Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
Review
. 2020 Jun;28(6):697-705.
doi: 10.1038/s41431-020-0596-x. Epub 2020 Mar 2.

Disruptive and avoidable: GDPR challenges to secondary research uses of data

David Peloquin  1 Michael DiMaio  1 Barbara Bierer  2 Mark Barnes  3
Affiliations
Review

Disruptive and avoidable: GDPR challenges to secondary research uses of data

David Peloquin et al. Eur J Hum Genet. 2020 Jun.

Abstract

The advent of the European Union's General Data Protection Regulation (GDPR) has posed several significant difficulties for the secondary research uses of data and associated biospecimens and has led to widespread unease within the international biobanking and databanking community. This disruption of research using personal data and associated biospecimens has gone largely unremarked in the professional literature, including in a recent account of GDPR's relationship to biobanking practices published in this journal, which instead advocated even more stringent, and in our view, unnecessary restrictions on research uses of banked data and materials. In this article, we describe challenges that GDPR has posed for biobanks and databanks and for researchers who use those banked resources for secondary research. We discuss the limitations inherent in the few pathways that GDPR makes available for secondary research, given that such pathways rely upon complex and varied laws of individual European Union member states. We advocate mitigation of these difficulties through regulatory guidance in order to allow important scientific research to continue.

PubMed Disclaimer

Conflict of interest statement

BB and MB are faculty co-directors, and DP is a senior advisor, of the Multi-Regional Clinical Trials Center of Harvard University and Brigham and Women’s Hospital, a regulatory science center that has participated heavily in the international discussions of the effects of GDPR on human subjects research. The attorney authors (Messrs. MB, DP and MD) serve in an international law firm that represents many universities, research institutes, academic medical centers, laboratories, and pharmaceutical and biotechnology entities that are subject to data use restraints imposed by GDPR.

Comment in

References

    1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
    1. 42 Code of Federal Regulations § 164.514(b).
    1. 42 Code of Federal Regulations § 164.502(d); US Department of Health and Human Services, Office of Civil Rights, Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-id....
    1. US Department of Health and Human Services, Office for Human Research Protections, Coded Private Information or Specimens Use in Research, Guidance (2008), https://www.hhs.gov/ohrp/regulations-and-policy/guidance/research-involv....
    1. United Kingdom Information Commissioner’s Office, Anonymisation: Managing Data Protection Risk Code of Practice (Nov 2012), Annex 1, (noting that information that has been pseudonymized through use of a key is not personal data in the hands of a researcher who lacks access to the key), https://ico.org.uk/media/1061/anonymisation-code.pdf.

MeSH terms