Balancing data protection and research needs in the age of the GDPR

dna
Credit: CC0 Public Domain

Scientific journals and funding bodies often require researchers to deposit individual genetic data from studies in research repositories in order to increase data sharing with the aim of enabling the reproducibility of new findings, as well as facilitating new discoveries. However, the introduction of new regulations such as the EU General Data Protection Regulation (GDPR) can complicate this, according to the results of a study to be presented at the annual conference of the European Society of Human Genetics today.

The investigators collected experiences of the practical challenges that researchers face. "Their attempts to comply with the requirements of funders and journals to deposit data often clash with the GDPR," says Dr. Deborah Mascalzoni, senior researcher at Uppsala University in Sweden and at EURAC Research, Bolzano, Italy. "We need to follow along the path of open science while taking into account ethical and if we are to be able to comply with both the law and the funders' requirements."

According to the GDPR, participants in research studies have the right to withdraw consent for the further use of their data. To exercise this right, they must be informed about the processing of their data in research repositories, but the way in which some repositories are set up can make it difficult for researchers to comply with the law. Another challenge lies in the GDPR's requirement for data processing to be limited to what is necessary to fulfill a study's objectives, therefore ruling out the long-term retention of data for unspecified uses. The destruction of such data eliminates resources that may be useful in the future and therefore reduces research efficiency.

But solutions to the problem are readily available, say Dr. Mascalzoni and her fellow researcher Heidi Beate Bentzen, LLM, from the University of Oslo in Norway. The current difficulties stem from the fact that legal and ethical design are not always embedded into the planning of a system from the beginning. This means that this is often added as an afterthought, a kind of "patch" that fixes one case but is not a long-term solution. And while the GDPR needs to be interwoven into the everyday work of researchers, it is still a fairly new .

"If you introduce a novel technique in the lab, you need to account for it and make it work with your existing systems, for example IT and other lab equipment. It is the same with the GDPR, that in essence is a good piece of law. What we are facing now with the repositories is that they are often based outside the EU or in in one EU member state (as the UK model) without taking into account all EU member state regulations," says Dr. Mascalzoni.

Researchers currently may face problems submitting their work to some journals due to legal restrictions preventing them from sharing individual-level genetic data in the journals' repositories. They may be able to share data with reviewers and editors, and in some cases with other researchers who request the data for specific purposes, but not more widely. "Journals need to rethink their policies in these cases," says Dr. Mascalzoni. "Because participant trust is so crucial to the future of research, we were surprised to find that research repositories had not already changed their modus operandi and that journals and funders had not amended their policies to account for the GDPR."

Another way is to recognize mutually equivalent policies, the researchers say. If a law prohibits a practice it is difficult to require individual scientists to either disobey or be excluded, so exceptions and waivers should apply.

"We hope that our work will showcase the urgency of setting up GDPR compliant research repositories and adapting the requirements of funding bodies and journals to the GDPR. If we are to operate in an open, efficient science environment, we need to build a safe place where researchers and patients can participate knowing human rights and research are taken seriously simultaneously," Dr. Mascalzoni concludes.

Chair of the ESHG conference, Professor Joris Veltman, Director of the Institute of Genetic Medicine at Newcastle University, Newcastle upon Tyne, UK, said: "Data sharing is essential for scientific progress, especially in the field of human genetics where we need to combine clinical and genetic data to learn about the clinical impact of millions of genetic variations present in each person's genome. This study investigates how the new EU regulations affect and what should be done to allow for this to be done in a safe and responsible manner."

More information: Abstract no: C22.6 Are requirements to deposit data in research repositories compatible with the GDPR?
Citation: Balancing data protection and research needs in the age of the GDPR (2019, June 17) retrieved 20 July 2019 from https://medicalxpress.com/news/2019-06-age-gdpr.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
3 shares

Feedback to editors

User comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more