Code of conduct for using personal data in health research

Group mulls guidance on use of personal data

Researchers and lawyers are working on a code of conduct for using personal data in health research, aimed at ironing out differences in national application of an impending EU law.

The initiative is being led by the Biobanking and Biomolecular Resources Research Infrastructure-European Research Infrastructure (BBMRI-Eric). The team met with representatives of the European Commission, the pharmaceutical industry, lawyers, patient groups and other research organisations this week to discuss the way forward.

The focus of the initiative is the EU General Data Protection Regulation on the use of personal data for research and other purposes, which will begin to apply from 25 May 2018 onwards. The GDPR is intended to harmonise national laws, but research organisations have expressed concern that differences in the way countries might interpret and apply the GDPR will make it difficult for health researchers to collaborate and use personal data across national borders.

BBMRI-Eric is therefore setting up a core group of lawyers and other specialists to draw up the code of conduct, which it hopes will be ready for use once the GDPR takes effect. It is already in contact with representatives of national data protection authorities and intends to coordinate closely with Data Protection Agencies (DPAs) in developing the code while the DPAs themselves work towards implementing the GDPR.

“We’re developing a code of conduct that will be as understandable as possible to provide guidance for researchers and administrative staff and help reduce any unnecessary fear of different data protection standards in EU member states,” said Jan-Eric Litton, BBMRI-Eric’s director general.

The code of conduct will serve as the basis for further best-practice guidance, with the aim of increasing researchers’ confidence, reducing bureaucracy and duplication of effort, and ultimately increasing data sharing for health research, he added.

The core group developing the code of conduct will work with a broader group of interested and affected parties to help define the code’s scope and content, Litton said. The organisers’ aim is to have a first draft ready by the summer, which will then be opened up for public consultation and refinement in the autumn.

BBMRI-Eric hopes that the revised version of the code will be endorsed and promoted by national DPAs and the Commission.

Alea López de San Román, policy officer at the League of European Research Universities, attended the preparatory meeting. She said it would have been better if EU policymakers had been able to produce a more ambitious and harmonised regulation, since the GDPR only sets “very basic common rules”, but that the code of conduct will be helpful.

“It’s very good that a code of conduct will be adopted: it’s encouraged in the GDPR, and it will be useful for demonstrating compliance with the obligations and for facilitating cross-border data transfers,” she said. San Román added that additional guidance would be needed, however, and that Leru is consulting its members and might consider developing its own additional best practice for universities.

Article information
By Craig Nicholson

Publication: —

Publication date: 03 Feb 2017

This article was published on Research Professional, the UK’s leading independent source of news, analysis, funding opportunities and jobs for the academic research community: http://www.researchresearch.com/news/article/?articleId=1365808