COVID-19 Research: Navigating the European General Data Protection Regulation

14 Pages Posted: 5 May 2020

See all articles by Regina Becker

Regina Becker

Luxembourg National Data Service (PNED G.I.E.); University of Luxembourg

Adrian Thorogood

Universite du Luxembourg - Luxembourg Centre for Systems Biomedicine

Johan Ordish

PHG Foundation - University of Cambridge

Michael J.S. Beauvais

McGill University - Centre of Genomics and Policy

Date Written: May 5, 2020

Abstract

Researchers must collaborate globally in order to rapidly respond to the COVID-19 pandemic. In Europe, the General Data Protection Regulation (GDPR) regulates the processing of personal data, including health data of value to researchers. Even during a pandemic, research still requires 1) a legal basis for the processing, 2) an additional justification for the processing of sensitive data and 3) a basis for any transfer outside Europe. The GDPR does provide legal grounds and derogations that can support research addressing a pandemic, if these measures are proportionate to the aim pursued and accompanied by suitable safeguards. During a pandemic, a public interest basis may be more promising for research than a consent basis, given the high standards set out in the GDPR. However, the GDPR leaves many aspects of the public interest basis to determination by individual Member States, who have not fully or uniformly made use of all options. The consequence is an inconsistent legal patchwork displaying insufficient clarity and impeding joint approaches. The COVID-19 experience provides lessons for national legislatures. Responsiveness to pandemics requires clear and harmonized laws, which consider the related practical challenges and support collaborative global research in the public interest.

Keywords: COVID-19; GDPR; health research; pandemic; data privacy; data protection; regulation

Suggested Citation

Becker, Regina and Thorogood, Adrian and Ordish, Johan and Beauvais, Michael J.S., COVID-19 Research: Navigating the European General Data Protection Regulation (May 5, 2020). Available at SSRN: https://ssrn.com/abstract=3593579 or http://dx.doi.org/10.2139/ssrn.3593579

Regina Becker (Contact Author)

Luxembourg National Data Service (PNED G.I.E.) ( email )

Av. des Hauts-Fourneaux 6
Esch-sur-Alzette, 4362
Luxembourg

University of Luxembourg ( email )

CAMPUS BELVAL / House of Biomedicine II
6, avenue du Swing
Belvaux, 4367
Luxembourg

Adrian Thorogood

Universite du Luxembourg - Luxembourg Centre for Systems Biomedicine ( email )

2 Avenue de l'Université
Esch-sur-Alzette
Luxembourg

Johan Ordish

PHG Foundation - University of Cambridge ( email )

PHG Foundation
2 Worts Causeway
Cambridge, Cambridgeshire CB1 8RN
United Kingdom

HOME PAGE: http://www.phgfoundation.org/

Michael J.S. Beauvais

McGill University - Centre of Genomics and Policy ( email )

740 Ave Dr Penfield
Montreal, Quebec H3A0G1
Canada

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
353
Abstract Views
2,782
Rank
181,169
PlumX Metrics