Group plans guidance on personal data use
Text written by Craig Nicholson
Researchers and lawyers are working on a code of conduct for the use of personal data in health research with the aim of ironing out differences in national implementation of an impending EU law. The initiative is being led by the Biobanking and Biomolecular Resources Research Infrastructure,
BBMRI-Eric. Research Europe has learned that the team met with the European Commission, the pharmaceutical industry, lawyers, patient groups and research organisations last week to discuss the way forward.
The initiative focuses on the EU General Data Protection Regulation, which covers the use of personal data for research and other purposes. It will begin to apply from 25 May 2018 onwards. Research organisations have expressed concern that differences in the way that countries might interpret and apply the GDPR will
make it difficult to collaborate and share personal data across national borders.
BBMRI-Eric is in contact with national data protection authorities to develop the code, while the authorities themselves work towards implementing the GDPR.
“We’re developing a code of conduct that will be as understandable as possible to provide guidance for researchers and administrative staff and help reduce any
unnecessary fear of different data protection standards in EU member states,” said Jan-Eric Litton, BBMRI-Eric’s director-general.
The core group developing the code of conduct will work with a broader group of interested and affected parties to help define the code’s scope and content,
Litton said. The organisers’ aim is to have a first draft ready by the summer, which will then be opened for public consultation and refinement in the autumn.
Alea López de San Román, policy officer at the League of European Research Universities, attended the preparatory meeting. She said it would have been better if
policymakers had been able to produce a more ambitious and harmonised regulation, since the GDPR only sets out “very basic common rules”.
But she added that the code of conduct would be helpful. “It will be useful for demonstrating compliance with the obligations and for facilitating cross-border
data transfers,” she said. López de San Román said that additional guidance
would be needed, however, and that Leru might consider developing additional best practice for universities.