This paper discusses challenges arising from the application of the EU General Data Protection Regulation (GDPR) in the context of biobanking and biomedical research.
Medical and health research has increasingly relied on processing and linking vast amounts of genetic- and health-related data. The traditional, highly- specific consent form and anonymisation required for privacy protection may not be appropriate for data-intensive longitudinal population-based research.
After long debates and lobbying efforts from the health and research communities in the EU, the GDPR has been revised to adopt a more research-friendly approach by including several derogations for consent and processing of data for secondary purposes. However, challenges remain in that the scope of scientific exemptions is as yet unclear, and the rules adopted by EU Member States have yet to be harmonised.
Setting up a more accountable governance framework that can work with existing ethics review mechanisms to allow for biomedical research, especially when privately funded research entities are involved, poses questions worthy of further analysis. This paper elucidates these challenges and attempts to provide a suitable resolution for making exemptions so that research can be carried out in the public interest.
© 2012 Journal of Law, Information & Science and Faculty of Law, University of Tasmania.