The Regulation of Biobanking in Germany

Biobanking in Germany is currently not subject to sui generis regulation. Instead, a plethora of norms from differing areas of law form the bundle of regulation that applies to biobanking. The exact shape and extent of the bundle depends on the exact configuration of the biobank. In the context of data protection, the rather fragmented nature of the regulation is to a certain extent alleviated by the direct impact of the EU General Data Protection Regulation (GDPR). In particular, the federalized system of data protection in Germany is simplified by an overarching set of norms that apply equally across the board. Whilst this is a welcome systematization of this part of the regulation of biobanking in Germany, the exact nature of the implementation of the Regulation raises novel issues in its own right. In this paper, I will outline the fragmented nature of biobank regulation in Germany, illustrate the issues on the basis of Germany’s population biobank NaKo and then discuss some of the more significant issues raised by the GDPR in the context of biobanking

Purpose definition as a crucial step for determining the legal basis under the GDPR:Implications for scientific research

The General Data Protection Regulation (GDPR) of the European Union, which became applicable in 2018, contains a new accountability principle. Under this principle, controllers (ie parties determining the purposes and the means of the processing of personal data) are responsible for ensuring and demonstrating the overall compliance with the GDPR. However, interpretive uncertainties of the GDPR mean that controllers must exercise considerable judgement in designing and implementing an appropriate compliance strategy, making GDPR compliance both complex and resource-intensive. In this article, we provide conceptual clarity around GDPR compliance with respect to one core aspect of the law: the determination and relevance of the purpose of personal data processing. We derive from the GDPR’s text concrete requirements for purpose specification, which we subsequently apply to the area of secondary use of personal data for scientific research. We offer guidance for correctly specifying purposes of data processing under different research scenarios. To illustrate the practical necessity of purpose specification for GDPR compliance, we then show how our proposed approach can enable controllers to meet their compliance obligations, using the example of the overarching GDPR principle of lawfulness to highlight the relevance of purpose specification for the identification of a suitable legal basis

GYNOCARE Update: Modern Strategies to Improve Diagnosis and Treatment of Rare Gynecologic Tumors—Current Challenges and Future Directions

More than 50% of all gynecologic tumors can be classified as rare (defined as an incidence of ≤6 per 100, 000 women) and usually have a poor prognosis owing to delayed diagnosis and treatment. In contrast to almost all other common solid tumors, the treatment of rare gynecologic tumors (RGT) is often based on retrospective studies, expert opinion, or extrapolation from other tumor sites with similar histology, leading to difficulty in developing guidelines for clinical practice. Currently, gynecologic cancer research, due to distinct scientific and technological challenges, is lagging behind. Moreover, the overall efforts for addressing these challenges are fragmented across different European countries and indeed, worldwide. The GYNOCARE, COST Action CA18117 (European Network for Gynecological Rare Cancer Research) programme aims to address these challenges by creating a unique network between key stakeholders covering distinct domains from concept to cure: basic research on RGT, biobanking, bridging with industry, and setting up the legal and regulatory requirements for international innovative clinical trials. On this basis, members of this COST Action, (Working Group 1, “Basic and Translational Research on Rare Gynecological Cancer”) have decided to focus their future efforts on the development of new approaches to improve the diagnosis and treatment of RGT. Here, we provide a brief overview of the current state of-the-art and describe the goals of this COST Action and its future challenges with the aim to stimulate discussion and promote synergy across scientists engaged in the fight against this rare cancer worldwide

Introduction

The General Data Protection Regulation (GDPR) is already four years old legal instrument, with over two years of practical experience, yet, several central questions on its application, its importance in scientific research, rights of the data subjects, and obligations on the controllers and processors remain uncharted. In this edited volume, questions ranging from the meaning of the GDPR provisions for a particular research project to impact of the GDPR on long term collaborations, when the UK is leaving the EU are is discussed. This chapter sets out the aim of this book and provides an overview of how various contributions interplay to shed light on how the GDPR shapes the research regimes on the use of personal data in biobanking by EU Member States

Data portability in health research and biobanking: legal benchmarks for appropriate implementation

International audienceThis article examines the content of data portability right (II), operationalisation of data portability in health research context and related challenges (III) by considering both GDPR provisions and special Guidelines from the European Data Protection Board (ex-Article 29 Data Protection Working Party). We provide in depth analysis of the provisions and tables for easing the identification of potential implementation of data portability in health research contexts

Harmonization after the GDPR? Divergences in the rules for genetic and health data sharing in four member states and ways to overcome them by EU measures: insights from Germany, Greece, Latvia and Sweden

The EU member states’ healthcare and health-related research sectors are both characterized by an emerging infrastructural coalescence on a national and European level. The culmination of this coalescence is the planned creation of a European Health Data Space, an EU-wide infrastructure for the processing of personal data for healthcare and for secondary uses such as scientific research. In contrast to growing technical interoperability, the legal framework for such integration is not yet defined in detail, particularly with regard to data protection law. Its development is accompanied by discussions about divergent member state implementations of the EU General Data Protection Regulation (GDPR) that affect data sharing between healthcare and scientific research actors and across various sectors driven by divergent processing purposes. The article presents four member states’ main rules on data sharing based on the respective provision of the GDPR in six health-related contexts regarding data sharing across the healthcare and research sector and between the main actors of those sectors. The striking differences are then evaluated from the perspective of their factual effect on European data sharing depending on the legal characteristics of the GDPR provisions they rely on. Against this backdrop, the planned regulatory measures for the setup of the European Health Data Space are introduced and evaluated with regard to further harmonization between member states’ laws and possibilities to overcome divergences in data protection rules relevant for European data sharing. The results of the analysis point to the conclusion that the destructive effect of divergent member state rules depends on the legal qualification of the EU provisions they rely on and that this qualification also determines which further EU regulatory measure would be the most effective to set the framework for the European Health Data Space