When is the processing of data from medical implants lawful? The legal grounds for processing health-related personal data from ICT implantable medical devices for treatment purposes under EU data protection law.

IF 1.8 4区 医学 Q1 LAW
Sarita Lindstad, Kaspar Rosager Ludvigsen
{"title":"When is the processing of data from medical implants lawful? The legal grounds for processing health-related personal data from ICT implantable medical devices for treatment purposes under EU data protection law.","authors":"Sarita Lindstad,&nbsp;Kaspar Rosager Ludvigsen","doi":"10.1093/medlaw/fwac038","DOIUrl":null,"url":null,"abstract":"<p><p>Medicine is one of the biggest use cases for emerging information technologies. Data processing brings huge advantages but forces lawmakers and practitioners to balance between privacy, autonomy, accessibility, and functionality. ICT-connected Implantable Medical Devices plant themselves firmly between traditional medical equipment and software that processes health-related personal data, and these implants face many data management challenges. It is essential that healthcare providers and others can identify and understand the legal grounds they rely on to process data. The European Union is currently updating its framework, and the special provisions in the GDPR, the current ePrivacy Directive, and the coming ePrivacy Regulation all provide enhanced thresholds for processing data. This article provides an overview and explanation of the applicability of the rules and the legal grounds for processing data. We find that only a cumulative application of the GDPR and the ePrivacy rules ensure adequate protection of this data and present the legal grounds for processing in these cases. We discuss the challenges in obtaining and maintaining valid consent and necessity as a legal ground for processing and offer use case-specific discussions of the role of consent long-term and the lack of an adequate 'vital interest' exception in the ePrivacy rules.</p>","PeriodicalId":49146,"journal":{"name":"Medical Law Review","volume":"31 3","pages":"317-339"},"PeriodicalIF":1.8000,"publicationDate":"2023-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10452051/pdf/","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Medical Law Review","FirstCategoryId":"3","ListUrlMain":"https://doi.org/10.1093/medlaw/fwac038","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}
引用次数: 2

Abstract

Medicine is one of the biggest use cases for emerging information technologies. Data processing brings huge advantages but forces lawmakers and practitioners to balance between privacy, autonomy, accessibility, and functionality. ICT-connected Implantable Medical Devices plant themselves firmly between traditional medical equipment and software that processes health-related personal data, and these implants face many data management challenges. It is essential that healthcare providers and others can identify and understand the legal grounds they rely on to process data. The European Union is currently updating its framework, and the special provisions in the GDPR, the current ePrivacy Directive, and the coming ePrivacy Regulation all provide enhanced thresholds for processing data. This article provides an overview and explanation of the applicability of the rules and the legal grounds for processing data. We find that only a cumulative application of the GDPR and the ePrivacy rules ensure adequate protection of this data and present the legal grounds for processing in these cases. We discuss the challenges in obtaining and maintaining valid consent and necessity as a legal ground for processing and offer use case-specific discussions of the role of consent long-term and the lack of an adequate 'vital interest' exception in the ePrivacy rules.

Abstract Image

Abstract Image

什么时候处理医疗植入物的数据是合法的?根据欧盟数据保护法,为治疗目的处理来自ICT植入式医疗设备的健康相关个人数据的法律依据。
医学是新兴信息技术的最大用例之一。数据处理带来了巨大的优势,但也迫使立法者和从业者在隐私、自主性、可访问性和功能之间取得平衡。信息通信技术连接的植入式医疗设备牢固地连接在传统医疗设备和处理与健康有关的个人数据的软件之间,这些植入式设备面临许多数据管理挑战。医疗保健提供者和其他人必须能够识别和理解他们处理数据所依赖的法律依据。欧盟目前正在更新其框架,GDPR中的特殊条款,当前的电子隐私指令,以及即将出台的电子隐私条例都为处理数据提供了更高的门槛。本文概述和解释了规则的适用性以及处理数据的法律依据。我们发现,只有GDPR和电子隐私规则的累积应用才能确保对这些数据的充分保护,并在这些情况下提供处理的法律依据。我们讨论了在获取和维持有效的同意和必要性作为处理的法律依据方面的挑战,并提供了具体的用例讨论,讨论了同意的长期作用,以及电子隐私规则中缺乏适当的“重大利益”例外。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Medical Law Review
Medical Law Review MEDICAL ETHICS-
CiteScore
3.10
自引率
11.80%
发文量
50
审稿时长
>12 weeks
期刊介绍: The Medical Law Review is established as an authoritative source of reference for academics, lawyers, legal and medical practitioners, law students, and anyone interested in healthcare and the law. The journal presents articles of international interest which provide thorough analyses and comment on the wide range of topical issues that are fundamental to this expanding area of law. In addition, commentary sections provide in depth explorations of topical aspects of the field.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信