Tough new legislation to beef up data privacy rules across Europe will not be allowed to hamper research, says Jan Philipp Albrecht MEP, one of the bill’s draftsmen.
“There will be huge exceptions for research in the new regulation,” Albrecht, a German MEP, promised the 5th Annual Data Protection and Privacy conference in Brussels on Tuesday.
“[Researchers] will have the opportunity to do research without seeking the [permission] of rights holders, if it’s serving the public interest. That’s quite far-reaching,” he said.
“If you are working with anonymous information, you are outside the duties of this regulation,” Albrecht added.
The new regulation, which has been under consideration for years, is making progress toward a possible adoption next year. But there may be further delays. “If [European governments are] not able to deliver a general approach before March 2015, it’s in danger. After that, it’s not clear whether we’ll be able to deliver by the end of the year,” Albrecht told delegates.
Exemptions for research
The heavyweights of European R&D have raised concerns that the European Parliament’s proposal on data protection went too far in requiring personal consent for use of people’s information in socio-economic and medical studies. Now they feel cautiously optimistic about new amendments put forward by European governments following a meeting of the European Council last week.
The suggested changes in the bill’s text revert to the original approach of the European Commission, which recognised exemptions are needed for the use of personal data in research. The new text also acknowledges the vital role of safeguards in protecting people’s privacy when data are used in research.
“So far it looks pretty good,” said Magnus Stenbeck, a senior researcher in Sweden’s Karolinska Institutet. Emma Greenwood, head of policy development at Cancer Research UK, agreed saying, "The Council of Ministers has now made a step in the right direction.”
Cancer Research UK is part of the European Data in Health Research Alliance, which is lobbying for research exemptions in the new legislation. Other members include Science Europe, European Public Health Alliance, European Patients’ Forum, the Federation of European Academies of Medicine, the Wellcome Trust, and the British Heart Foundation.
While researchers see a big improvement, the issue is not totally cut and dry. According to Stenbeck, an amendment to “pseudonymise” personal data, inserted by Germany, may cause problems for longitudinal research which requires individual follow-up over time.
There are studies, like this one, showing how errors can accumulate in cancer monitoring when pseudonymised data, which may prevent accurate data linkages, are used. The current wording, however, does not spell out pseudonymised data as a mandatory way of protecting data, but as one possibility, notes Stenbeck.
The implication of the wording of the European Parliament’s earlier proposal, according to scientists at the Karolinska Institutet, is that, “It would become practically impossible to continue the registry-based research and evaluation that current legislation permits and clinical medicine requires.”
The partial agreements are preliminary steps toward a final agreement that in theory could be revoked in the final rounds of negotiation with the European Parliament. The expectation is that the revised data protection framework will come into force in 2017.
A trusted bolthole for data
Beyond the issue of data for scientific purposes, there may be positives associated with tighter data protection laws in Europe.
In the same way that Switzerland has become a trusted bolt-hole for saving money, many observers expect Europe will be seen as a reliable place for saving data, carrying out data processing and housing data centres.
It was announced recently that big technology companies including IBM, Google and Amazon will build new data centres in Europe in the next few years.
It is a move that signifies a shifting technology landscape and emphasises the backlash against large-scale data collection via US companies and data stored in the US, by the National Security Agency, (NSA), as revealed in leaks from Edward Snowden.
Consolidated position of Parliament and Council here