Open Consent, Biobanking and Data Protection Law: Can Open Consent Be 'informed' Under the Forthcoming Data Protection Regulation?
Overview
Authors
Affiliations
This article focuses on whether a certain form of consent used by biobanks--open consent--is compatible with the Proposed Data Protection Regulation. In an open consent procedure, the biobank requests consent once from the data subject for all future research uses of genetic material and data. However, as biobanks process personal data, they must comply with data protection law. Data protection law is currently undergoing reform. The Proposed Data Protection Regulation is the culmination of this reform and, if voted into law, will constitute a new legal framework for biobanking. The Regulation puts strict conditions on consent--in particular relating to information which must be given to the data subject. It seems clear that open consent cannot meet these requirements. 4 categories of information cannot be provided with adequate specificity: purpose, recipient, possible third country transfers, data collected. However, whilst open consent cannot meet the formal requirements laid out by the Regulation, this is not to say that these requirements are substantially undebateable. Two arguments could be put forward suggesting the applicable consent requirements should be rethought. First, from policy documents regarding the drafting process, it seems that the informational requirements in the Regulation are so strict in order to protect the data subject from risks inherent in the use of the consent mechanism in a certain context--exemplified by the online context. There are substantial differences between this context and the biobanking context. Arguably, a consent transaction in the biobanking does not present the same type of risk to the data subject. If the risks are different, then perhaps there are also grounds for a reconsideration of consent requirements? Second, an argument can be made that the legislator drafted the Regulation based on certain assumptions as to the nature of 'data'. The authors argue that these assumptions are difficult to apply to genetic data and accordingly a different approach to consent might be preferable. Such an approach might be more open consent friendly.
Research under the GDPR - a level playing field for public and private sector research?.
Quinn P Life Sci Soc Policy. 2021; 17(1):4.
PMID: 33648586 PMC: 7917528. DOI: 10.1186/s40504-021-00111-z.
Broad consent under the GDPR: an optimistic perspective on a bright future.
Hallinan D Life Sci Soc Policy. 2020; 16(1):1.
PMID: 31903508 PMC: 6943899. DOI: 10.1186/s40504-019-0096-3.
Jordanians' Perspectives On Open Consent In Biomedical Research.
Alrabadi N, Makhlouf H, Khabour O, Alzoubi K Risk Manag Healthc Policy. 2019; 12:265-273.
PMID: 31819687 PMC: 6897061. DOI: 10.2147/RMHP.S217209.
Khabour O, Abu-Siniyeh A J Multidiscip Healthc. 2019; 12:229-234.
PMID: 31114216 PMC: 6489903. DOI: 10.2147/JMDH.S194161.
United Kingdom: transfers of genomic data to third countries.
Taylor M, Wallace S, Prictor M Hum Genet. 2018; 137(8):637-645.
PMID: 30074075 PMC: 6132634. DOI: 10.1007/s00439-018-1921-0.