Surveillance in public health is the means by which people who are responsible for preventing or controlling threats to health get the timely, ongoing, and reliable information they need about the occurrence, antecedents, time course, geographic spread, consequences, and nature of these threats among the populations they serve. “Policy surveillance” is the ongoing, systematic collection, analysis, and dissemination of information about laws and other policies of health importance.

The European Union is working towards harmonizing legislation across Europe, in order to improve cross-border interchange of legal information. This goal is supported for instance via standards such as the European Law Identifier and the European Case Law Identifier, which provide technical specifications for Web identifiers and suggestions for vocabularies to be used to describe metadata pertaining to legal documents in a machine readable format. Notably, these ECLI and ELI metadata standards adhere to the RDF data format (...) which forms the basis of Linked Data, and therefore have the potential to form a basis for a pan-European legal Knowledge Graph. Unfortunately, to date said specifications have only been partially adopted by EU member states. In this paper we describe a methodology to transform the existing legal information system used in Austria to such a legal knowledge graph covering different steps from modeling national specific aspects, to population, and finally the integration of legal data from other countries through linked data. We demonstrate the usefulness of this approach by exemplifying practical use cases from legal information search, which are not possible in an automated fashion so far. (shrink)

Logic-based approaches to legal problem solving model the rule-governed nature of legal argumentation, justification, and other legal discourse but suffer from two key obstacles: the absence of efficient, scalable techniques for creating authoritative representations of legal texts as logical expressions; and the difficulty of evaluating legal terms and concepts in terms of the language of ordinary discourse. Data-centric techniques can be used to finesse the challenges of formalizing legal rules and matching legal (...) predicates with the language of ordinary parlance by exploiting knowledge latent in legal corpora. However, these techniques typically are opaque and unable to support the rule-governed discourse needed for persuasive argumentation and justification. This paper distinguishes representative legal tasks to which each approach appears to be particularly well suited and proposes a hybrid model that exploits the complementarity of each. (shrink)

Today, the US pursues the global capture of data (understood as a significant engine of growth) by way of bi- and plurilateral trade agreements. However, the project of securing the global free flow of data has been pursued ever since the dawn of digital telecommunication in the 1960s and the US has made significant legal efforts to institutionalise it. These efforts have two phases: In the first 1970s and 80s “freedom of information” phase, the legal justification (...) (and contestation) of the global free flow of data hinged on imagining data as information, and its exchange as a practice of liberty. The second phase began in the late 1990s and continues today. In this phase, the free flow of data is aligned with a free-trade agenda in the context of first e-commerce and, starting in the 2000s, through attempts at creating a global public domain of personal data for the platform economy. The global free flow of data is an intrinsic aspect of informational capitalism. Assuming a constitutive, but not commanding role for law in informational capitalism, we conclude that the US attempt at ensuring free flow for its informational corporations is neither an entirely contingent nor a necessary outcome. It is a product of legal imagination. (shrink)

Medical-legal partnerships connect legal advocates to healthcare providers and settings. Maintaining effectiveness of medical-legal partnerships and consistently identifying opportunities for innovation and adaptation takes intentionality and effort. In this paper, we discuss ways in which our use of data and quality improvement methods have facilitated advocacy at both patient (client) and population levels as we collectively pursue better, more equitable outcomes.

The legal requirements and justifications for collecting patient-identifiable data without patient consent were examined. The impetus for this arose from legal and ethical issues raised during the development of a population-based disease register. Numerous commentaries and case studies have been discussing the impact of the Data Protection Act 1998 and Caldicott principles of good practice on the uses of personal data. But uncertainty still remains about the legal requirements for processing patient-identifiable data without (...) patient consent for research purposes. This is largely owing to ignorance, or misunderstandings of the implications of the common law duty of confidentiality and section 60 of the Health and Social Care Act 2001. The common law duty of confidentiality states that patient-identifiable data should not be provided to third parties, regardless of compliance with the DPA1998. It is an obligation derived from case law, and is open to interpretation. Compliance with section 60 ensures that collection of patient-identifiable data without patient consent is lawful despite the duty of confidentiality. Fears regarding the duty of confidentiality have resulted in a common misconception that section 60 must be complied with. Although this is not the case, section 60 support does provide the most secure basis in law for collecting such data. Using our own experience in developing a disease register as a backdrop, this article will clarify the procedures, risks and potential costs of applying for section 60 support. (shrink)

This paper undertakes a comparative legal study to analyze the challenges of privacy and personal data protection posed by Artificial Intelligence embedded in Robots, and to offer policy suggestions. After identifying the benefits from various AI usages and the risks posed by AI-related technologies, I then analyze legal frameworks and relevant discussions in the EU, USA, Canada, and Japan, and further consider the efforts of Privacy by Design originating in Ontario, Canada. While various AI usages provide great (...) convenience, many issues, including profiling, discriminatory decisions, lack of transparency, and impeding consent, have emerged. The unpredictability arising from the AI machine learning function poses further difficulties, which have only been partially addressed by legal frameworks in the aforementioned jurisdictions. However, analyzing the relevant discussions yielded several suggestions. The first priority is adopting PbD as the most flexible, soft-legal, and preferable approach toward AI-oriented issues. Implementing PbD will protect individual privacy and personal data without specific efforts, and achieve both the development of AI and the advancement of privacy and personal data protection. Technical measures that can adapt to an individual’s dynamic choices according to the “context” should be further developed. Furthermore, alternative technical measures, including those to solve the “algorithmic black box” or achieve differential privacy, warrant thorough examination. If AI surpasses human intelligence, a terminating function, such as a “kill switch” will be the last resort to preserve individual choice. Despite numerous difficulties, we must prepare for the coming AI-prevalent society by taking a flexible approach. (shrink)

Biobanking in Europe has made major steps towards harmonization and shared standards for the collection and processing of data and samples stored in biobanks. Still, biobanks and researchers face substantial legal difficulties in the field of data protection and sample management. Data protection law was harmonized almost 15 years ago while rights in samples fall under the competence of the Member States of the EU. Despite the Data Protection Directive the field of data protection (...) shows a substantial degree of deviation as public health was excluded from the harmonization. Biobanks seem to have substantially fewer difficulties to cope with in terms of the legal requirements in the field of sample management. This paper discusses the legal framework, experiences of different biobanks in Europe and potential ways forward. It also highlights the need for a health economic analysis of the costs and benefits of privacy protection in Europe. At the moment, policymakers seem to build their decisions on an insufficient evidence base which underestimates the potential value of biobanks for European public health. Within the past few years little progress has been achieved with regards to the development of a unified legal framework in Europe, The diversity in the legal system is also reflected in the different approaches of ethics committees towards biobanking. To secure the responsible and effective use of data and samples, more efforts are needed to come up with pathways for a solution. (shrink)

The aim of UK-REACH (“The United Kingdom Research study into Ethnicity And COVID-19 outcomes in Healthcare workers”) is to understand if, how, and why healthcare workers (HCWs) in the United Kingdom (UK) from ethnic minority groups are at increased risk of poor outcomes from COVID-19. In this article, we present findings from the ethical and legal stream of the study, which undertook qualitative research seeking to understand and address legal, ethical, and social acceptability issues around data protection, (...) privacy, and information governance associated with the linkage of HCWs’ registration data and healthcare data. We interviewed 22 key opinion leaders in healthcare and health research from across the UK in two-to-one semi-structured interviews. Transcripts were coded using qualitative thematic analysis. Participants told us that a significant aspect of Big Data research in public health is varying drivers of mistrust—of the research itself, research staff and funders, and broader concerns of mistrust within participant communities, particularly in the context of COVID-19 and those situated in more marginalised community settings. However, despite the challenges, participants also identified ways in which legally compliant and ethically informed approaches to research can be crafted to mitigate or overcome mistrust and establish greater confidence in Big Data public health research. Overall, our research indicates that a “Big Data Ethics by Design” approach to research in this area can help assure (1) that meaningful community and participant engagement is taking place and that extant challenges are addressed, and (2) that any new challenges or hitherto unknown unknowns can be rapidly and properly considered to ensure potential (but material) harms are identified and minimised where necessary. Our findings indicate such an approach, in turn, will help drive better scientific breakthroughs that translate into medical innovations and effective public health interventions, which benefit the publics studied, including those who are often marginalised in research. (shrink)

Biobanking in Europe has made major steps towards harmonization and shared standards for the collection and processing of data and samples stored in biobanks. Still, biobanks and researchers face substantial legal difficulties in the field of data protection and sample management. Data protection law was harmonized almost 15 years ago while rights in samples fall under the competence of the Member States of the EU. Despite the Data Protection Directive the field of data protection (...) shows a substantial degree of deviation as public health was excluded from the harmonization. Biobanks seem to have substantially fewer difficulties to cope with in terms of the legal requirements in the field of sample management. This paper discusses the legal framework, experiences of different biobanks in Europe and potential ways forward. It also highlights the need for a health economic analysis of the costs and benefits of privacy protection in Europe. At the moment, policymakers seem to build their decisions on an insufficient evidence base which underestimates the potential value of biobanks for European public health. Within the past few years little progress has been achieved with regards to the development of a unified legal framework in Europe, The diversity in the legal system is also reflected in the different approaches of ethics committees towards biobanking. To secure the responsible and effective use of data and samples, more efforts are needed to come up with pathways for a solution. (shrink)

BackgroundIncreasingly, hospitals and research institutes are developing technical solutions for sharing patient data in a privacy preserving manner. Two of these technical solutions are homomorphic encryption and distributed ledger technology. Homomorphic encryption allows computations to be performed on data without this data ever being decrypted. Therefore, homomorphic encryption represents a potential solution for conducting feasibility studies on cohorts of sensitive patient data stored in distributed locations. Distributed ledger technology provides a permanent record on all transfers and (...) processing of patient data, allowing data custodians to audit access. A significant portion of the current literature has examined how these technologies might comply with data protection and research ethics frameworks. In the Swiss context, these instruments include the Federal Act on Data Protection and the Human Research Act. There are also institutional frameworks that govern the processing of health related and genetic data at different universities and hospitals. Given Switzerland’s geographical proximity to European Union (EU) member states, the General Data Protection Regulation (GDPR) may impose additional obligations.MethodsTo conduct this assessment, we carried out a series of qualitative interviews with key stakeholders at Swiss hospitals and research institutions. These included legal and clinical data management staff, as well as clinical and research ethics experts. These interviews were carried out with two series of vignettes that focused on data discovery using homomorphic encryption and data erasure from a distributed ledger platform.ResultsFor our first set of vignettes, interviewees were prepared to allow data discovery requests if patients had provided general consent or ethics committee approval, depending on the types of data made available. Our interviewees highlighted the importance of protecting against the risk of reidentification given different types of data. For our second set, there was disagreement amongst interviewees on whether they would delete patient data locally, or delete data linked to a ledger with cryptographic hashes. Our interviewees were also willing to delete data locally or on the ledger, subject to local legislation.ConclusionOur findings can help guide the deployment of these technologies, as well as determine ethics and legal requirements for such technologies. (shrink)

Powerful interest groups have responded to evidence of environmental or health risks by manufacturing doubt, partially through attacks on scientists. The current legal standard for the admissibility of scientific evidence in court enables such strategies for generating doubt. In the face of attacks on their reputations and careers, researchers working on public interest science need the courage to speak the truth despite risk, which Michel Foucault described as the virtue of parrhesia. Parrhesia is also a Christian virtue shown in (...) the willingness to witness to truth in the face of risk because of one's confidence in God. This essay argues that Christianity possesses resources to form individuals in parrhesia in ways that support the dedication to scientific truth. (shrink)

This paper is aimed to understand the state of the art and the resulting consequences of the legal framework in Europe, with regard to the protection of children's data. Especially when they interact with networked and robotic toys, like in 'My friend Cayla' case. In order to evaluate the practical implications of the use of IoT devices by children or teenager users, the first part of the paper presents an analysis of the international guiding principles of the protection (...) of minors, a category which enjoys a higher level of protection of their fundamental rights, due to their condition of lack of physical and psychological maturity. Secondly, the focus is moved upon the protection of personal data of children. Only after confronting previous data protection legal instruments and having compared them with the novelties set forth in General Data Protection Regulation, it is reasonable to assume that new provisions such as "privacy by design" principle, adequacy of security measures and codes of conduct, can support data controllers in ensuring compliance in the field of IoT toys. In conclusion, the paper supports a view of Data Protection Authorities as a relevant player in enhancing these renovated tools in order to achieve the protection of children's rights, as to ensure their substantial protection against the threats of the interconnected world. (shrink)

This paper presents an approach for legal compliance checking in the Semantic Web which can be effectively applied for applications in the Linked Open Data environment. It is based on modeling deontic norms in terms of ontology classes and ontology property restrictions. It is also shown how this approach can handle norm defeasibility. Such methodology is implemented by decidable fragments of OWL 2, while legal reasoning is carried out by available decidable reasoners. The approach is generalised by (...) presenting patterns for modeling deontic norms and norms compliance checking. (shrink)

The draft Code of Conduct for Research is an important initiative towards assisting the scientific community in complying with the provisions of the Protection of Personal Information Act 4 of 2013 (POPIA). However, its approach towards cross-border data sharing should be reconsidered to clarify the ambiguities inherent in the legal requirements for the cross-border sharing of health data in the POPIA. These ambiguities include the concept of ‘transfer of information’, the application of adequacy as a legal (...) mechanism for transfer, the nature of consent for cross-border sharing and the scope of the recipient third party. We suggest that the draft Code of Conduct for Research can be improved by: Explaining or defining the concept of ‘transfer of information’ and when it applies to cross-border sharing in research Clarifying the application of adequacy as a legal mechanism for transfer vis-à-vis the other alternatives Expanding on the interpretation and application of consent as a legal mechanism for cross-border transfers Expanding the category of persons who may be recipients of personal information in a third country. (shrink)

Open science has recently gained traction as establishment institutions have come on-side and thrown their weight behind the movement and initiatives aimed at creation of information commons. At the same time, the movement's traditional insistence on unrestricted dissemination and reuse of all information of scientific value has been challenged by the movement to strengthen protection of personal data. This article assesses tensions between open science and data protection, with a focus on the GDPR.

Battin et al examined data on deaths from physician-assisted suicide in Oregon and on PAS and voluntary euthanasia in The Netherlands. This paper reviews the methodology used in their examination and questions the conclusions drawn from it—namely, that there is for the most part ‘no evidence of heightened risk’ to vulnerable people from the legalisation of PAS or VE. This critique focuses on the evidence about PAS in Oregon. It suggests that vulnerability to PAS cannot be categorised simply by (...) reference to race, gender or other socioeconomic status and that the impetus to seek PAS derives from factors, including emotional state, reactions to loss, personality type and situation and possibly to PAS contagion, all factors that apply across the social spectrum. It also argues, on the basis of official reports from the Oregon Health Department on the working of the Oregon Death with Dignity Act since 2008, that, contrary to the conclusions drawn by Battin et al, the highest resort to PAS in Oregon is among the elderly and, on the basis of research published since Battin et al reported, that there is reason to believe that some terminally ill patients in Oregon are taking their own lives with lethal drugs supplied by doctors despite having had depression at the time when they were assessed and cleared for PAS. (shrink)

As the recent inaugural Ethical, Legal, and Social Issues 2.0 conference made clear, the effects of information communication technology are pervasive in biomedical research. Data initiatives are arising in all corners of biomedicine. Data sharing efforts already promised to surpass even the ambitious goals of the National Human Genome Research Institute, only 5 years after publication of its 10-year vision. ELSI research was established, in part, to address challenges of open data access and data sharing. (...) However, by and large, ELSI research projects address particular concerns of a given population, jurisdiction, type of research practice or type of data. This does not necessarily facilitate coherent data policy for sustainable data stewardship. Forward-looking, data friendly strategies need to be considered. Orchestration strategies are needed which overcome barriers to collective action. Here we present challenges policymakers face, and suggest three basics steps towards meeting them. First, policymakers must recognise the systematic change that occurs when ICT enables dataflow itself to become an organising principle of biomedical research. Second, methods for identifying and gathering types of metadata suitable for ELSI research ought to be developed and regulated. Third, policymakers need to organise in ways that mirror the new vision for data-enabled research that data technologies are making possible, as ELSI 2.0 encourages researchers to do. Taking these steps will help ensure research evolves in ways that warrants trust of the public while still supporting widespread ethical access to necessary data, research subjects, samples and findings. (shrink)

The diversity of state confidentiality laws governing public health data presents a significant challenge for public health initiatives. This challenge is further complicated by the array of confidentially laws that are relevant within a state as disclosure and usage standards vary depending upon data holder, type, and source. These laws often have not been updated to address modern confidentiality risks such as unlawful data linkage or breach, leaving many public health organizations without clear guidance in the contentious (...) area of individual privacy. To address these challenges, public health organizations have increasingly turned to the science of de-identification, but whether de-identification adequately meets the many and varied state confidentiality legal requirements remains an unanswered question. (shrink)

As Next Generation Sequencing technologies are increasingly implemented in biomedical research and care, the number of study participants and patients who ask for release of their genomic raw data is set to increase. This raises the question whether research participants and patients have a legal and moral right to receive their genomic raw data and, if so, how this right should be implemented into practice. In a first step we clarify some central concepts such as “raw (...) class='Hi'>data”; in a second step we sketch the international legal framework. The third step provides an extensive ethical analysis which comprehends two parts: an evaluation of whether there is a prima facie moral right to receive one’s raw data, and a contextualization and discussion of the right in light of potentially conflicting interests and rights of the data subject herself and third parties; in a last fourth step we emphasize the main practical consequences of the ethical analyses and propose recommendations for the release of raw data. In several legislations like the new European General Data Protection Regulation, patients do in principle have the right to receive their raw data. However, the procedural implementation of this right and whether it involves genetic counselling is at the discretion of the Member States. Even more questions remain with respect to the research context. The ethical analysis suggests that patients and research subjects have a moral right to receive their genomic raw data and addresses aspects which are also of relevance for the legal discussion such as the costs of release of raw data and its impact on academic freedom. Taking into account the specific nature and implications of genomic raw data and the contexts of research and health care, several concerns and potentially conflicting interests of the data subjects themselves and involved researchers, physicians, biomedical institutions and relatives arise. Instead of using them to argue in favor of restrictions of the data subjects’ legal and moral right to genomic raw data, the concerns should be addressed through provision of information and other measures. To this end, we propose relevant recommendations. (shrink)

In this article we examine the effectiveness of consent in data protection legislation. We argue that the current legal framework for consent, which has its basis in the idea of autonomous authorisation, does not work in practice. In practice the legal requirements for consent lead to ‘consent desensitisation’, undermining privacy protection and trust in data processing. In particular we argue that stricter legal requirements for giving and obtaining consent as proposed in the European Data (...) protection regulation will further weaken the effectiveness of the consent mechanism. Building on Miller and Wertheimer’s ‘Fair Transaction’ model of consent we will examine alternatives to explicit consent. (shrink)

In an increasingly data-driven world, the question of data – or metadata – veracity is now a central issue not only in the world of information but also in the legal one. Data veracity describes a closeness to truth on a higher level than a measure such as accuracy does. High veracity data is data that can be relied upon when making decisions, thus reducing the risk of basing choices on untrue information. The article (...) uses epistemic logic to model structured metadata automatically extracted from legal papers, and the tools of metaontology to propose a definition of veracity as truthmaker. (shrink)

Legal documents, like contracts or laws, are subject to interpretation. Different people can have different interpretations of the very same document. Large parts of judicial branches all over the world are concerned with settling disagreements that arise, in part, from these different interpretations. In this context, it only seems natural that during the annotation of legal machine learning data sets, disagreement, how to report it, and how to handle it should play an important role. This article presents (...) an analysis of the current state-of-the-art in the annotation of legal machine learning data sets. The results of the analysis show that all of the analysed data sets remove all traces of disagreement, instead of trying to utilise the information that might be contained in conflicting annotations. Additionally, the publications introducing the data sets often do provide little information about the process that derives the “gold standard” from the initial annotations, often making it difficult to judge the reliability of the annotation process. Based on the state-of-the-art, the article provides easily implementable suggestions on how to improve the handling and reporting of disagreement in the annotation of legal machine learning data sets. (shrink)

The collapse of confidence in anonymization as a robust approach for preserving the privacy of personal data has incited an outpouring of new approaches that aim to fill the resulting trifecta of technical, organizational, and regulatory privacy gaps left in its wake. In the latter category, and in large part due to the growth of Big Data–driven biomedical research, falls a growing chorus of calls for criminal and penal offences to sanction wrongful re-identification of “anonymized” data. This (...) chorus cuts across the fault lines of polarized privacy law scholarship that at times seems to advocate privacy protection at the expense of Big Data research or vice versa. Focusing on Big Data in the context of biomedicine, this article surveys the approaches that criminal or penal law might take toward wrongful re-identification of health data. It contextualizes the strategies within their respective legal regimes as well as in relation to emerging privacy debates focusing on personal data use and data linkage and assesses the relative merit of criminalization. We conclude that this approach suffers from several flaws and that alternative social and legal strategies to deter wrongful re-identification may be preferable. (shrink)

In this article applied and theoretical epistemologies benefit each other in a study of the British legal case of R. vs. Clark. Clark's first infant died at 11 weeks of age, in December 1996. About a year later, Clark had a second child. After that child died at eight weeks of age, Clark was tried for murdering both infants. Statisticians and philosophers have disputed how to apply Bayesian analyses to this case, and thereby arrived at different judgments about it. (...) By dwelling on this applied case, I make theoretical gains: clarifying and defending pragmatic principles of inference that are important for estimating key probabilities in a range of cases. Then, partly by drawing on such principles, and uncovering overlooked data on post-partum psychosis, I make applied gains: improving the rationality of judgments about the Sally Clark case in particular, judgments important to future similar cases. (shrink)

Advances in neuroscience and other disciplines are producing large-scale brain data consisting of datasets from multiple organisms, disciplines, and jurisdictions in different formats. However, due to the lack of an international data governance framework brain data is currently being produced under various contextual ethical and legal principles which may influence key stakeholders involved in the generation, collection, processing and sharing of brain data thereby raising ethical and legal challenges. In addition, despite the demand for (...) a brain data governance framework that accounts for culture, there is a gap in empirical research and actions to understand how key stakeholders around the world view these issues using neuroscientists who are affected by these ethical and legal principles. Therefore, using the research question how do ethical and legal principles influence data governance in neuroscience? we attempt to understand the perceptions of key actors on the principles, issues and concerns that can arise from brain data research. We carried out interviews with 21 leading international neuroscientists. The analytical insights revealed key ethical and legal principles, areas of convergence, visibility, and the contextual issues and concerns that arise in brain data research around these principles. These issues and concerns circulate around intimately connected areas which include ethics, human rights, regulations, policies and guidelines, and participatory governance. Also, key contextual insights around animal research and ethics were identified. The research identifies key principles, issues, and concerns that need to be addressed in advancing the development of a framework for global brain data governance. By presenting contextual insights from neuroscientists across regions, the study contributes to informing discussions and shaping policies aimed at promoting responsible and ethical practices in brain data research. The research answers the call for a cross cultural study of global brain data governance and the results of the study will assist in understanding the issues and concerns that arise in brain data governance. (shrink)

Informed consent bears significant relevance as a legal basis for the processing of personal data and health data in the current privacy, data protection and confidentiality legislations. The consent requirements find their basis in an ideal of personal autonomy. Yet, with the recent advent of the global pandemic and the increased use of eHealth applications in its wake, a more differentiated perspective with regards to this normative approach might soon gain momentum. This paper discusses the compatibility (...) of a moral duty to share data for the sake of the improvement of healthcare, research, and public health with autonomy in the field of data protection, privacy and medical confidentiality. It explores several ethical-theoretical justifications for a duty of data sharing, and then reflects on how existing privacy, data protection, and confidentiality legislations could obstruct such a duty. Consent, as currently defined in the General Data Protection Regulation – a key legislative framework providing rules on the processing of personal data and data concerning health – and in the recommendation of the Council of Europe on the protection of health-related data – explored here as soft-law – turns out not to be indispensable from various ethical perspectives, while the requirement of consent in the General Data Protection Regulation and the recommendation nonetheless curtails the full potential of a duty to share medical data. Also other legal grounds as possible alternatives for consent seem to constitute an impediment. (shrink)

The technological solutions adopted during the current pandemic will have a lasting impact on our societies. Currently, COVID-19 health status certificates are being deployed around the world, including in Europe, the United States and China. When combined with identity verification, these digital and paper-based certificates allow individuals to prove their health status by showing recent COVID-19 tests results, full vaccination records or evidence of recovery from COVID-19. Most countries in the Global South, where vaccination rates are low, have not yet (...) fully implemented such certificates, although several initiatives are currently underway. That is, for instance, the case in the African Union. Yet, it is not sufficient to develop technical solutions for the verification of COVID-19 health status. Because technologies do not evolve in a legal vacuum, the existing laws and regulations must be respected. The risks of implementing such technologies must be anticipated and mitigated as much as possible before any large-scale deployment. Risk mitigation should also underpin strategies throughout the deployment of these certificates. This article evaluates the key legal implications of COVID-19 health status certificates for data privacy and human rights. In doing so, it contributes to the current debates, thus informing policymakers in this area of vital national and international interest. (shrink)

The presented paper focuses on the analysis of strategic documents at the level of the European Union concerning the regulation of artificial intelligence as one of the so-called disruptive technologies. In the first part of the article, we outline the basic terminology. Subsequently, we focus on the summarizing and systemizing of the key documents adopted at the EU level in terms of artificial intelligence regulation. The focus of the paper is devoted to issues of personal data protection and cyber (...) security included in these strategic documents. The final part contains recommendations for future research and evaluation of its key features. (shrink)

This article critically evaluates the Medicines and Healthcare products Regulatory Agency’s announcement, in March 2008, that GlaxoSmithKline would not face prosecution for deliberately withholding trial data, which revealed not only that Seroxat was ineffective at treating childhood depression but also that it increased the risk of suicidal behaviour in this patient group. The decision not to prosecute followed a four and a half year investigation and was taken on the grounds that the law at the relevant time was insufficiently (...) clear. This article assesses the existence of significant gaps in the duty of candour which had been assumed to exist between drugs companies and the regulator, and reflects upon what this episode tells us about the robustness, or otherwise, of the UK’s regulation of medicines. (shrink)

It has been recently suggested that if the Extended Mind thesis is true, mental privacy might be under serious threat. In this paper, I look into the details of this claim and propose that one way of dealing with this emerging threat requires that data ontology be enriched with an additional kind of data—viz., mental data. I explore how mental data relates to both data and metadata and suggest that, arguably, and by contrast with these (...) existing categories of informational content, mental data should not be merely legally protected. Rather, if we value mental privacy as we know it, technological measures should be employed to ensure that one’s mental data are practically—not just legally—impossible for others to obtain. (shrink)

COVID-19 exposed flaws in the law regulating the sharing of data and human biological material. This poses obstacles to the epidemic response, which needs accelerated public health research and, in turn, efficient and legitimate HBM and data sharing. Legal reform and development are needed to ensure that HBM and data are shared efficiently and lawfully. Academics have suggested important legal reforms. The first is the clarification of the susceptibility of HBM and HBM derivatives to ownership, (...) including, inter alia, the promulgation of a revised version of the South African Material Transfer Agreement by the Minister of Health. This would remove uncertainty regarding the current SA MTA’s perpetual donor ownership clause. The second is the development of data trusts, the adoption of open access to research data, and the creation of an African ‘data corridor’. This would ensure that data are protected while allowing for the efficient transfer of data between researchers for the collective good and in the interest of the public. The third is the amendment of the Space Affairs Act to extend the powers of the Council of Space Affairs to include the management of data collected through the utilisation of Earth observation and geographical information systems. This would ensure the protection of outer space data, legislating its use and sharing once it lands on Earth. The implementation of these legal reforms and developments will better prepare SA to face future epidemics from a health research perspective. (shrink)

Background Only a few studies have been conducted to assess physicians’ knowledge of legal standards. Nevertheless, prior research has demonstrated a dearth of medical law knowledge. Our study explored physicians’ awareness of legal provisions concerning informed consent and confidentiality, which are essential components of the physician-patient relationship of trust. -/- Methods A cross-sectional study assessed attending physicians’ legal knowledge of informed consent and confidentiality regulations. The study was conducted in nine hospitals in Dolj County, Romania. Physicians were (...) given a questionnaire with ten scenarios and instructed to select the response that best reflected their practice. We assessed the responses of physicians who claimed their practice to be entirely legal. Their legal knowledge was evaluated by comparing their answers to applicable laws. We also calculated a score for the physicians who admitted to committing a legal breach. -/- Results Of the 305 respondents, 275 declared they never committed any law violation. However, their median correct answer score was 5.35 ± 1.66 out of 10. The specialty was the strongest predictor of legal knowledge, with emergency physicians rating the lowest and non-surgical physicians scoring the highest. Physicians who worked in both private and public sectors were better knowledgeable about legal issues than those who worked exclusively in the public sector. Results indicate that physicians are aware of the patient’s right to informed consent but lack comprehensive understanding. While most physicians correctly answered simple questions, only a tiny minority identified the correct solution when confronted with ethical dilemmas. The physicians who acknowledged breaching the law, on the other hand, had a slightly higher knowledge score at 5.45 ± 2.18. -/- Conclusion Legal compliance remains relatively low due to insufficient legal awareness. Physicians display limited awareness of legal requirements governing patient autonomy, confidentiality, and access to health data. Law should be taught in all medical schools, including undergraduate programs, to increase physicians’ legal knowledge and compliance. (shrink)

Data-driven technologies have come to pervade almost every aspect of business life, extending to employee monitoring and algorithmic management. How can employee privacy be protected in the age of datafication? This article surveys the potential and shortcomings of a number of legal and technical solutions to show the advantages of human rights-based approaches in addressing corporate responsibility to respect privacy and strengthen human agency. Based on this notion, we develop a process-oriented model of Privacy Due Diligence to complement (...) existing frameworks for safeguarding employee privacy in an era of Big Data surveillance. (shrink)

ICTs, personal data, digital rights, the GDPR, data privacy, online security… these terms, and the concepts behind them, are increasingly common in our lives. Some of us may be familiar with them, but others are less aware of the growing role of ICTs and data in our lives - and the potential risks this creates. These risks are even more pronounced for vulnerable groups in society. People can be vulnerable in different, often overlapping, ways, which place them (...) at a disadvantage to the majority of citizens; Table 3 in this guide presents some of the many forms and causes of vulnerability. As a result, vulnerable people need greater support to navigate the digital world, and to ensure that they are able to exercise their rights. This guide explains where such support can be found, and also answers the following questions: - What are the main ethical and legal issues around ICTs for vulnerable citizens? - Who is vulnerable in Europe? - How do issues around ICTs affect vulnerable people in particular? This guide is a resource for members of vulnerable groups, people who work with vulnerable groups, and citizens more broadly. It is also useful for data controllers1 who collect data about vulnerable citizens. While focused on citizens in Europe, it may be of interest to people in other parts of the world. It forms part of the Citizens’ Information Pack produced by the PANELFIT project, and is available in English, French, German, Italian and Spanish. You are welcome to translate this guide into other languages. Please send us a link to online versions in other languages, so that we can add them to the project website. (shrink)

Background: Debates over legalisation of physician-assisted suicide or euthanasia often warn of a “slippery slope”, predicting abuse of people in vulnerable groups. To assess this concern, the authors examined data from Oregon and the Netherlands, the two principal jurisdictions in which physician-assisted dying is legal and data have been collected over a substantial period.Methods: The data from Oregon comprised all annual and cumulative Department of Human Services reports 1998–2006 and three independent studies; the data from (...) the Netherlands comprised all four government-commissioned nationwide studies of end-of-life decision making and specialised studies. Evidence of any disproportionate impact on 10 groups of potentially vulnerable patients was sought.Results: Rates of assisted dying in Oregon and in the Netherlands showed no evidence of heightened risk for the elderly, women, the uninsured , people with low educational status, the poor, the physically disabled or chronically ill, minors, people with psychiatric illnesses including depression, or racial or ethnic minorities, compared with background populations. The only group with a heightened risk was people with AIDS. While extralegal cases were not the focus of this study, none have been uncovered in Oregon; among extralegal cases in the Netherlands, there was no evidence of higher rates in vulnerable groups.Conclusions: Where assisted dying is already legal, there is no current evidence for the claim that legalised PAS or euthanasia will have disproportionate impact on patients in vulnerable groups. Those who received physician-assisted dying in the jurisdictions studied appeared to enjoy comparative social, economic, educational, professional and other privileges. (shrink)

Big data, artificial intelligence, and increasingly precise biometric techniques have given state and private organizations unprecedented scope and power for the surveillance and dataveillance of migrants. In many cases, these technologies have evolved faster than our legal, political, and ethical mechanisms. This paper, drawing on current discussions of justice and non-domination, proposes a non-domination-based ethics of digital surveillance and mobility, in which the legitimacy of these technologies depends on their avoidance of the arbitrary use of power. This allows (...) us to ethically assess new technologies and justify juridical, democratic, and administrative mechanisms. (shrink)

Die sekundäre Forschungsnutzung von Behandlungsdaten hat großes Potenzial, biomedizinisches Wissen zu erweitern und die Patientenversorgung zu verbessern. Gleichzeitig sind für eine bessere Ausschöpfung dieses Potenzials diverse Herausforderungen zu bewältigen. Dies gilt insbesondere in Deutschland, wo im Vergleich zu anderen Ländern, wie z.B. Dänemark oder Finnland, die sekundäre Forschungsnutzung von Behandlungsdaten unterentwickelt ist. Die Intensivierung der Nutzung der Daten aus Diagnose und Therapie von Patienten und die Entwicklung der dafür notwendigen Strukturen in Deutschland ist ethisch und politisch geboten: für die Verbesserung (...) der Gesundheitsversorgung durch neue Erkenntnisse, Therapien und Qualitätssicherung. Aus diesem Grund fordern die Autor:innen alle Akteure des Gesundheitssystems, von der Bundes- und den Landesregierungen über die Krankenkassen, Kliniken, Ärzt:innen und Patient:innen dazu auf, einen Beitrag dazu leisten, eine Kultur der sekundären Forschungsnutzung von Behandlungsdaten zu etablieren. Basierend auf den Ergebnissen eines dreijährigen Verbundprojekts beantworten die Autor:innen aus den Bereichen Medizin, Rechtswissenschaften, Ethik und Sozialwissenschaften die Frage was notwendig ist, damit in Deutschland die Daten von Patient:innen systematisch für medizinische Forschung und die Analyse der klinischen Versorgungsqualität verwendet werden können und wirklich auch verwendet werden. Sie nennen zehn zentrale Forderungen und legen eine Liste von 23 Empfehlungen mit konkreten Maßnahmen vor, welche von den genannten Akteuren umgesetzt werden sollten. (shrink)

Big data increasingly enables prediction of the behaviour and characteristics of individuals. This is ethically concerning on privacy grounds. However, this article discusses other reasons for concern. These predictions usually rely on generalisations about what certain sorts of people tend to do. Generalisations of this sort are often under scrutiny in legal cases, where, for example, lawyers argue that people with prior convictions are more likely to be guilty of the crime they are currently on trial for. This (...) article applies criteria for distinguishing acceptable from unacceptable generalisations in legal cases to a number of big data examples. It argues that these criteria are helpful, and highlights three issues that should be taken into account when deciding whether predictions about individuals are ethical. (shrink)

Responsibilities of the data monitoring committee and motivating illustrations -- Composition of a data monitoring committee -- Independence of the data monitoring committee : avoiding conflicts of interest -- Confidentiality issues relating to the data monitoring committee -- Data monitoring committee meetings -- Data monitoring committee interactions with other trial components or related groups -- Statistical, philosophical and ethical issues in data monitoring -- Determining when a data monitoring committee is needed -- (...) Regulatory considerations for the operation of data monitoring committees -- Legal considerations for DMCs. (shrink)

Legal structures may form barriers to, or enablers of, adoption of precision agriculture management with small autonomous agricultural robots. This article develops a conceptual regulatory framework for small autonomous agricultural robots, from a practical, self-contained engineering guide perspective, sufficient to get working research and commercial agricultural roboticists quickly and easily up and running within the law. The article examines the liability framework, or rather lack of it, for agricultural robotics in EU, and their transpositions to UK law, as a (...) case study illustrating general international legal concepts and issues. It examines how the law may provide mitigating effects on the liability regime, and how contracts can be developed between agents within it to enable smooth operation. It covers other legal aspects of operation such as the use of shared communications resources and privacy in the reuse of robot-collected data. Where there are some grey areas in current law, it argues that new proposals could be developed to reform these to promote further innovation and investment in agricultural robots. (shrink)

The word data (sing. datum) is originally Latin for “things given or granted”. Because of such a humble and generic meaning, the term enjoys considerable latitude both in its technical and in its common usage, for almost anything can be referred to as a “thing given or granted” (Cherry [1978]). With some reasonable approximation, four principal interpretations may be identified in the literature. The first three captures part of the nature of the concept and are discussed in the next (...) section. The fourth is the most fundamental and satisfactory, so it is discussed separately, in section three. On its basis, some further clarifications about the nature of data are introduced in sections four to six. A reminder about the social, legal and ethical issues raised by the use of data concludes this entry. (shrink)

BackgroundSharing de-identified individual-level health research data is widely promoted and has many potential benefits. However there are also some potential harms, such as misuse of data and breach of participant confidentiality. One way to promote the benefits of sharing while ameliorating its potential harms is through the adoption of a managed access approach where data requests are channeled through a Data Access Committee (DAC), rather than making data openly available without restrictions. A DAC, whether a (...) formal or informal group of individuals, has the responsibility of reviewing and assessing data access requests. Many individual groups, consortiums, institutional and independent DACs have been established but there is currently no widely accepted framework for their organization and function.Main textWe propose that DACs, should have the role of both promotion of data sharing and protection of data subjects, their communities, data producers, their institutions and the scientific enterprise. We suggest that data access should be granted by DACs as long as the data reuse has potential social value and provided there is low risk of foreseeable harms. To promote data sharing and to motivate data producers, DACs should encourage secondary uses that are consistent with the interests of data producers and their own institutions. Given the suggested roles of DACs, there should be transparent, simple and clear application procedures for data access. The approach to review of applications should be proportionate to the potential risks involved. DACs should be established within institutional and legal frameworks with clear lines of accountability, terms of reference and membership. We suggest that DACs should not be modelled after research ethics committees (RECs) because their functions and goals of review are different from those of RECs. DAC reviews should be guided by the principles of public health ethics instead of research ethics.ConclusionsIn this paper we have suggested a framework under which DACs should operate, how they should be organised, and how to constitute them. (shrink)