PrivacyImplicationsofResearchData:ANISOSymposium11SEPTEMBER 2016, DENVER

Security, Solidarity, Science and the rule of law

Open Science and privacy protection in transnational cooperation

Dr. Christoph BruchHelmholtz Association

Contents

§ HelmholtzAssociation

§ TheGermanNationalCohort

§ Dataprotectioninaninternationalsetting

Seite2Denver,11.09.2015

HelmholtzAssociation

Seite3Denver,11.09.2015

Seite4Denver,11.09.2015

HelmholtzAssociation

§ Staff:38,237

§ Budget:€ 4.45billion� Twothirdscomefrompublic

sponsors (ina9:1splitbetweenFederalandstateauthorities)

� TheindividualHelmholtzCentresareresponsibleforattractingmorethan30%themselves intheformofcontractfundingprovidedbypublicandprivatesectorsponsors.

§ Eachyear,severalthousandvisitingscientistsandresearchersfromallaroundtheworldcometotheHelmholtzCentres

TheGermanNationalCohort

Seite5Denver,11.09.2015

NAKOFactsandfigures§ Itwillprovideamajor,centralresourceforpopulation-basedepidemiologyin

Germany,andwillhelptoidentifynewandtailoredstrategiesforearlydetection,prediction,andprimarypreventionofmajordiseases.

§ Overalldurationof25–30 years§ 18regionalstudycentres§ 200,000womenandmenaged20–69 years§ 200,000

� extensiveinterview� self-completion questionnaires� awiderangeofmedicalexaminations� collectionofvariousbiomaterials

§ 40,000� “Level2”programme

§ 30,000� Magneticresonanceimagingexaminationprogramme

§ After4–5 years,allparticipantswillbeinvitedforare-assessment.

Seite6Denver,11.09.2015

NAKOTimeline

Seite7Denver,11.09.2015

NAKOStudycentresoftheGermanNationalCohort

Seite8Denver,11.09.2015

NAKOdataprotection/managementconcept§ 2datasources

� Datageneratedwithintheproject§ Interviews/Questionnaires§ Medicalexaminations(level1:all;level2:40,000;MRT:30,000)§ Collectionofvariousbiomaterials

� Linkagetosecondarydatatoobtainadditionalinformationonthe individual’shealthandemploymenthistory§ Patientfiles§ statutoryhealthinsurances§ Dataonoccupationalhistory§ Geocodedenvironmentaldata

§ DataProtectionConcept� Centraldatamanagement� CompliancewiththeFederalDataProtectionActs� Compliancewith „OpinionoftheGermanEthicsCouncil”� Adataprotectionconceptwasdeveloped inclosecollaborationwiththeGermanfederaland

statecommissioners.� A‘CodeofEthics’oftheGNChasbeendeveloped.� Anexternalethicsadvisoryboardhasbeenestablished.

Seite9Denver,11.09.2015

NAKOdataprotection/managementconcept

Seite10Denver,11.09.2015

NAKOCriticismconcerningdataprotectionconcept

§ DataprotectionisahighlycontentiousissueinGermany

§ AcivillibertiesorganizationcriticizedNAKObecauseofallegedshortcomings(Atleastsomehavebeenamelioratedbynow.)ofitsdataprotectionconcept:� Discrepancybetweeninformation concerning intendeduseinconsentformanduser(=research)agreement/rules

� Nooptions forrequestingcontentatlaterstagesasnewusesareintended

� Nowautomaticrenewalofconsent thatisonlyvalidfor5years.(Thiswording isproblematicanywayasbylawconsentcanbewithdrawnanytime.)

� Consentformallegedlydidnotenableparticipanttoinsertdisagreementwithparticularpartofthatform.(noNO-Field)

� Ambiguities inrespecttoprohibition ofcommercialuse

Seite11Denver,11.09.2015

NAKOillustrates

§ thecommitmentoftheresearchcommunitytodataprotection

§ theeffortnecessarytoreachandmaintainanadequatelevelofdataprotection

§ tensionsexistingbecauseofinherentconflictsofinterestbetweenresearchwhichisaboutuncoveringandprivacywhichisaboutseclusion

Seite12Denver,11.09.2015

Theresearchcommunityisprodataprotection

§ Dataprotectionisaprerequisitetobuildtrustwhichinturnisaprerequisiteforthecooperationofthedatasubject(testperson,interviewee)

§ ThereisastrongincentivetodemonstratecommitmenttodataprotectionsincethereisatendencytocollectmorePPI.

§ Commitmenttodataprotectionisalsomotivatedbytheawarenessofanincreasein� theamountofdatabeingcollectedand� theabilitytoprocessdatawhichresultsin� greaterrisksoftheoccurrenceofmishapsand� newandmoredangersofmisuse(e.g.deanonymization)

Seite13Denver,11.09.2015

Dataprotectionisachallengefortheresearchcommunityas

§ AlimitationoftheuseofPIIfortheoriginalpurposeisatoddswiththevisionofdatadrivenscience.

§ Researchersarefacedwithnewdemandstotheirdataavailable,e.g.� openscience� Interdisciplinarycooperation� reproducible science� commodification ofscience

§ Newscenariosforproperusebutalsomisuseresultinanincreasedburdentomaintainadequatedataprotectionstandards.

§ Coredataprotectionprincipleslikedataminimization,strictlimitationofuse,informedconsentareatoddswiththehighhopesrelatedtobigdata.

Seite14Denver,11.09.2015

Repercussionsfor3rdparties

§ ThecollectionandanalysisofPIIcanhaverepercussionsbeyondthegroupofpersonswhosedatearecollected.

§ Theseimplicationsforsecondarygroupscanoccurasaresultvariouscircumstances,e.g.� Geneticdata:containinformationaboutrelatives

� Securitydata:Contactpersonsmaybeassociatedwithsecurityrisk/criminaloffences

� Profiledata:derivesformdatarelatingtocertainindividualsmaybeassociatedwithotherpersonsconsideredbelongingtoasimilar„profilegroup“

Seite15Denver,11.09.2015

Informedconsent

§ Thepracticalmeaningofinformedconsentisstronglydependentontheamountofcomprehensionintendedtobenecessarytoenableanindividualtogivethatinformedconsent.

§ ActualconsenthastobeconsideredrathervagueiftheconsentingPersonhasasuperficialunderstandingonlyoftheimplicationsofhisdecision.

§ StatementsconcerningintendeduseofPIIaretypicallyverycomplex,oftenquitelongandincomprehensibleforthegreatmajorityofpersonswhoagreewiththem.

§ Thus,thereclearlimitationstothepossibilitytorealizeinformationalself-determinationviathistool.

Seite16Denver,11.09.2015

Dataprotectioninan

internationalsetting

Seite17Denver,11.09.2015

MotivationforEUdataprotectionregulation

§ GreatvariationsinprotectionlevelswerepossiblebecauseofthebroadscopelefttomemberstatesbyEUDirectivefrom1995

§ Thisledto„forum-shopping“bybigcompanies=choosingofjurisdictionwithlowestdataprotectionrequirements

§ ResultinginGoogle,Facebook…transferringtheirEuropeanoperationstoIreland

§ Adataprotectionregulationwastocreateamorelevelplayingfield.

Seite18Denver,11.09.2015

Timeline:Harmonizationofdataprotection

1980 OECDDataProtectionPrinciples

1995 Directive ontheprotectionofindividuals withregardtotheprocessing ofpersonal dataandonthefreemovementofsuchdata(95/46/EC)(repealed by2016/679/EU))

1998 NegotiationsonSafeHarborPrivacyPrinciples arestarted

2000 SafeHarborDecision - EuropeanCommunity declaresInternationalSafeHarborPrivacyPrinciples arecompliantwiththeEUDataProtectionDirective(Decision 2000/520)

2015 JudgmentoftheEuropeanCourtofJusticedeclaringinvalid theEUCommissions SafeHarborDecision(CaseC-362/14)

2016 Regulation ontheprotectionofnaturalpersonswithregardtotheprocessing ofpersonaldataandonthefreemovement ofsuchdata,andrepealingDirective95/46/EC (GeneralDataProtectionRegulation)(2016/679/EU)May2016 Regulationtookeffect

Transition period:MemberstateswilladapttheirdataprotectionlawsMay2018 Endoftransitionperiod– regulationcomesintoforce

2016 February: Completionofnegotiations onEU-U.S.PrivacyShieldJuly: AdequacyDecision byEUCommission concerning EU-U.S.PrivacyShield

Seite19Denver,11.09.2015

GeneralDataProtectionRegulationKeyfeatures(1)

§ StrongerEU-wideharmonization– butalotofscopeformemberstates

§ Increasedfines(§ 43,Art.83)� forindividualsuptoEUR300,000� ForcompaniesuptoEUR20,000,000or4%ofannualturnover

§ Obligationtodemonstrateadequateprotection� Thisresponsibilityiswithprincipleinvestigationofaresearchprojectortheheadofaresearch

institution� Incertaincasesadataprotection officerneedstobeappointed

§ Thepositionofthedataprotectionofficershasbeenstrengthened.� Thisincludese.g.involvingdataprotectionofficersalreadyatearlyplanningstagesofbigger

researchprojects

Seite20Denver,11.09.2015

GeneralDataProtectionRegulationKeyfeatures(2)

§ Transparencydemandsfordatacontrollershavebeenincreased� Thisincludestheobligationtocommunicateclearlyandinalanguageeasilycomprehensible.� Bythesametoken, informationrightsofpersonswhosePII’sarecollectedhaven

strengthened

� Inordertobeabletofulfiltheinformationobligationsmoremonitoringandreportingmaybenecessary

� Infactthe informationobligationsmayprovetobethehighestdataprotectionhurdleincasesinwhichthePIIareanonymizedasthepersonswhosedataareusehaverighttoknow howexactlytheirdatewereused.Thiswillbedependent onhowthenewdataprotectionregulationwilltransformedintonationallawoftheMemberStates

§ Expansionoftheareaofapplication� The GeneralDataProtectionRegulationalsoappliestoPIIprocessedoutsidetheEUifthisis

doneonbehalforunderresponsibilityofacompanywithalegalbranchinaEUmemberstate.

Seite21Denver,11.09.2015

GeneralDataProtectionRegulationKeyfeatures(3)

§ ADataprotectionimpactassessmentisobligatoryincertaincases(Art.35)

§ Theoptionsforbuilding-uplargecollectionsofPIIarelimitedbytheinstructionpersonaldatamaynotbeingmadeavailable“toanindefinitenumberofnaturalpersons”(Art25(2))

§ Theuseofhumangeneticdataposesachallengeasthesecaninprinciplenotbepseudonymizedoranonymized.Atthesametime,manyresearchquestionsinthefieldofgenetics(e.g.personalizedmedicine)canonlybetackledbytheanalysisofaggregationsofgreatmassesofthesedata.Evenifaggregationsofthesedataismadepossiblebasedonappropriateconsentsthechallengeremainstoguaranteeadequatesecuritylevelsandrightsmanagement.

Seite22Denver,11.09.2015

GeneralDataProtectionRegulationResearchprivileges (1)

§ Informedconsent� Lowerstandardforresearchpurposes[recital26]

§ Useforresearchpurposesofpersonaldatawhichwasnotcollectedforthispurpose,includingdatainpublicregisters� Memberstatesmayallowthis. Ifdoingsoresearchpurposes needtobeoneoftheprivileged

uses.[recital50,159,162;Art.5(1)(b)]

§ Permissiontoprocessespeciallysensiblepersonaldatawhichingeneralmaynotbeprocessed� theprohibitionmybeliftedforresearchpurposes[recital52&53]

§ Informationobligationsinrespecttothedatasubjectandotherreportingobligationscanbeloweredresearchpurposes[recital62,156;Art14(5)(b)]

Seite23Denver,11.09.2015

GeneralDataProtectionRegulationResearchprivileges(2)

§ Limitationsconcerningthedurationdataretention� Theselimitationcanbeextendedorliftedforresearchpurposes [Art.5(1)(e)]

§ Rightofdatasubjectstohavedatacorrectedorerased� Thecorrespondingobligationforthedatacontrollercanbeloweredforresearchpurposes

[recital65;Art.17(3)(d)]

§ (international)Datatransfer� Transfersforresearchpurposescanbeprivileged[recital113)

Seite24Denver,11.09.2015

RuleoflawScopefor„practicalsolutions“

§ Compliancewithdataprotectionlawisachallengeonthenationallevelandevenmoresointheinternationallevel.

§ Harmonizationoftherespectivestatutorylawisalongtermprojectthatoftendoesnothelptosolvecurrentproblems.

§ Forgingagreementbetweenstatesestablishingprocessesthateaseobservationofthelawarethereforeacommendableapproach.

§ WhenratingtheUSSafeHarborPrivacyPrinciplesasadequatetheEuropeanCommissiondidnotadequatelyconsiderEUlawincludingtheCharterofFundamentalRightsoftheEuropeanUnion.

§ NowtheEU-U.S.PrivacyShieldistobethenewandbetterpracticalsolution.

§ ThereisgeneralagreementthatthePrivacyShieldisamajorimprovement.

§ TheEuropeandataprotectioncommunitywillsurelytrytohaveprivacyshieldtestedbytheEuropeanCourtofJusticeassoonaspossible.

Seite25Denver,11.09.2015

Thankyouverymuch

foryourattention

Seite26Denver,11.09.2015