Secondary Use of Personal Health Data: When Is It “Further Processing” Under the GDPR, and What Are the Implications for Data Controllers?

IF 0.6 Q2 LAW

EUROPEAN JOURNAL OF HEALTH LAW Pub Date : 2022-08-01 DOI:10.1163/15718093-bja10094

Regina Becker, Davit Chokoshvili, Giovanni Comandé, Edward S. Dove, Alison Hall, Colin Mitchell, Fruzsina Molnár-Gábor, Pilar Nicolàs, Sini Tervo, Adrian Thorogood

{"title":"Secondary Use of Personal Health Data: When Is It “Further Processing” Under the GDPR, and What Are the Implications for Data Controllers?","authors":"Regina Becker, Davit Chokoshvili, Giovanni Comandé, Edward S. Dove, Alison Hall, Colin Mitchell, Fruzsina Molnár-Gábor, Pilar Nicolàs, Sini Tervo, Adrian Thorogood","doi":"10.1163/15718093-bja10094","DOIUrl":null,"url":null,"abstract":"Contemporary biomedical research heavily relies on secondary use of personal health data that were obtained in a different clinical or research setting. Under the European Union’s General Data Protection Regulation (GDPR), data controllers processing personal data must comply with the principle of purpose limitation, which restricts further processing of personal data beyond the purpose for which the data were initially collected. However, “further processing” is not explicitly defined, resulting in considerable interpretive ambiguities as to whether “secondary use” of data by researchers constitutes “further processing” under the GDPR. This ambiguity is problematic as it exposes researchers to potential non-compliance risks. In this article, we analyse the term “further processing” within the meaning of the GDPR, elucidate important aspects in which it differs from “secondary use”, and discuss the implications for data controllers’ GDPR compliance obligations. Subsequently, we contextualise this analysis within a broader discussion of regulating scientific research under the GDPR.","PeriodicalId":43934,"journal":{"name":"EUROPEAN JOURNAL OF HEALTH LAW","volume":"373 1","pages":""},"PeriodicalIF":0.6000,"publicationDate":"2022-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"EUROPEAN JOURNAL OF HEALTH LAW","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1163/15718093-bja10094","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"LAW","Score":null,"Total":0}

引用次数: 0

Abstract

Contemporary biomedical research heavily relies on secondary use of personal health data that were obtained in a different clinical or research setting. Under the European Union’s General Data Protection Regulation (GDPR), data controllers processing personal data must comply with the principle of purpose limitation, which restricts further processing of personal data beyond the purpose for which the data were initially collected. However, “further processing” is not explicitly defined, resulting in considerable interpretive ambiguities as to whether “secondary use” of data by researchers constitutes “further processing” under the GDPR. This ambiguity is problematic as it exposes researchers to potential non-compliance risks. In this article, we analyse the term “further processing” within the meaning of the GDPR, elucidate important aspects in which it differs from “secondary use”, and discuss the implications for data controllers’ GDPR compliance obligations. Subsequently, we contextualise this analysis within a broader discussion of regulating scientific research under the GDPR.

查看原文本刊更多论文

个人健康数据的二次使用:GDPR下的“进一步处理”何时开始，以及对数据控制者的影响?

当代生物医学研究严重依赖于在不同的临床或研究环境中获得的个人健康数据的二次使用。根据欧盟的通用数据保护条例(GDPR)，处理个人数据的数据控制者必须遵守目的限制原则，这限制了对个人数据的进一步处理，超出了最初收集数据的目的。然而，“进一步处理”没有明确定义，导致研究人员对数据的“二次使用”是否构成GDPR下的“进一步处理”存在相当大的解释歧义。这种模糊性是有问题的，因为它暴露了研究人员潜在的不合规风险。在本文中，我们分析了GDPR含义中的术语“进一步处理”，阐明了它与“二次使用”不同的重要方面，并讨论了对数据控制者GDPR合规义务的影响。随后，我们将这一分析置于GDPR下规范科学研究的更广泛讨论中。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

EUROPEAN JOURNAL OF HEALTH LAW LAW-

CiteScore

0.90

自引率

0.00%

发文量

期刊介绍： The European Journal of Jewish Studies (EJJS) is the Journal of the European Association for Jewish Studies (EAJS). Its main purpose is to publish high-quality research articles, essays and shorter contributions on all aspects of Jewish Studies. Submissions are all double blind peer-reviewed. Additionally, EJJS seeks to inform its readers on current developments in Jewish Studies: it carries comprehensive review-essays on specific topics, trends and debated questions, as well as regular book-reviews. A further section carries reports on conferences, symposia, and descriptions of research projects in every area of Jewish Studies.