Secondary Use of Personal Health Data: When Is It “Further Processing” Under the GDPR, and What Are the Implications for Data Controllers?

IF 0.6 Q2 LAW EUROPEAN JOURNAL OF HEALTH LAW Pub Date : 2022-08-01 DOI:10.1163/15718093-bja10094
Regina Becker, Davit Chokoshvili, Giovanni Comandé, Edward S. Dove, Alison Hall, Colin Mitchell, Fruzsina Molnár-Gábor, Pilar Nicolàs, Sini Tervo, Adrian Thorogood
{"title":"Secondary Use of Personal Health Data: When Is It “Further Processing” Under the GDPR, and What Are the Implications for Data Controllers?","authors":"Regina Becker, Davit Chokoshvili, Giovanni Comandé, Edward S. Dove, Alison Hall, Colin Mitchell, Fruzsina Molnár-Gábor, Pilar Nicolàs, Sini Tervo, Adrian Thorogood","doi":"10.1163/15718093-bja10094","DOIUrl":null,"url":null,"abstract":"<p>Contemporary biomedical research heavily relies on secondary use of personal health data that were obtained in a different clinical or research setting. Under the European Union’s General Data Protection Regulation (<span style=\"font-variant: small-caps;\">GDPR</span>), data controllers processing personal data must comply with the principle of purpose limitation, which restricts further processing of personal data beyond the purpose for which the data were initially collected. However, “further processing” is not explicitly defined, resulting in considerable interpretive ambiguities as to whether “secondary use” of data by researchers constitutes “further processing” under the <span style=\"font-variant: small-caps;\">GDPR</span>. This ambiguity is problematic as it exposes researchers to potential non-compliance risks. In this article, we analyse the term “further processing” within the meaning of the <span style=\"font-variant: small-caps;\">GDPR</span>, elucidate important aspects in which it differs from “secondary use”, and discuss the implications for data controllers’ <span style=\"font-variant: small-caps;\">GDPR</span> compliance obligations. Subsequently, we contextualise this analysis within a broader discussion of regulating scientific research under the <span style=\"font-variant: small-caps;\">GDPR</span>.</p>","PeriodicalId":43934,"journal":{"name":"EUROPEAN JOURNAL OF HEALTH LAW","volume":"373 1","pages":""},"PeriodicalIF":0.6000,"publicationDate":"2022-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"EUROPEAN JOURNAL OF HEALTH LAW","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1163/15718093-bja10094","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"LAW","Score":null,"Total":0}
引用次数: 0

Abstract

Contemporary biomedical research heavily relies on secondary use of personal health data that were obtained in a different clinical or research setting. Under the European Union’s General Data Protection Regulation (GDPR), data controllers processing personal data must comply with the principle of purpose limitation, which restricts further processing of personal data beyond the purpose for which the data were initially collected. However, “further processing” is not explicitly defined, resulting in considerable interpretive ambiguities as to whether “secondary use” of data by researchers constitutes “further processing” under the GDPR. This ambiguity is problematic as it exposes researchers to potential non-compliance risks. In this article, we analyse the term “further processing” within the meaning of the GDPR, elucidate important aspects in which it differs from “secondary use”, and discuss the implications for data controllers’ GDPR compliance obligations. Subsequently, we contextualise this analysis within a broader discussion of regulating scientific research under the GDPR.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
个人健康数据的二次使用:GDPR下的“进一步处理”何时开始,以及对数据控制者的影响?
当代生物医学研究严重依赖于在不同的临床或研究环境中获得的个人健康数据的二次使用。根据欧盟的通用数据保护条例(GDPR),处理个人数据的数据控制者必须遵守目的限制原则,这限制了对个人数据的进一步处理,超出了最初收集数据的目的。然而,“进一步处理”没有明确定义,导致研究人员对数据的“二次使用”是否构成GDPR下的“进一步处理”存在相当大的解释歧义。这种模糊性是有问题的,因为它暴露了研究人员潜在的不合规风险。在本文中,我们分析了GDPR含义中的术语“进一步处理”,阐明了它与“二次使用”不同的重要方面,并讨论了对数据控制者GDPR合规义务的影响。随后,我们将这一分析置于GDPR下规范科学研究的更广泛讨论中。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
EUROPEAN JOURNAL OF HEALTH LAW
EUROPEAN JOURNAL OF HEALTH LAW LAW-
CiteScore
0.90
自引率
0.00%
发文量
52
期刊介绍: The European Journal of Jewish Studies (EJJS) is the Journal of the European Association for Jewish Studies (EAJS). Its main purpose is to publish high-quality research articles, essays and shorter contributions on all aspects of Jewish Studies. Submissions are all double blind peer-reviewed. Additionally, EJJS seeks to inform its readers on current developments in Jewish Studies: it carries comprehensive review-essays on specific topics, trends and debated questions, as well as regular book-reviews. A further section carries reports on conferences, symposia, and descriptions of research projects in every area of Jewish Studies.
期刊最新文献
European Court of Justice. An Exploratory Study of Capacity Assessment in Medical Practice in Ireland. Selected Legislature and Jurisprudence. Selected Legislation and Jurisprudence. Collaboration in Healthcare: Implications of Data Sharing for Secondary Use in the European Union.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1