. 2024 Jan;32(1):69-76.

doi: 10.1038/s41431-023-01403-y. Epub 2023 Jun 15.

Reconciling the biomedical data commons and the GDPR: three lessons from the EUCAN ELSI collaboratory

Alexander Bernier^{1

2

3}, Fruzsina Molnár-Gábor^{4

5}, Bartha M Knoppers^{4

6

7}, Pascal Borry^{6

8}, Priscilla M D G Cesar^{9

10}, Thijs Devriendt^{6

8}, Melanie Goisauf^{11

12}, Madeleine Murtagh^{13

14}, Pilar Nicolás Jiménez^{4

15

16}, Mikel Recuero^{4

15

16}, Emmanuelle Rial-Sebbag^{12

17}, Mahsa Shabani^{6

18}, Rebecca C Wilson^{13

19}, Davide Zaccagnini^{6

20}, Lauren Maxwell^{10

21}

Affiliations

¹ EUCANCan: European-Canadian Cancer Network, Barcelona, Spain. alexander.bernier@mcgill.ca.
² euCanSHare: An EU-Canada Joint Infrastructure for Next-Generation Multi-Heart Research, Barcelona, Spain. alexander.bernier@mcgill.ca.
³ Centre of Genomics and Policy, McGill University Faculty of Medicine and Health Sciences, Montréal, QC, Canada. alexander.bernier@mcgill.ca.
⁴ EUCANCan: European-Canadian Cancer Network, Barcelona, Spain.
⁵ Heidelberg Academy of Sciences and Humanities, Heidelberg University, Heidelberg, Germany.
⁶ euCanSHare: An EU-Canada Joint Infrastructure for Next-Generation Multi-Heart Research, Barcelona, Spain.
⁷ Centre of Genomics and Policy, McGill University Faculty of Medicine and Health Sciences, Montréal, QC, Canada.
⁸ Centre for Biomedical Ethics and Law, Department of Public Health and Primary Care, Faculty of Medicine, KU Leuven, Leuven, Belgium.
⁹ Institute on Ethics & Policy for Innovation (IEPI), McMaster University, Hamilton, ON, Canada.
¹⁰ RECODID: Reconciliation of Cohort Data in Infectious Diseases, Heidelberg, Germany.
¹¹ ELSI Services & Research, BBMRI-ERIC, Graz, Austria.
¹² CINECA: Common Infrastructure for International Cohorts in Europe, Canada, and Africa, Heidelberg, Germany.
¹³ EUCAN-Connect: Federated, FAIR Platform Enabling Large-Scale Analysis of High-Value Cohort Data Connecting Europe and Canada in Personalized Health, Groningen, the Netherlands.
¹⁴ School of Social and Political Studies, University of Glasgow, Glasgow, Scotland, UK.
¹⁵ EuCanImage: A European Cancer Image Platform Linked to Biological and Health Data for Next Generation Artificial Intelligence and Precision Medicine in Oncology, Barcelona, Spain.
¹⁶ Social and Legal Sciences Applied to the New Technosciences Research Group, Faculty of Law, University of the Basque Country, Bilbao, Spain.
¹⁷ CERPOP, Inserm, Toulouse Paul Sabatier University, Toulouse, France.
¹⁸ Metamedica, Faculty of Law and Criminology, Ghent University, Ghent, Belgium.
¹⁹ Institute of Population Health, University of Liverpool, Liverpool, UK.
²⁰ Lynkeus S.R.L, Roma, Italy.
²¹ Heidelberg Institute for Global Health, Heidelberg University, Im Neuenheimer Feld 130/3, 69120, Heidelberg, Germany.

PMID: 37322132
PMCID: PMC10267538
DOI: 10.1038/s41431-023-01403-y

Reconciling the biomedical data commons and the GDPR: three lessons from the EUCAN ELSI collaboratory

Alexander Bernier et al. Eur J Hum Genet. 2024 Jan.

. 2024 Jan;32(1):69-76.

doi: 10.1038/s41431-023-01403-y. Epub 2023 Jun 15.

Authors

Affiliations

¹ EUCANCan: European-Canadian Cancer Network, Barcelona, Spain. alexander.bernier@mcgill.ca.
² euCanSHare: An EU-Canada Joint Infrastructure for Next-Generation Multi-Heart Research, Barcelona, Spain. alexander.bernier@mcgill.ca.
³ Centre of Genomics and Policy, McGill University Faculty of Medicine and Health Sciences, Montréal, QC, Canada. alexander.bernier@mcgill.ca.
⁴ EUCANCan: European-Canadian Cancer Network, Barcelona, Spain.
⁵ Heidelberg Academy of Sciences and Humanities, Heidelberg University, Heidelberg, Germany.
⁶ euCanSHare: An EU-Canada Joint Infrastructure for Next-Generation Multi-Heart Research, Barcelona, Spain.
⁷ Centre of Genomics and Policy, McGill University Faculty of Medicine and Health Sciences, Montréal, QC, Canada.
⁸ Centre for Biomedical Ethics and Law, Department of Public Health and Primary Care, Faculty of Medicine, KU Leuven, Leuven, Belgium.
⁹ Institute on Ethics & Policy for Innovation (IEPI), McMaster University, Hamilton, ON, Canada.
¹⁰ RECODID: Reconciliation of Cohort Data in Infectious Diseases, Heidelberg, Germany.
¹¹ ELSI Services & Research, BBMRI-ERIC, Graz, Austria.
¹² CINECA: Common Infrastructure for International Cohorts in Europe, Canada, and Africa, Heidelberg, Germany.
¹³ EUCAN-Connect: Federated, FAIR Platform Enabling Large-Scale Analysis of High-Value Cohort Data Connecting Europe and Canada in Personalized Health, Groningen, the Netherlands.
¹⁴ School of Social and Political Studies, University of Glasgow, Glasgow, Scotland, UK.
¹⁵ EuCanImage: A European Cancer Image Platform Linked to Biological and Health Data for Next Generation Artificial Intelligence and Precision Medicine in Oncology, Barcelona, Spain.
¹⁶ Social and Legal Sciences Applied to the New Technosciences Research Group, Faculty of Law, University of the Basque Country, Bilbao, Spain.
¹⁷ CERPOP, Inserm, Toulouse Paul Sabatier University, Toulouse, France.
¹⁸ Metamedica, Faculty of Law and Criminology, Ghent University, Ghent, Belgium.
¹⁹ Institute of Population Health, University of Liverpool, Liverpool, UK.
²⁰ Lynkeus S.R.L, Roma, Italy.
²¹ Heidelberg Institute for Global Health, Heidelberg University, Im Neuenheimer Feld 130/3, 69120, Heidelberg, Germany.

PMID: 37322132
PMCID: PMC10267538
DOI: 10.1038/s41431-023-01403-y

Abstract

The coming-into-force of the EU General Data Protection Regulation (GDPR) is a watershed moment in the legal recognition of enforceable rights to informational self-determination. The rapid evolution of legal requirements applicable to data use, however, has the potential to outstrip the capabilities of networks of biomedical data users to respond to the shifting norms. It can also delegitimate established institutional bodies that are responsible for assessing and authorising the downstream use of data, including research ethics committees and institutional data custodians. These burdens are especially pronounced for clinical and research networks that are of transnational scale, because the legal compliance burden for outbound international data transfers from the EEA is especially high. Legislatures, courts, and regulators in the EU should therefore implement the following three legal changes. First, the responsibilities of particular actors in a data sharing network should be delimited through the contractual allocation of responsibilities between collaborators. Second, the use of data through secure data processing environments should not trigger the international transfer provisions of the GDPR. Third, the use of federated data analysis methodologies that do not provide analysis nodes or downstream users access to identifiable personal data as part of the outputs of those analyses should not be considered circumstances of joint controllership, nor lead to the users of non-identifiable data to be considered controllers or processors. These small clarifications of, or modifications to, the GDPR would facilitate the exchange of biomedical data amongst clinicians and researchers.

PubMed Disclaimer

Conflict of interest statement

The authors declare no competing interests.

Cited by

Ensuring General Data Protection Regulation Compliance and Security in a Clinical Data Warehouse From a University Hospital: Implementation Study.
Riou C, El Azzouzi M, Hespel A, Guillou E, Coatrieux G, Cuggia M. Riou C, et al. JMIR Med Inform. 2025 Apr 17;13:e63754. doi: 10.2196/63754. JMIR Med Inform. 2025. PMID: 40244890 Free PMC article.
Data sharing ethics toolkit: The Human Cell Atlas.
Kirby E, Bernier A, Guigó R, Wold B, Arzuaga F, Kusunose M, Zawati M, Knoppers BM. Kirby E, et al. Nat Commun. 2024 Nov 20;15(1):9901. doi: 10.1038/s41467-024-54300-3. Nat Commun. 2024. PMID: 39567529 Free PMC article. Review.
Managing genetic information sharing at family and population level.
McNeill A. McNeill A. Eur J Hum Genet. 2024 Jan;32(1):1-2. doi: 10.1038/s41431-023-01514-6. Eur J Hum Genet. 2024. PMID: 38185746 Free PMC article. No abstract available.
Challenges and solutions to system-wide use of precision oncology as the standard of care paradigm.
Lajmi N, Alves-Vasconcelos S, Tsiachristas A, Haworth A, Woods K, Crichton C, Noble T, Salih H, Várnai KA, Branford-White H, Orrell L, Osman A, Bradley KM, Bonney L, McGowan DR, Davies J, Prime MS, Hassan AB. Lajmi N, et al. Camb Prism Precis Med. 2024 Mar 26;2:e4. doi: 10.1017/pcm.2024.1. eCollection 2024. Camb Prism Precis Med. 2024. PMID: 38699518 Free PMC article. Review.
A call to action to scale up research and clinical genomic data sharing.
Stark Z, Glazer D, Hofmann O, Rendon A, Marshall CR, Ginsburg GS, Lunt C, Allen N, Effingham M, Hastings Ward J, Hill SL, Ali R, Goodhand P, Page A, Rehm HL, North KN, Scott RH. Stark Z, et al. Nat Rev Genet. 2025 Feb;26(2):141-147. doi: 10.1038/s41576-024-00776-0. Epub 2024 Oct 7. Nat Rev Genet. 2025. PMID: 39375561 Review.

See all "Cited by" articles

References

1. Peloquin D, DiMaio M, Bierer B, Barnes M. Disruptive and avoidable: GDPR challenges to secondary research uses of data. Eur J Hum Genet. 2020;28:697–705. doi: 10.1038/s41431-020-0596-x. - DOI - PMC - PubMed
1. Svantesson, DJB (2021). International data transfers post schrems–moving towards solutions. Gdańskie Studia Prawnicze, 4 (52)/2021), 21–37.
1. Wolfson M, Wallace SE, Masca N, Rowe G, Sheehan NA, Ferretti V, et al. DataSHIELD: resolving a conflict in contemporary bioscience—performing a pooled analysis of individual-level data without sharing the data. Int J Epidemiol. 2010;39:1372–82. doi: 10.1093/ije/dyq111. - DOI - PMC - PubMed
1. Wouters B, Shaw D, Sun C, Ippel L, van Soest J, van den Berg, et al. Putting the GDPR into practice: difficulties and uncertainties experienced in the conduct of big data health research. Eur Data Prot Law Rev (EDPL) 2021;7:206–16. doi: 10.21552/edpl/2021/2/9. - DOI
1. Vukovic J, Ivankovic D, Habl C, Dimnjakovic J. Enablers and barriers to the secondary use of health data in Europe: general data protection regulation perspective. Arch Public Health. 2022;80:115. doi: 10.1186/s13690-022-00866-7. - DOI - PMC - PubMed

MeSH terms

Actions
Actions

Grants and funding

MR/S003959/2/MRC_/Medical Research Council/United Kingdom

LinkOut - more resources

Full Text Sources

Save citation to file

Email citation

Add to Collections

Add to My Bibliography

Your saved search

Create a file for external citation management software

Your RSS Feed

Reconciling the biomedical data commons and the GDPR: three lessons from the EUCAN ELSI collaboratory

Affiliations

Reconciling the biomedical data commons and the GDPR: three lessons from the EUCAN ELSI collaboratory

Authors

Affiliations

Abstract

Conflict of interest statement

Similar articles

Cited by

References

MeSH terms

Grants and funding

LinkOut - more resources

Full Text Sources

Abstract

Conflict of interest statement

Similar articles

Cited by

References

MeSH terms

Related information

Grants and funding

LinkOut - more resources

Full Text Sources