Draft European rules governing privacy threaten to hamper medical research.
When officials at the European Commission proposed new data-protection rules in 2012, the prospects for science looked good. Three years on, that optimism has been replaced by concern. The best that researchers can hope for from the rules now, it seems, is that they do not make things worse. For, as politicians continue to try to protect the individual in a digital world, they risk inflicting major long-term damage on the research environment.
The rules aim to update the 1995 data-protection regulations to reflect the reality of the digital age, in which information about individuals is increasingly being used as a commodity.
A pan-European law on how data could be sourced, stored and used would, in theory, be good for research. Greater harmonization could smooth the difficulties that scientists face when they try to pool analysis of genomic data and tissue samples across national borders. Such sharing could help to organize powerful trials with large numbers of participants. But it is held back at present because different European countries have their own rules on issues such as informed consent, or on how to anonymize or pseudonymize data.
Unfortunately, as a result of their reworking, the draft rules threaten to place further restrictions on such studies, by tightening the way that samples and data can be used. The situation is so perilous that researchers met in Brussels last week for a ‘Day of Action on Data for Health and Science’, to explain to policy-makers “the reasons why personal data is necessary to scientific research, including medical research”.
The reasons might sound obvious to scientists, and the need to explain them to politicians may seem distressing. But this is no anti-science agenda at play here. No one had intended to make medical research more difficult. The trouble is that such research is only a small part of the legislative issue. And discussions all take place in ministries of justice and other places where grasp of the mysterious world of science is relatively weak.
The ‘big data’ era poses new challenges, to privacy for example.
There is hope, in other words, that the feared damage can be avoided when the draft rules are finalized, possibly by the end of this year, as long as enough people make enough fuss to attract enough attention. To their credit, science funders and lobby groups across Europe have been doing just that.
The regulations proposed in 2012 by the commission allow the use of personal data only after an individual has given “specific, informed and explicit” consent. It is, after all, directed primarily at potential misuse of data gathered at websites or apps such as Facebook. But it made exceptions for health research because it recognized that such work depends on broad models of consent in which participants can agree for their data to be used in a variety of research studies, and that — subject to suitable safeguards — the data can be stored for future use.
Parliamentary amendments agreed last year changed the emphasis, and in doing so removed the exemption for research. If accepted, the amendments would require consent from participants for each new study. That would impede research. It is something that patient groups say they do not want if they donate data or tissue to a trusted party, such as established biobanks. And the evidence suggests that participants are less likely to give re-consent the more frequently they are asked for it.
Talks on the draft rules were due to restart this week, with trialogue negotiations scheduled between the European Commission, Parliament and Council. The council, at least, seems to be aware of the unwitting threat to research and wants to do something about it. Its statement on the issue, published last week, indicates that it will argue for the research exemption to be maintained.
Why should science be seen as a special case? A rigorous governance and regulatory framework for biomedical research already exists and operates under national and international laws. As this journal has chronicled, the ‘big data’ era poses new challenges, to privacy for example. But from a scientific standpoint, it makes more sense to update these existing rules as required than for valuable research to be threatened by overarching laws aimed at a different problem.
The European data-protection drive is built on the principle of “one continent, one law, one regulation”. But even the most committed believers may have to accept that biomedical research must remain an exception — and be granted an exemption — if it is to continue to thrive.
Related links in Nature Research
Data protection: Big data held to privacy laws, too 2015-Mar-25
Society: Protect privacy of mobile data 2014-Oct-01
The ultimate physical limits of privacy 2014-Mar-26
Related external links
Rights and permissions
About this article
Cite this article
Data overprotection. Nature 522, 391–392 (2015). https://doi.org/10.1038/522391b
This article is cited by
Towards trust-based governance of health data research
Medicine, Health Care and Philosophy (2023)
Data research on child abuse and neglect without informed consent? Balancing interests under Dutch law
European Journal of Pediatrics (2015)