Should consent for data processing be privileged in health research?

Several recent data protection laws appear to afford a privileged position to scientific research, including health research. Provisions that might otherwise apply to data subjects and data controllers, including rights exercisable by data subjects against controllers, are lifted or lessened.However, when it comes to considering whether consent should serve as the lawful basis for processing data in the health research context, a fair degree of policy and regulatory divergence emerges. This divergence seems to stem from a normative link that some draw between consent as a research ethics principle and consent as a lawful basis in data protection law.We look at the EU General Data Protection Regulation (GDPR) and three national laws, either implementing the GDPR or inspired by it, to provide points of comparison: South Africa’s Protection of Personal Information Act, 2013, the UK’s Data Protection Act 2018, and Ireland’s Health Research Regulations 2018. We supplement this analysis by considering other relevant laws and regulations governing health research in these jurisdictions.We argue that there is merit in distinguishing research ethics consent from data processing consent, to avoid what we call ‘consent misconception’, and come to advocate a middle-ground approach in data protection law, ie one that does not mandate consent as the lawful basis for processing personal data in health research projects—but does encourage it. This approach, we argue, achieves the best balance for protecting data subject/research participant rights and interests and promoting socially valuable health research

To What Extent Does the EU General Data Protection Regulation (GDPR) Apply to Citizen Scientist-Led Health Research with Mobile Devices?

In this article, we consider the possible application of the European General Data Protection Regulation (GDPR) to “citizen scientist”-led health research with mobile devices. We argue that the GDPR likely does cover this activity, depending on the specific context and the territorial scope. Remaining open questions that result from our analysis lead us to call for lex specialis that would provide greater clarity and certainty regarding the processing of health data by for research purposes, including these non-traditional researchers