Big Data and Scientific Research: The Secondary Use of Personal Data under the Research Exemption in the GDPR

Mészáros, János; Ho, Chih-hsing

doi:10.1556/2052.2018.59.4.5

Cited by 13 publications

(9 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…35 However, both do not detail these safeguards due to the rapidly changing technological environment, providing “future-proof” regulation. The necessary safeguards, such as “pseudonymisation”, differ among the EU Member States ( Meszaros and Ho, 2018 ). Therefore, the required safeguards and the review process by authorities need harmonisation, especially in the case of AI systems for healthcare services and medical research ( Malgieri, 2019 ).…”

Section: Discussion and Actionable Recommendationsmentioning

confidence: 99%

The future regulation of artificial intelligence systems in healthcare services and medical research in the European Union

2022

View full text Add to dashboard Cite

Despite its promising future, the application of artificial intelligence (AI) and automated decision-making in healthcare services and medical research faces several legal and ethical hurdles. The European Union (EU) is tackling these issues with the existing legal framework and drafting new regulations, such as the proposed AI Act. The EU General Data Protection Regulation (GDPR) partly regulates AI systems, with rules on processing personal data and protecting data subjects against solely automated decision-making. In healthcare services, (automated) decisions are made more frequently and rapidly. However, medical research focuses on innovation and efficacy, with less direct decisions on individuals. Therefore, the GDPR’s restrictions on solely automated decision-making apply mainly to healthcare services, and the rights of patients and research participants may significantly differ. The proposed AI Act introduced a risk-based approach to AI systems based on the principles of ethical AI. We analysed the complex connection between the GDPR and AI Act, highlighting the main issues and finding ways to harmonise the principles of data protection and ethical AI. The proposed AI Act may complement the GDPR in healthcare services and medical research. Although several years may pass before the AI Act comes into force, many of its goals will be realised before that.

show abstract

Section: Discussion and Actionable Recommendationsmentioning

confidence: 99%

The future regulation of artificial intelligence systems in healthcare services and medical research in the European Union

2022

View full text Add to dashboard Cite

show abstract

“…4). Our approach resorts to a classical desk review that analyses inputs from relevant articles of the GDPR; their scholarly interpretation, with a focus on academic research [16,29,40,45,51]; and official guidance from data protection and cybersecurity authorities (like the European Data Protection Board-EDPB-and the European Union Agency for Cybersecurity-ENISA) [4-6, 20, 22, 31]. Similarly, to address the ethics-oriented questions (Sect.…”

Section: Methodology and Research Questionsmentioning

confidence: 99%

“…Even isolated pieces of information, when linked together, can lead to the identification of a person. Pseudonymized [40] data is considered personal data because it can be recombined to identify individuals, and so is encrypted data, when it can be easily decrypted. On the contrary, anonymized data that is irreversibly unlinkable to any individual is no longer considered personal data.…”

Section: Personal Data In Social Media Researchmentioning

confidence: 99%

Unwinding a Legal and Ethical Ariadne’s Thread Out of the Twitter Scraping Maze

Rossi

Kumari

Lenzini

2022

Privacy Symposium 2022

View full text Add to dashboard Cite

Social media data is a gold mine for research scientists, but such type of data carries unique legal and ethical implications while there is no checklist that can be followed to effortlessly comply with all the applicable rules and principles. On the contrary, academic researchers need to find their way in a maze of regulations, sectoral and institutional codes of conduct, interpretations and techniques of compliance. Taking an autoethnographic approach combined with desk research, we describe the path we have paved to find the answers to questions such as: what counts as personal data on Twitter and can it be anonymized? How may we inform Twitter users of an ongoing data collection? Is their informed consent necessary? This article reports practical insights on ethical, legal, and technical measures that we have adopted to scrape Twitter data and discusses some solutions that should be envisaged to make the task of compliance less daunting for academic researchers. The subject matter is relevant for any social computing research activity and, more in general, for all those that intend to gather data of EU social media users.

show abstract

“…These contain provisions related to the use of secondary data for medical research, including that no third party can access data without the consent of the individual concerned. However, the legislation makes specific and broad exemptions for research if it does not cause "substantial damage or distress" (ICO, 2020) and if pseudonymisation is applied (Mészáros, 2018). Despite this, it has been argued that this creates an imbalance by favouring data controllers at the expense of subjects (Pormeister, 2017).…”

Section: The Data Protection Act (2018) and Gdpr (General Data Protecmentioning

confidence: 99%

Using Secondary Health Data in Research

Omari

2021

Malays. j. med. biol. res.

View full text Add to dashboard Cite

The use of data in medical research that was originally collected for different purposes, known as secondary data, is an effective way to conduct reliable and cost-effective studies so as to progress knowledge in medicine. A number of serious practical, ethical and legal issues and concerns about this process exist, however. Ensuring a high level of data quality is imperative to produce reliable results, and researchers may face accessibility problems. Projects designed to alleviate these issues are underway, however, lowering the cost and increasing the access to secondary data even further. Although secondary data is de-identified to protect the confidentiality, ethical problems of individual rights versus the benefit of society persist, leading some to call for a new ‘macroethics’ surrounding data use. Legislation to this end has been introduced in many countries, but issues relating to the exemptions it offers and its interpretability remain. To ensure that the use of secondary data in medical research can continue to accelerate the pace of development in medicine, a global effort involving technological and ethical standardization needs to be developed.

show abstract

Big Data and Scientific Research: The Secondary Use of Personal Data under the Research Exemption in the GDPR

Cited by 13 publications

References 17 publications

The future regulation of artificial intelligence systems in healthcare services and medical research in the European Union

The future regulation of artificial intelligence systems in healthcare services and medical research in the European Union

Unwinding a Legal and Ethical Ariadne’s Thread Out of the Twitter Scraping Maze

Using Secondary Health Data in Research

Contact Info

Product

Resources

About