Skip to content

The search returned 31 results.

Legal Issues in Regulating Observational Studies: journal article

The impact of the GDPR on Italian Biomedical Research

Paola Aurucci

European Data Protection Law Review, Volume 5 (2019), Issue 2, Page 197 - 208

This article aims to show the legal challenges rising from the use, reuse, linkage and analysis of sensitive data in observational studies. In order to spell out these challenges and a possible way of meeting them, the first section takes into account the distinctive nature of retrospective observational studies and Big Data anal. The second section shows how the General Data Protection Regulation faces the challenge of maximising the opportunities arising from these studies while protecting the privacy of individual patients through research exemptions. The last section focuses on the Italian data protection regime to show why delegation of powers back to the national legal systems of the Member States entails a number of critical drawbacks, like hampering the progress of medical research. Keywords: GDPR, Data Protection, Medical Research, Sensitive Data


Peter Nowak v Data Protection Commissioner: journal article

Potential Aftermaths Regarding Subjective Annotations in Clinical Records

Daniel Jove

European Data Protection Law Review, Volume 5 (2019), Issue 2, Page 175 - 183

On 20 December 2017 the European Court of Justice gave its judgment on the Nowak case. This ruling addresses the potential application of the General Data Protection Regulation (GDPR) to the answers and subjective comments of the examiner. The classification of this data as personal data entails, for the candidate, the possibility of using their rights of access, rectification and objection. This study analyses the Nowak ruling and reflects on the possibility of extrapolating the doctrine which it establishes to other areas. The spotlight is placed specifically on subjective comments in a medical history. The nature of this information is analysed in order to establish whether it is the patient’s personal data and also if limiting the right to access this information is compatible with the GDPR. Keywords: Data Protection, Subjective Annotations, Clinical Record, GDPR, General Data Protection Regulation, European Court of Justice


Tort and Data Protection Law: journal article

Are There Any Lessons to Be Learnt?

Leon Trakman, Robert Walters, Bruno Zeller

European Data Protection Law Review, Volume 5 (2019), Issue 4, Page 500 - 519

The development and evolution of data protection law is not fully realised. One challenge that has emerged is the recognition of a tort for violating a person’s personal information contrary to data protection law. The issue is that courts have found it difficult to determine and assess the harm caused to the data subject. The courts in the United Kingdom (UK) and Canada have recently developed a tort for infringing privacy in personal data. What has emerged is that courts in those two countries have begun to establish some key principles to underpin a tort violating privacy, by providing guidance on measuring the ensuing harm. That tort is also developing in the United States. This article argues that other common law jurisdictions, notably Australia, should consider going down the same pathway, by establishing a privacy tort over the Internet. Such a tort in data protection will provide a higher level of control to data subjects over their personal data and deter entities from misusing that data. However, that tort may fail to protect data subjects from the misuse of their personal data if the law requires harm to eventuate, as is required by the tradition tort of privacy. This must be considered with caution because, unlike traditional notions of a tort in privacy, a privacy violation of over the Internet may take weeks, months or years to identify. Contrarily, tort law has been effective in reducing and deterring negligence in privacy related cases, strengthening the rationale for a tort in personal data over the Internet. Keywords: Australia, Data Protection, European Union, Personal Data, Tort, United Kingdom


Artificial Intelligence in Medical Diagnoses and the Right to Explanation journal article

Thomas Hoeren, Maurice Niehoff

European Data Protection Law Review, Volume 4 (2018), Issue 3, Page 308 - 319

Artificial intelligence and automation is also finding its way into the healthcare sector with some systems even claiming to deliver better results than human physicians. However, the increasing automation of medical decision-making is also accompanied by problems, as the question of how the relationship of trust between physicians and patients can be maintained or how decisions can be verified. This is where the right to explanation comes into play, which is enshrined in the General Data Protection Regulation (GDPR). This article explains how the right is derived from the GDPR and how it should be established. Keywords: Data Protection, Privacy, AI, Articial Intelligence, Algorithm


Improving Consent in Information Privacy through Autonomy-Preserving Protective Measures (APPMs) journal article

Luiza Jarovsky

European Data Protection Law Review, Volume 4 (2018), Issue 4, Page 447 - 458

In this article, I argue that due to numerous shortcomings, current online consent mechanisms do not allow data subjects to think, decide and choose according to their internal beliefs, therefore impairing essential individual freedoms – or capabilities, following Martha Nussbaum’s Capabilities Approach. I identify the main shortcomings of consent in privacy as issues of cognitive limitations, information overload, information insufficiency, lack of intervenability and lack of free choice, describing the type of imbalance present in each category. Then, based on current privacy theories and focusing on the concepts of autonomy and protection – and how they can be combined and manifested in policymaking - I propose the Methodology for Autonomy-Preserving Protection (MAPP), a methodology to evaluate (old) or design (new) measures to improve consent and reinstall the freedoms of thought, decision and choice in this context. According to the MAPP, if an entity A wants to generate positive welfare to an individual B, then: 1) the intentions or goals of A must be transparent, known to B and open to legal questioning and criticism; 2) the actions of A must be transparent, non-manipulative, known to B and open to legal questioning and criticism; and 3) the actions of A must not interfere in the decision-making capacities of B, preserving her autonomy. Lastly, applying the methodology, I present a non-exhaustive list of Autonomy-Preserving Protective Measures (APPMs), showing how they can enable the three freedoms highlighted in the present work and support more effective consent mechanisms. Keywords: Information Privacy, Consent, Data Protection, Autonomy, Paternalism


Genetic Information and Communities: journal article

A Triumph of Communitarianism over the Right to Data Protection under the GDPR?

Adam Panagiotopoulos

European Data Protection Law Review, Volume 4 (2018), Issue 4, Page 459 - 469

This article addresses the question of whether and under which conditions a communitarian approach could be embedded in the data protection regime, focusing on the concept and regulation of genetic data under the General Data Protection Regulation (GDPR). Reflecting on the collective and relational dimension of genetic data, this article challenges the communitarian doctrine, which underlies the relevant GDPR provisions, and suggests that the common good should not have ipso facto primacy over individual rights. The rights to data protection and privacy should be considered as individual rights, duties and shared ends. Keywords: Communitarianism, Genetic Data, Data Protection, Privacy, Public Interest




Machine Learning for Diagnosis and Treatment: journal article

Gymnastics for the GDPR

Robin Pierce

European Data Protection Law Review, Volume 4 (2018), Issue 3, Page 333 - 343

Machine Learning (ML), a form of artificial intelligence (AI) that produces iterative refinement of outputs without human intervention, is gaining traction in healthcare as a promising way of streamlining diagnosis and treatment and is even being explored as a more efficient alternative to clinical trials. ML is increasingly being identified as an essential tool in the arsenal of Big Data for medicine. ML can process and analyse the data resulting in outputs that can inform treatment and diagnosis. Consequently, ML is likely to occupy a central role in precision medicine, an approach that tailors treatment based on characteristics of individual patients instead of traditional ‘average’ or one-size-fits-all medicine, potentially optimising outcomes as well as resource allocation. ML falls into a category of data-reliant technologies that have the potential to enhance healthcare in significant ways. However, as such, concerns about data protection and the GDPR may arise as ML assumes a growing role in healthcare, prompting questions about the extent to which the GDPR and related legislation will be able to provide adequate data protection for data subjects. Focusing on issues of transparency, fairness, storage limitation, purpose limitation and data minimisation as well as specific provisions supporting these principles, this article examines the interaction between ML and data protection law. Keywords: Machine Learning, GDPR, Data Protection, Artificial Intelligence in Medicine, Health Data, Automated Processing, Data Minimisation