Amid the angst over preparations—or lack thereof—for new European Union data protections entering into force at week’s end is the equally worrisome issue of the rules’ impact on scientific research.
Among the concerns for the research community as the EU’s General Data Protection Regulation (GDPR) takes effect is the issue of consent. As stakeholders such as the editors of the journal Nature pointed out on the eve of the GDPR rollout: Will the new data rules require scientists to go back to the data sources to seek renewed consent for its use in future research? Draft GDPR language suggested they might, Nature noted, perhaps introducing delays that could hinder some research.
In response to complaints, European regulators exempted researchers from some data consent requirements, provided certain data privacy safeguards were in place.
The journal reports this week that universities and research organizations have introduced plans to ensure GDPR-compliant data safeguards are in place. “Harmonization of how data can be sourced, stored and used would, in theory, be good for research,” Nature noted. For example, they added, “It could smooth the difficulties that scientists face when they try to pool analysis of genomic data and tissue samples across national borders.”
But these initial steps don’t address all issues related to scientific collaboration and the sharing of data across European borders—or across the Atlantic. “Researchers who work under different systems could struggle to share data with each other,” the science journal noted. “That could lead to delays in negotiations between institutions wanting to create collaborative contracts that enable data sharing.”
Nature reported that university, industry and consumer stakeholders have been meeting for the past year to develop a unified approach to the data consent dilemma. The hope is that an emerging code of conduct would provide researchers with guidelines on issues such as defining “anonymized” data that encrypts or removes personal information from data sets.
Still, such a “how-to” guide would still require approval by the European Data Protection Board.
Research proponents are urging the panel to act swiftly on a code of conduct for handling data used in scientific research. “The code must be approved and put into practice as soon as possible,” the Nature editorial argues. “It’s important to protect people’s personal data; but it’s also important to ensure data can be used with integrity to support valuable research.”
The outcome of the debate over how best to handle personal data used in medical and other types of life-saving research is bound to have repercussions around the world as long as data and its movement across borders remains the engine of innovation.