Global S&T Development Trend Analysis Platform of Resources and Environment
| DOI | 10.1126/science.abf5425 |
| Raising standards for global data-sharing—Response | |
| Jasper Bovenberg; David Peloquin; Barbara Bierer; Mark Barnes; Bartha Maria Knoppers | |
| 2021-01-08 | |
| 发表期刊 | Science
 |
| 出版年 | 2021 |
| 英文摘要 | Dove et al. suggest that despite the lack of viable mechanisms for transferring research data from Europe to other countries, in practice such transfers take place anyway. However, the fact that some transfers continue to occur in circumstances of regulatory ambiguity is not a solution; rather, these exceptions exacerbate the legal, regulatory, ethical, and operational challenges. Issues of cross-border research data transfer in the wake of the latest Court of Justice decision abound, and the General Data Protection Regulation (GDPR) has stalled at least 40 U.S. National Institutes of Health clinical and observational studies on risk factors and exposures for cancer ([ 1 ][1]).
Dove et al. point to the European Data Protection Board (EDPB) guidance on COVID-19 as evidence that GDPR contains sufficient flexibilities, but this guidance specifies that the ability to make such cross-border transfers should be temporary ([ 2 ][2]). COVID-19 research, like much other research, requires longitudinal study of data over many years. A “temporary measure” does not suffice in the long term.
In dismissing our proposal that pseudonymized data need not always be considered personal data, Dove et al. assert that such an approach is unrealistic given the guidance in certain EU Member States. However, those rules concern anonymization generally and do not focus on the more protected and secure research context. The European Court of Justice in the Breyer case and several commentators in the research community have proposed that a contextual approach to pseudonymization could permit pseudonymized data to be treated as anonymized when adequate safeguards are in place ([ 3 ][3]–[ 6 ][4]).
Dove et al. 's assertion that some identifiers remain attached to transferred biomedical data mistakenly ignores that all identifiers will be removed, as discussed in our Policy Forum. Any subsequent attempt to reidentify deidentified data would either require unauthorized access, breach of law and contract, or both. This risk cannot be completely prevented, but it exists both outside and within the EU. What matters is that the EDPB contends that both pseudonymization and encryption with the keys retained solely under the control of the data exporter could provide effective supplementary measures ([ 7 ][5]).
Dove et al. suggest that our proposals will lead to a “regulatory race to the bottom,” but they do not recognize that the U.S. and EU laws are each imperfect in their implementation. The EU Court of Justice expressed concern about particular elements of the U.S. national security regime (notably lack of redress to a judicial authority), but the types of pseudonymized data transferred in the course of scientific research are unlikely to be of interest to the U.S. intelligence community ([ 8 ][6]). Dove et al. hope that the United States and other countries will “raise their data protection standards to the level of the European Union's,” but they overlook the fact that the GDPR itself does not protect subjects from use of their data for national surveillance intelligence ([ 9 ][7], [ 10 ][8]). In addition, they neglect to acknowledge that the EU Fundamental Rights Agency has documented the limited individual redress to a judicial authority existing in EU Member States under their national surveillance laws. Notably, only “in four Member States [out of 27], an expert body's decision or preliminary assessment can be appealed before a judge” ([ 10 ][8]). Thus, 23 Member States' legislation present gaps to data protection that are similar to those in the United States.
We believe that the European Union should resolve this double standard before insisting on the higher standard for non-EU countries. In the meantime, our solutions offer a balanced approach to the trade-offs between privacy, global science, and public health.
1. [↵][9]1. R. Eiss
, Nature 584, 498 (2020).
[OpenUrl][10]
2. [↵][11]European Data Protection Board, “Guidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak” (2020).
3. [↵][12]Case C-582/14 Patrick Breyer v. Bundesrepublik Deutschland (2016), ECR I-769.
4. PHG Foundation, “The GDPR and genomic data,” (2020); [www.phgfoundation.org/documents/gdpr-and-genomic-data-report.pdf][13].
5. 1. M. Mourby et al
., Comput. Law Secur. Rev. 34, 222 (2018).
[OpenUrl][14]
6. [↵][15]1. E.-B. van Veen
, Eur. J. Canc. 104, 70 (2018).
[OpenUrl][16]
7. [↵][17]European Data Protection Board, “Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data” (2020).
8. [↵][18] U.S. Department of Commerce, “Information on U.S. privacy safeguards relevant to SCCs and other EU legal bases for EU-U.S. data transfers after SCHREMS II” (white paper) (2020).
9. [↵][19]GDPR (2016), Recital 16, Article 2(2)(d) and Article 23(1)(a); |
| 领域 | 气候变化 ; 资源环境 |
| URL | 查看原文 |
| 引用统计 | |
| 文献类型 | 期刊论文 |
| 条目标识符 | http://119.78.100.173/C666/handle/2XK7JSWQ/310429 |
| 专题 | 气候变化 资源环境科学 |
| 推荐引用方式 GB/T 7714 | Jasper Bovenberg,David Peloquin,Barbara Bierer,等. Raising standards for global data-sharing—Response[J]. Science,2021. |
| APA | Jasper Bovenberg,David Peloquin,Barbara Bierer,Mark Barnes,&Bartha Maria Knoppers.(2021).Raising standards for global data-sharing—Response.Science. |
| MLA | Jasper Bovenberg,et al."Raising standards for global data-sharing—Response".Science (2021). |
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论