Raising standards for global data-sharing

doi:10.1126/science.abf4286

GSTDTAP > 气候变化

DOI	10.1126/science.abf4286
	Raising standards for global data-sharing
	Edward S. Dove; Jiahong Chen; Nóra Ni Loideain
	2021-01-08
发表期刊	Science
出版年	2021
英文摘要	In their Policy Forum “How to fix the GDPR's frustration of global biomedical research” (2 October 2020, p. [40][1]), J. Bovenberg et al. argue that the biomedical research community has struggled to share data outside the European Union as a result of the EU's General Data Protection Regulation (GDPR), which strictly limits the international transfer of personal data. However, they do not acknowledge the law's flexibility, and their solutions fail to recognize the importance of multilateral efforts to raise standards for global data-sharing. Bovenberg et al. express concern about the thwarting of “critical data flows” in biomedical research. However, the limited number of critical commentaries ([ 1 ][2], [ 2 ][3]) and registered complaints ([ 3 ][4]) indicate that hindered data exchange may not be a substantial global problem. Moreover, the authors concede that during the COVID-19 pandemic, data transfers remain ongoing because transfers “necessary for important reasons of public interest” are already provided in the law [([ 4 ][5]), Article 49(1)(d)]. The European Data Protection Board (EDPB) has cautioned that transfers according to this derogation shall not become the rule in practice ([ 5 ][6]), but this conditional support for international COVID-19 data sharing shows that the law already provides suitable flexibility. This flexibility also shows the EDPB's recognition of the pressing social need that biomedical research represents for the global research community during the COVID-19 pandemic, while also seeking to ensure that this remains the exception and not the beginning of a normalized practice. Bovenberg et al. contend that pseudonymized data should not be considered personal data in the hands of an entity that does not possess the key needed for re-identification. This proposal runs against well-established guidance in EU member states such as Ireland ([ 6 ][7]) and Germany ([ 7 ][8]), and it does not take into account the cases in which identifiers remain attached to transferred biomedical data or in which data could be identified without a key. Bovenberg et al. also neglect to state that the GDPR has special principles and safeguards for particularly sensitive re-identifiable data, not just for the protection of privacy but also for the security and integrity of health research data—aims that align with all high-quality scientific research. Respecting these standards (both technical and organizational) is fundamental to ensuring better data security and accuracy in the transferring of huge datasets of sensitive health data that are essential to global collaboration [([ 4 ][5]), Articles 5 and 9, Recitals 53 and 54, and ([ 8 ][9])]. Thus, these rules should not be subject to exemptions, which would result from not classifying pseudonymized data as personal data. The purpose of the GDPR's strict rules is to ensure that when personal data are transferred to non-EU countries, the level of protection ensured in the European Union is not undermined. The EU's Court of Justice decisions ([ 9 ][10], [ 10 ][11]) make it clear that ensuring an adequate level of protection in non-EU countries, especially independent oversight and judicial remedies—which the Court found lacking in the United States—is a matter of fundamental rights. This discrepancy is an opportunity for non-EU countries, including the United States, to raise their data protection standards to the level of the European Union's, not for the European Union to decrease its own standards in a regulatory race to the bottom. We encourage research organizations and country delegations to work with the European Commission, national data protection authorities, and the EDPB to craft interoperable rules on data sharing applicable for biomedical research in ways that do not undermine fundamental rights owed to data subjects. 1. [↵][12]1. R. Eiss , Nature 584, 498 (2020). [OpenUrl][13] 2. [↵][14]1. R. Becker et al ., J. Med. Internet Res. 22, e19799 (2020). [OpenUrl][15] 3. [↵][16]1. A. Jelinek , EDPB response letter to Mark W. Libby, Chargé d'Affaires, United States Mission to the European Union (2020); [https://edpb.europa.eu/sites/edpb/files/files/file1/edpb\_letter\_out2020-0029\_usmission\_covid19.pdf][17]. 4. [↵][18]GDPR (2016); . 5. [↵][19]EDPB, “Guidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak” (2020). 6. [↵][20]Data Protection Commission, “Guidance on Anonymisation and Pseudonymisation” (2019); [www.dataprotection.ie/sites/default/files/uploads/2019-06/190614%20Anonymisation%20and%20Pseudonymisation.pdf][21]. 7. [↵][22]German Federal Ministry of the Interior, Building and Community, “Draft for a Code of Conduct on the use of GDPR compliant pseudonymisation” (2019); [www.gdd.de/downloads/aktuelles/whitepaper/Data\_Protection\_Focus\_Group-Draft\_CoC\_Pseudonymisation\_V1.0.pdf][23]. 8. [↵][24]1. D. Anderson et al ., Int. Data Privacy L. 10, 180 (2020). [OpenUrl][25] 9. [↵][26]Case C-362/14 Maximilian Schrems v. Data Protection Commissioner (Court of Justice of the EU, 2015). 10. [↵][27]Case C-311/18 Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems (Court of Justice of the EU, 2020). [1]: http://www.sciencemag.org/content/370/6512/40 [2]: #ref-1 [3]: #ref-2 [4]: #ref-3 [5]: #ref-4 [6]: #ref-5 [7]: #ref-6 [8]: #ref-7 [9]: #ref-8 [10]: #ref-9 [11]: #ref-10 [12]: #xref-ref-1-1 "View reference 1 in text" [13]: {openurl}?query=rft.jtitle%253DNature%26rft.volume%253D584%26rft.spage%253D498%26rft.genre%253Darticle%26rft_val_fmt%253Dinfo%253Aofi%252Ffmt%253Akev%253Amtx%253Ajournal%26ctx_ver%253DZ39.88-2004%26url_ver%253DZ39.88-2004%26url_ctx_fmt%253Dinfo%253Aofi%252Ffmt%253Akev%253Amtx%253Actx [14]: #xref-ref-2-1 "View reference 2 in text" [15]: {openurl}?query=rft.jtitle%253DJ.%2BMed.%2BInternet%2BRes.%26rft.volume%253D22%26rft.spage%253De19799%26rft.genre%253Darticle%26rft_val_fmt%253Dinfo%253Aofi%252Ffmt%253Akev%253Amtx%253Ajournal%26ctx_ver%253DZ39.88-2004%26url_ver%253DZ39.88-2004%26url_ctx_fmt%253Dinfo%253Aofi%252Ffmt%253Akev%253Amtx%253Actx [16]: #xref-ref-3-1 "View reference 3 in text" [17]: https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_letter_out2020-0029_usmission_covid19.pdf [18]: #xref-ref-4-1 "View reference 4 in text" [19]: #xref-ref-5-1 "View reference 5 in text" [20]: #xref-ref-6-1 "View reference 6 in text" [21]: http://www.dataprotection.ie/sites/default/files/uploads/2019-06/190614%20Anonymisation%20and%20Pseudonymisation.pdf [22]: #xref-ref-7-1 "View reference 7 in text" [23]: http://www.gdd.de/downloads/aktuelles/whitepaper/Data_Protection_Focus_Group-Draft_CoC_Pseudonymisation_V1.0.pdf [24]: #xref-ref-8-1 "View reference 8 in text" [25]: {openurl}?query=rft.jtitle%253DInt.%2BData%2BPrivacy%2BL.%26rft.volume%253D10%26rft.spage%253D180%26rft.genre%253Darticle%26rft_val_fmt%253Dinfo%253Aofi%252Ffmt%253Akev%253Amtx%253Ajournal%26ctx_ver%253DZ39.88-2004%26url_ver%253DZ39.88-2004%26url_ctx_fmt%253Dinfo%253Aofi%252Ffmt%253Akev%253Amtx%253Actx [26]: #xref-ref-9-1 "View reference 9 in text" [27]: #xref-ref-10-1 "View reference 10 in text"
领域	气候变化 ; 资源环境
URL	查看原文
引用统计
文献类型	期刊论文
条目标识符	http://119.78.100.173/C666/handle/2XK7JSWQ/310428
专题	气候变化资源环境科学
推荐引用方式 GB/T 7714	Edward S. Dove,Jiahong Chen,Nóra Ni Loideain. Raising standards for global data-sharing[J]. Science,2021.
APA	Edward S. Dove,Jiahong Chen,&Nóra Ni Loideain.(2021).Raising standards for global data-sharing.Science.
MLA	Edward S. Dove,et al."Raising standards for global data-sharing".Science (2021).