysis purposes. The draft regulation also provides for obligations of national actors aimed at making data widely available. This effort is laudable. However, in the absence of further, more fundamental changes to the manner in which the EU regulates the secondary use of health data, it is reasonable to believe that EU participation in international genomic research efforts will remain impeded.

Dynamic consent (DC) is an approach to consent that enables people, through an interactive digital interface, to make granular decisions about their ongoing participation. This approach has been explored within biomedical research, in fields such as biobanking and genomics, where ongoing contact is required with participants. It is posited that DC can enhance decisional autonomy and improve researcher–participant communication. Currently, there is a lack of evidence about the measurable effects of DC-based tools. This article outlines a framework for DC evaluation and reporting. The article draws upon the evidence for enhanced modes of informed consent for research as the basis for a logic model. It outlines how future evaluations of DC should be designed to maximize their quality, replicability, and relevance based on this framework. Finally, the article considers best-practice for reporting studies that assess DC, to enable future research and implementation to build upon the emerging evidence base.

Biobanks have been heralded as essential tools for translating biomedical research into practice, driving precision medicine to improve pathways for global healthcare treatment and services. Many nations have established specific governance systems to facilitate research and to address the complex ethical, legal and social challenges that they present, but this has not lead to uniformity across the world. Despite significant progress in responding to the ethical, legal and social implications of biobanking, operational, sustainability and funding challenges continue to emerge. No coherent strategy has yet been identified for addressing them. This has brought into question the overall viability and usefulness of biobanks in light of the significant resources required to keep them running. This review sets out the challenges that the biobanking community has had to overcome since their inception in the early 2000s. The first section provides a brief outline of the diversity in biobank and regulatory architecture in seven countries: Australia, Germany, Japan, Singapore, Taiwan, the UK, and the USA. The article then discusses four waves of responses to biobanking challenges. This article had its genesis in a discussion on biobanks during the Centre for Health, Law and Emerging Technologies (HeLEX) conference in Oxford UK, co-sponsored by the Centre for Law and Genetics (University of Tasmania). This article aims to provide a review of the issues associated with biobank practices and governance, with a view to informing the future course of both large-scale and smaller scale biobanks.

Biomedical research is becoming increasingly large-scale and international. Cloud computing enables the comprehensive integration of genomic and clinical data, and the global sharing and collaborative processing of these data within a flexibly scalable infrastructure. Clouds offer novel research opportunities in genomics, as they facilitate cohort studies to be carried out at unprecedented scale, and they enable computer processing with superior pace and throughput, allowing researchers to address questions that could not be addressed by studies using limited cohorts. A well-developed example of such research is the Pan-Cancer Analysis of Whole Genomes project, which involves the analysis of petabyte-scale genomic datasets from research centers in different locations or countries and different jurisdictions. Aside from the tremendous opportunities, there are also concerns regarding the utilization of clouds; these concerns pertain to perceived limitations in data security and protection, and the need for due consideration of the rights of patient donors and research participants. Furthermore, the increased outsourcing of information technology impedes the ability of researchers to act within the realm of existing local regulations owing to fundamental differences in the understanding of the right to data protection in various legal systems. In this Opinion article, we address the current opportunities and limitations of cloud computing and highlight the responsible use of federated and hybrid clouds that are set up between public and private partners as an adequate solution for genetics and genomics research in Europe, and under certain conditions between Europe and international partners. This approach could represent a sensible middle ground between fragmented individual solutions and a “one-size-fits-all” approach.

With the German Bundestag’s adoption of the Data Protection Adaptation and Implementation Act EU (DSAnpUG-EU) on 30 June 2017, the adaptation of German law to the General Data Protection Regulation (GDPR) has begun (Gesetz zur Anpassung des Datenschutzrechts an die Verordnung (EU) 2016/679 und zur Umsetzung der Richtlinie (EU) 2016/680 (Datenschutz-Anpassungs- und -Umsetzungsgesetz—DSAnpUG-EU) v. 30. Juni 2017, BGBl. 2017 I p. 2097 et seq.). Despite being directly binding on all EU member states, the GDPR does not render national data protection provision obsolete—they are covered by the GDPR’s opening clauses which include regulatory mandates and room for derogation. This creates considerable need for national legislative adaptation. Art. 1 DSAnpUG-EU contains the necessary amendments to the Federal Data Protection Law (BDSG(neu)), thus creating the second major building block of future German data protection alongside the GDPR itself. Nevertheless, there are still numerous sector-specific regulations in other federal laws and the data protection laws of the 16 states also need amendments. Adjustment in Germany is well on its way, but implementation in general is still ongoing, with further consequences for data processing and sharing.

This paper contributes to the exploration of the potential application of duties related to the diligent anticipation of the (imminent) harms and (potential) benefits to humans that scientific innovation engenders to health-related contexts. In particular, it addresses the intersection between the human right to science and health-related data processing, which plays a key role in the production, translation and implementation of biomedical knowledge. The first part of the paper provides a brief recap of the interpretation of the right to science based on Art. 15 (1) (b) of the United Nations International Covenant on Economic, Social and Cultural Rights (hereafter ICESCR or Covenant) and the resulting obligations for States in the context of health and related data processing. The second part of the paper defines the relevance of the ICESCR for EU Member States and the European Union. In the third part, theses are put forward on how the human right to science and the obligations under Art. 15 (1) (b) ICESCR influence the interpretation and application of the General Data Protection Regulation as secondary EU law. By examining the justifications for using the right to science to interpret EU data protection law and by providing interpretation and application guidance on the main data protection principles in the area of health-related data processing, taking this right into account, the aim is to shape the EU data governance framework to meet the requirements of this human right. In doing so, the paper aims to close the gaps in the interpretation and application of the main rules of EU data protection law. Such standardization in the health-related context can contribute to a coherent interpretation and application of existing rules by referring to this emerging human right. Against this background, the paper identifies governance measures that the EU legislator could take to guide the processing of health-related data in line with the requirements of the right to science.

Abstract As the adoption of digital health accelerates health research increasingly relies on large quantities of biomedical data. Research institutions scattered across a large number of jurisdictions collaborate in producing and analyzing biomedical big data. National data protection legislation, for its part, grows increasingly complex and localized. To respond to heterogeneous legal requirements arising in numerous jurisdictions, decentralized health consortia must develop scalable organizational and 6 technological arrangements that enable data flows across jurisdictional boundaries. In this article, proposals are made to enable health sector organisations to align established biomedical ethics process and data analysis practices to shifting data protection norms through both public law co-regulation, private law tools, and design-oriented approaches.

The coming-into-force of the EU General Data Protection Regulation (GDPR) is a watershed moment in the legal recognition of enforceable rights to informational self-determination. The rapid evolution of legal requirements applicable to data use, however, has the potential to outstrip the capabilities of networks of biomedical data users to respond to the shifting norms. It can also delegitimate established institutional bodies that are responsible for assessing and authorising the downstream use of data, including research ethics committees and institutional data custodians. These burdens are especially pronounced for clinical and research networks that are of transnational scale, because the legal compliance burden for outbound international data transfers from the EEA is especially high. Legislatures, courts, and regulators in the EU should therefore implement the following three legal changes. First, the responsibilities of particular actors in a data sharing network should be delimited through the contractual allocation of responsibilities between collaborators. Second, the use of data through secure data processing environments should not trigger the international transfer provisions of the GDPR. Third, the use of federated data analysis methodologies that do not provide analysis nodes or downstream users access to identifiable personal data as part of the outputs of those analyses should not be considered circumstances of joint controllership, nor lead to the users of non-identifiable data to be considered controllers or processors. These small clarifications of, or modifications to, the GDPR would facilitate the exchange of biomedical data amongst clinicians and researchers.