A Literature Review on the GDPR, COVID-19 and the Ethical Considerations of Data Protection During a Time of Crisis.

OBJECTIVE: This survey article presents a literature review of relevant publications aiming to explore whether the EU's General Data Protection Regulation (GDPR) has held true during a time of crisis and the implications that arose during the COVID-19 outbreak. METHOD AND RESULTS: Based on the approach taken and the screening of the relevant articles, the results focus on three themes: a critique on GDPR; the ethics surrounding the use of digital health technologies, namely in the form of mobile applications; and the possibility of cross border transfers of said data outside of Europe. Within this context, the article reviews the arising themes, considers the use of data through mobile health applications, and discusses whether data protection may require a revision when balancing societal and personal interests. CONCLUSIONS: In summary, although it is clear that the GDPR has been applied through a mixed and complex experience with data handling during the pandemic, the COVID-19 pandemic has indeed shown that it was a test the GDPR was designed and prepared to undertake. The article suggests that further review and research is needed to first ensure that an understanding of the state of the art in data protection during the pandemic is maintained and second to subsequently explore and carefully create a specific framework for the ethical considerations involved. The paper echoes the literature reviewed and calls for the creation of a unified and harmonised network or database to enable the secure data sharing across borders.

Privacy-Oriented Technique for COVID-19 Contact Tracing (PROTECT) Using Homomorphic Encryption: Design and Development Study.

BACKGROUND: Various techniques are used to support contact tracing, which has been shown to be highly effective against the COVID-19 pandemic. To apply the technology, either quarantine authorities should provide the location history of patients with COVID-19, or all users should provide their own location history. This inevitably exposes either the patient's location history or the personal location history of other users. Thus, a privacy issue arises where the public good (via information release) comes in conflict with privacy exposure risks. OBJECTIVE: The objective of this study is to develop an effective contact tracing system that does not expose the location information of the patient with COVID-19 to other users of the system, or the location information of the users to the quarantine authorities. METHODS: We propose a new protocol called PRivacy Oriented Technique for Epidemic Contact Tracing (PROTECT) that securely shares location information of patients with users by using the Brakerski/Fan-Vercauteren homomorphic encryption scheme, along with a new, secure proximity computation method. RESULTS: We developed a mobile app for the end-user and a web service for the quarantine authorities by applying the proposed method, and we verified their effectiveness. The proposed app and web service compute the existence of intersections between the encrypted location history of patients with COVID-19 released by the quarantine authorities and that of the user saved on the user's local device. We also found that this contact tracing smartphone app can identify whether the user has been in contact with such patients within a reasonable time. CONCLUSIONS: This newly developed method for contact tracing shares location information by using homomorphic encryption, without exposing the location information of patients with COVID-19 and other users. Homomorphic encryption is challenging to apply to practical issues despite its high security value. In this study, however, we have designed a system using the Brakerski/Fan-Vercauteren scheme that is applicable to a reasonable size and developed it to an operable format. The developed app and web service can help contact tracing for not only the COVID-19 pandemic but also other epidemics.

Revolutionizing Medical Data Sharing Using Advanced Privacy-Enhancing Technologies: Technical, Legal, and Ethical Synthesis.

Multisite medical data sharing is critical in modern clinical practice and medical research. The challenge is to conduct data sharing that preserves individual privacy and data utility. The shortcomings of traditional privacy-enhancing technologies mean that institutions rely upon bespoke data sharing contracts. The lengthy process and administration induced by these contracts increases the inefficiency of data sharing and may disincentivize important clinical treatment and medical research. This paper provides a synthesis between 2 novel advanced privacy-enhancing technologies-homomorphic encryption and secure multiparty computation (defined together as multiparty homomorphic encryption). These privacy-enhancing technologies provide a mathematical guarantee of privacy, with multiparty homomorphic encryption providing a performance advantage over separately using homomorphic encryption or secure multiparty computation. We argue multiparty homomorphic encryption fulfills legal requirements for medical data sharing under the European Union's General Data Protection Regulation which has set a global benchmark for data protection. Specifically, the data processed and shared using multiparty homomorphic encryption can be considered anonymized data. We explain how multiparty homomorphic encryption can reduce the reliance upon customized contractual measures between institutions. The proposed approach can accelerate the pace of medical research while offering additional incentives for health care and research institutes to employ common data interoperability standards.

[Current Status and the Future of Protection and Utilization of Personal Information at Medical Facilities Based on the Understanding of Related Regulations].

In September 2015, "the Act on the Protection of Personal Information" was amended. Accordingly, "the Ethical Guidelines for Medical Research Involving Human Subjects" were also amended. "The Act on Anonymized Medical Data That Are Meant to Contribute to Research and Development in the Medical Field," which came into effect in May 2018, aims to collect and utilize medical information of each patient from medical institutions for the purpose of research and development in the medical field. Thus, the rules of personal information that need to be followed are changing considerably in the balance between importance of protection and utilization for medical development. Therefore, health care professionals and researchers are required to fully understand the current situation and the future.

Medical and Legal Aspects of the Practice of Teledermatology in Spain. / Aspectos medicolegales de la práctica de la teledermatología en España.

Teledermatology is now fully incorporated into our clinical practice. However, after reviewing current legislation on the ethical aspects of teledermatology (data confidentiality, quality of care, patient autonomy, and privacy) as well as insurance and professional responsibility, we observed that a specific regulatory framework is still lacking and related legal aspects are still at a preliminary stage of development. Safeguarding confidentiality and patient autonomy and ensuring secure storage and transfer of data are essential aspects of telemedicine. One of the main topics of debate has been the responsibilities of the physicians involved in the process, with the concept of designating a single responsible clinician emerging as a determining factor in the allocation of responsibility in this setting. A specific legal and regulatory framework must be put in place to ensure the safe practice of teledermatology for medical professionals and their patients.

[Ethics and confidentiality of a patient in a medical biology laboratory]. / L'éthique et la confidentialité du patient au laboratoire de biologie médicale.

Confidentiality is based on principles of deontology and ethics, which are included in French regulations and supported by the professional orders. It contributes to the respect and dignity of the patient. If this consideration of the human person is old, it has been updated to build the framework imposed by the accreditation of medical biology laboratories. Confidentiality is thus reflected in a charter of ethics, a model of which we propose here. It reflects the commitments of healthcare professionals in the processing of biological samples from patients. Confidentiality is thus applied, in a practical way, at each phase of the laboratory's activity. In the pre-analytical phase, it organizes the reception of the patient and the taking of samples, taking into account the particular case of minors. In the analytical phase, confidentiality imposes limited access to the technical premises and the organization of the flow of personnel from outside the laboratory. Finally, in the post-analytical phase, the reporting of results is regulated, depending on the type of analyses performed and the person to whom the results are to be reported (patient or prescriber). The particular case of spermiology illustrates all these points. Finally, during these phases of sample processing, document management is also a matter of confidentiality and data protection. Confidentiality is essential to the functioning of a health care structure, but it is restrictive in its day-to-day implementation. Nevertheless, it must be combined with an awareness of all staff to address the ethical issue of human dignity.

Linking Survey and Twitter Data: Informed Consent, Disclosure, Security, and Archiving.

Linked survey and Twitter data present an unprecedented opportunity for social scientific analysis, but the ethical implications for such work are complex-requiring a deeper understanding of the nature and composition of Twitter data to fully appreciate the risks of disclosure and harm to participants. In this article, we draw on our experience of three recent linked data studies, briefly discussing the background research on data linkage and the complications around ensuring informed consent. Particular attention is paid to the vast array of data available from Twitter and in what manner it might be disclosive. In light of this, the issues of maintaining security, minimizing risk, archiving, and reuse are applied to linked Twitter and survey data. In conclusion, we reflect on how our ability to collect and work with Twitter data has outpaced our technical understandings of how the data are constituted and observe that understanding one's data is an essential prerequisite for ensuring best ethical practice.

Challenges with study procedure fidelity when conducting household survey: reports from the field.

OBJECTIVES: The aim of the study was to identify reasons for protocol deviations during conduct of large epidemiological surveys despite training of field workers, validating clinicians, and providing field supervisory support. Enquiries focused on breaches of recruitment procedures, privacy, confidentiality, and informed consent. The case study was a household survey conducted in Ile-Ife, Nigeria. RESULTS: The study reveals that despite training of field workers, providing supervisory support, and conducting validation exercises, protocol deviation still occurred. Measures to improve internal research validity during the conduct of surveys can minimise but not eliminate protocol deviations. Individual and environmental factors increase the risk for protocol deviation. Individual factors include personal bias against adherence to elements of the protocols, and pressure to meet personal recruitment targets to maximise remuneration. These pressures increase the risk of breaching study participants' recruitment process. Environmental pressures resulted from low research literacy that made it possible for field workers not to consent participants and for participants not to prioritise privacy. The use of electronic data collection enhanced data security. A key recommendation from the study was that improved field supervision will reduce the risk for protocol violation.

How the new European data protection regulation affects clinical research and recommendations?

Clinical research on human subjects or their data is confronted with conflicting requirements with, on one hand, the principle of open science (transparency and data sharing), the possibilities offered by big data and the reuse of healthcare or research data, and on the other, changes to the regulatory and legislative framework, including the general data protection regulation (GDPR). A roundtable was organized in Giens, France in October 2018 to identify problem areas, the need for clarification and streamlining, and to make recommendations to promote clinical research while ensuring a high level of patient protection. After details were given about these developments, the roundtable participants were able to propose recommendations, primarily (1) to clarify: what is considered anonymized data, and what is "public interest" within the meaning of the GDPR; (2) for the French data protection authority (CNIL) to continue preparing reference methodologies to simplify the approval system; (3) to promote the secondary use of data by making it easier to inform patients and obtain broad patient consent, by specifying the circumstances under which their withdrawal and opposition rights apply, so as to limit the risk of bias; (4) to facilitate access to data warehouses by providing technological and methodological aids. The roundtable also recommends increasing discussions between authorities in Europe on research topics, encouraging French authorities to contribute to the preparation of codes of conduct and setting up a voluntary harmonization procedure to coordinate the opinions of data protection authorities, while ensuring that key documents are available in English.

ATM Card Cloning and Ethical Considerations.

With the advent of modern technology, the way society handles and performs monetary transactions has changed tremendously. The world is moving swiftly towards the digital arena. The use of Automated Teller Machine (ATM) cards (credit and debit) has led to a "cash-less society" and has fostered digital payments and purchases. In addition to this, the trust and reliance of the society upon these small pieces of plastic, having numbers engraved upon them, has increased immensely over the last two decades. In the past few years, the number of ATM fraud cases has increased exponentially. With the money of the people shifting towards the digital platform, ATM skimming has become a problem that has eventually led to a global outcry. The present review discusses the serious repercussions of ATM card cloning and the associated privacy, ethical and legal concerns. The preventive measures which need to be taken and adopted by the government authorities to mitigate the problem have also been discussed.

The impact of the General Data Protection Regulation on health research.

Background: On the May 25, 2018 the General Data Protection Regulation (hereafter the GDPR or the Regulation) came into force, replacing the Data Protection Directive 95/46/EC (upon which the Data Protection Act 1998 is based), and imposing new responsibilities on organizations which process the data of European Union citizens. Sources of data: This piece examines the impact of the Regulation on health research. Areas of agreement: The Regulation seeks to harmonize data privacy laws across Europe, to protect and empower all EU citizen's data privacy and to reshape the way that organizations approach data privacy (See the GDPR portal at: https://www.eugdpr.org/ (accessed 8 May 2018). As a Regulation the GDPR is directly applicable in all member states as opposed to a directive which requires national implementing measures (In the UK the Data Protection Act 1998 was the implementing legislation for the Data Protection Directive 95/46/EC.). Areas of controversy: The Regulation is sector wide, but its impact on organizations us sector specific. In some sectors, the Regulation inhibits the processing of personal data, whilst in others it enables that processing. The Regulation takes the position that the 'processing of data should be designed to serve mankind' (Recital 4). Whilst it does not spell out what exactly is meant by this, it indicates that a proportionate approach will be taken to the protection of personal data, where that data can be processed for common goods such as healthcare. Thus, the protection of personal data is not absolute, but considered in relation to its function in society and balance with other fundamental rights in accordance with the principle of proportionality (Recital 4). Differing interpretations of proportionality can detract from the harmonization objective of the Regulation. Growing points: Reflecting the commitment to proportionality, scientific research holds a privileged position in the Regulation. Throughout the Regulation provision is made for organizations that process personal data for scientific research purposes to avoid restrictive measures which might impede the increase of knowledge. However, the application of the Regulation differs across health research sectors and across jurisdictions. Transparency and engagement across the health research sector is required to promote alignment. Areas timely for developing research: Research which focuses on the particular problems which arise in the context of the regulation's application to health research would be welcome. Particularly in the context of the operation of the Regulation alongside the duty of confidentiality and the variation in approaches across Member States.

Machine learning in medicine: Addressing ethical challenges.

Effy Vayena and colleagues argue that machine learning in medicine must offer data protection, algorithmic transparency, and accountability to earn the trust of patients and clinicians.

Ethical approach to the genetic, biometric and health data protection and processing in the new EU General Data Protection Regulation (2018).

PURPOSE: The main purpose of the present paper is to analyze the rules for processing of special categories of personal data (genetic data, including biological samples, biometric and health data) in the light of the new General Data Protection Regulation (GDPR), thus contributing to overview the health status and the biomedical state of the data subject. BACKGROUND: Over the last two decades, debating the European Union's (EU) major legislation with regard to personal data and patients' rights became relevant for the scientific research. The paper assesses the basic legal provisions with regard to the genetic, biometric and data concerning health considered as "sensitive data", while safeguarding the ethical standards of the scientific research. The present article investigates the ethical and legal approaches to processing personal data in the understanding of the new regulatory guidelines regarding the data protection, here including the health status and the rights of a data subject. CONCLUSIONS: The protection of natural persons with regard to the processing of genetic, biometric and health data and the free movement of such data are reinforced in the new GDPR entered into force in May 2016 and applied from 25 May 2018. The new legal context elucidates: the special categories of personal data ("sensitive data"), the "consent" and the research exemption by explicitly recognizing the "pseudonymised" data. Although the new guidelines revisit the EU data protection reform, it also grants the EU Member States the right to maintain or introduce further limitations to the processing of such data.

Conclusion: harmonisation in genomic and health data sharing for research: an impossible dream?

There are clear benefits from genomics and health data sharing in research and in therapy for individuals across societies. At the same time, citizens have different expectations and fears about that data sharing. International legislation in relation with research ethics and practice and, particularly, data protection create a particular environment that, as is seen in the articles in part two of this special issue, are crying out for harmonisation both at a procedural but at fundamental conceptual levels. The law of data sharing is pulling in different directions. This paper poses the question, 'harmonisation, an impossible dream?' and the answer is a qualified 'no'. The paper reflects on what can be seen in the papers in part two of the special issue. It then identifies three major areas of conceptual uncertainty in the new EU General Data Protection Regulation (not because it has superiority over other jurisdictions, but because it is a recent revision of data protection law that leaves universal conceptual questions unclear). Thereafter, the potential for Artificial Intelligence to meet some of the shortcomings is discussed. The paper ends with a consideration of the conditions under which data sharing harmonisation might be achieved: an understanding of a human rights approach and citizen sensitivities in considering the 'public interest'; social liberalism as a basis of solidarity; and the profession of 'researcher'.

Genomic Privacy.

BACKGROUND: Genetic information is unique among all laboratory data because it not only informs the current health of the specific person tested but may also be predictive of the future health of the individual and, to varying degrees, all biological relatives. CONTENT: As DNA sequencing has become ubiquitous with decreasing cost, large repositories of genomic data have emerged from the domains of research, healthcare, law enforcement, international security, and recreational consumer interest (i.e., genealogy). Broadly shared genomic data are believed to be a key element for future discoveries in human disease. For example, the National Cancer Institute's Genomic Data Commons is designed to promote cancer research discoveries by providing free access to the genome data sets of 12000 cancer patients. However, in parallel with the promise of curing diseases, genomic data also have the potential for harm. Genomic data that are deidentified by standard healthcare practices (e.g., removal of name, date of birth) can be reidentified by methods that combine genomic software with publicly available demographic databases (e.g., phone book). Recent law enforcement cases (i.e., Bear Brook Murders, Golden State Killer) in the US have demonstrated the power of combining DNA profiles with genealogy databases. SUMMARY: We examine the current environment of genomic privacy and confidentiality in the US and describe current and future risks to genomic privacy. Reidentification and inference of genetic information of biological relatives will become more important as larger databases of clinical, criminal, and recreational genomic information are developed over the next decade.

The ethics of mHealth: Moving forward.

There is great power and promise for mobile health (mHealth) technology in the realms of clinical practice and research. By offering the opportunity to reshape the interaction between clinician and patient or researcher and subject, the introduction of this technology allows clinicians and researchers access to larger quantities of more timely and reliable data. The potential developments are significant, and they are ethically relevant. With all technological developments, however, come new sets of ethical risks. In this paper, I assess the ethics of mHealth. I argue that while we have an ethical obligation to advance this work in order to further the quality and scope of care, the use of mHealth technology also presents challenges that must be addressed before and during the use of this technology. After describing the ethical landscape, I offer a pragmatic approach to meeting some of these challenges and minimizing ethical risk by switching from a privacy-centered frame to a consent-centered frame.