The European General Data Protection Regulation: ESMO reinforces harmonious uptake of health research provisions
ESMO welcomes the coming into effect of the EU General Data Protection Regulation in its final form which protects the privacy of patients without jeopardising clinical, translational and epidemiological research. However, for scientific research, including oncology research, to benefit from the Regulation, it needs to be interpreted and applied appropriately and in a harmonised manner across the EU.
ESMO's objective has been to achieve a balance between citizen data security and protecting the much-needed work of researchers by ensuring access to data, acknowledging the strict safeguards protecting medical data that are already in place.
Read the 2014 ESMO position paper:
See the ESMO GDPR position paper endorsements
In particular, ESMO has relentlessly supported and advocated for:
- The inclusion of a withdrawable ‘one-time consent’ from patients allowing their data and tissues to be used, subject to strict ethical standards, for future retrospective clinical research, which will also ensure the viability of biobanking (recital 33)
- The inclusion of a ‘no-consent’ principle to allow research based on data from population-based disease registries in line with strict ethical standards (recital 157)
ESMO continues to stress the need for a harmonised implementation of the EU Data Protection Regulation and is committed to helping EU institutions and individual Member States protect the future of health research by understanding the importance of these two crucial provisions and ensuring their uptake in practice.
Two years after the EU GDPR’s implementation and its corresponding guidelines, ESMO has identified concrete examples of inconsistencies of how Member States are interpreting the Regulation due to ambiguous guidance provided is resulting in fragmented implementation on the same issues as the previous legislative ‘Directive’, in particular in areas that affects patient consent and health research. ESMO outlined its concerns in the editorial below, which provides 3 recommendations and underscores the need for ESMO and the oncology community to work with the European Data Protection Board, EU Member States, and other supervisory authorities to ensure the harmonized application of the EU GDPR.
Read the 2020 ESMO Editorial:
See the ESMO GDPR paper endorsements
ESMO’s key messages
ESMO urges the EU Member States to take the following into considerations which are a serious cause for concern for future research, when they implement the GDPR:
- GDPR Recital 33 should be acknowledged as a means to guarantee, in all EU Member States, that patients have the right to provide, if willing, a withdrawable “one-time consent” to using their data and/or biological samples for future retrospective research, under the scrutiny of appropriate reviewing bodies (institutional review boards and/or ethics committees)
- GDPR Recital 157 should be acknowledged as a means to guarantee that in all EU member states’ population-based disease registries, including cancer registries, are allowed to operate with a “no-consent” policy under the supervision of relevant public health bodies
- Recital 29 and Article 28 (2) of the EU Clinical Trials Regulation should be implemented across the EU 27 to give patients enrolled in a clinical trial the right to consent that their data to be used retrospectively beyond the end and scope of the trial for future research.