Articolo Pubblicato in Annals of internal Medicine, 5 marzo 2019.
Are Requirements to Deposit Data in Research Repositories Compatible With the European Union's General Data Protection Regulation?
Marta Tomasi
ABSTRACT
To reproduce study findings and facilitate new discoveries, many funding bodies, publishers, and professional communities are encouraging—and increasingly requiring—investigators to deposit their data, including individual-level health information, in research repositories. For example, in some cases the National Institutes of Health (NIH) and editors of some Springer Nature journals require investigators to deposit individual-level health data via a publicly accessible repository (1, 2). However, this requirement may conflict with the core privacy principles of European Union (EU) General Data Protection Regulation 2016/679 (GDPR), which focuses on the rights of individuals as well as researchers' obligations regarding transparency and accountability.
The GDPR establishes legally binding rules for processing personal data in the EU, as well as outside the EU in some cases. Researchers in the EU, and often their global collaborators, must comply with the regulation. Health and genetic data are considered special categories of personal data and are subject to relatively stringent rules for processing.
Request private full-text: on ResearchGate.
Deborah Mascalzoni, Heidi Beate Bentzen, Isabelle Budin-Ljøsne, Lee Andrew Bygrave, Jessica Bell, Edward S. Dove, Christian Fuchsberger, Kristian Hveem, Michaela Th. Mayrhofer, Viviana Meraviglia, David R. O'Brien, Cristian Pattaro, Peter P. Pramstaller, Vojin Rakić, Alessandra Rossini, Mahsa Shabani, Dan Jerker B. Svantesson, Lars Ursin, Matthias Wjst, Jane Kaye.