Transparency in relation to the data subject in genetic research – an analysis on the example of Estonia
Date
2019-11-25
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
EL isikuandmete kaitse üldmäärusest tuleneva läbipaistvuse põhimõtte järgi peab inimese jaoks olema tema isikuandmete töötlemine läbipaistev. Reeglina peab inimesele teada olema, kas ja millisel eesmärgil ning kelle poolt tema andmeid töödeldakse. Selle tagamiseks tuleb vastav teave isikule teatavaks teha enne, kui temalt võetakse nõusolek isikuandmete töötlemiseks. Kui isikuandmete töötlemine toimub ilma nõusolekuta (st seaduse alusel), rakendub üldine teavitamiskohustus. Lisaks aitab isikuandmete töötlemise läbipaistvust tagada ka see, et üldjuhul tohib isikuandmeid kasutada ainult eesmärkidel, millistel neid koguti.
Esimesed kaks kirjeldatud reeglit kehtivad ka juhul, kui isikuandmeid töödeldakse teadusuuringute eesmärgil. Küll aga ei kehti isikuandmete töötlemisel teaduses eesmärgi piirang. Sõltumata sellest, kas isikuandmed koguti nõusoleku või seaduse alusel ning millistel eesmärkidel need koguti, on neid võimalik hiljem kasutada kõikvõimalikel teaduslikel eesmärkidel. Seega peaks teadusuuringute eesmärgil toimuva isikuandmete töötlemise puhul töötlemise läbipaistvust isiku suhtes tagama isiku teavitamine vähemalt tema andmete töötlemise faktist, töötlemise eesmärkidest ja töötleja isikust. Doktoritöö eesmärk on uurida, kas ja kuidas on tagatud geeniandmete töötlemise läbipaistvus isiku suhtes, kelle geeniandmeid töödeldakse teadusuuringute eesmärgil. Selleks uuritakse probleeme, mis tekivad geeniuuringute puhul isikult nõusoleku võtmise eelse teavitamisega, ning kitsaskohti, mis võivad esineda isiku teavitamisel juhul, kui andmeid töödeldakse geeniuuringute eesmärgil ilma isiku nõusolekuta. Doktoritöös jõutakse järeldusele, et kehtiv õigus ei taga geeniandmete töötlemise läbipaistvust inimese suhtes olukorras, kus geeniandmeid töödeldakse teadusuuringute eesmärgil.
According to the principle of transparency arising from the General Data Protection Regulation of the EU, personal data must be processed in a manner transparent to the individual. As a general rule, the individual must be informed of the fact and purposes of the processing of their data, and the identity of the data controller. Accordingly, individuals must be provided this information prior to giving consent to the processing of their data. If the processing is undertaken without the consent of the individual (i.e. based on law), the general obligation to provide information applies. In addition, another measure of facilitating transparency of personal data processing is the purpose limitation, according to which personal data may only be processed for purposes for which it was collected. The first two described rules apply as well when personal data is processed for research purposes. However, the purpose limitation does not apply in the research context. Regardless of whether personal data was obtained based on informed consent or law, it can later be used for (different) research purposes. Thus, if personal data is processed for research purposes, transparency in relation to the individual should be facilitated via the provision of information regarding at least the fact and purposes of processing, and the identity of the controller. The aim of this dissertation is to determine, if and how transparency in relation to the individual is facilitated in scenarios where genetic data is being processed for research purposes. In order to do so, the author analyses problems related to the provision of information prior to obtaining consent for genetic research, and the shortcomings of the general obligation to provide information where genetic data is used in research without consent. The author concludes that current regulatory frameworks do not adequately facilitate transparency in relation to individuals in regard to the use of their genetic data if the genetic data is processed for research purposes.
According to the principle of transparency arising from the General Data Protection Regulation of the EU, personal data must be processed in a manner transparent to the individual. As a general rule, the individual must be informed of the fact and purposes of the processing of their data, and the identity of the data controller. Accordingly, individuals must be provided this information prior to giving consent to the processing of their data. If the processing is undertaken without the consent of the individual (i.e. based on law), the general obligation to provide information applies. In addition, another measure of facilitating transparency of personal data processing is the purpose limitation, according to which personal data may only be processed for purposes for which it was collected. The first two described rules apply as well when personal data is processed for research purposes. However, the purpose limitation does not apply in the research context. Regardless of whether personal data was obtained based on informed consent or law, it can later be used for (different) research purposes. Thus, if personal data is processed for research purposes, transparency in relation to the individual should be facilitated via the provision of information regarding at least the fact and purposes of processing, and the identity of the controller. The aim of this dissertation is to determine, if and how transparency in relation to the individual is facilitated in scenarios where genetic data is being processed for research purposes. In order to do so, the author analyses problems related to the provision of information prior to obtaining consent for genetic research, and the shortcomings of the general obligation to provide information where genetic data is used in research without consent. The author concludes that current regulatory frameworks do not adequately facilitate transparency in relation to individuals in regard to the use of their genetic data if the genetic data is processed for research purposes.
Description
Väitekirja elektrooniline versioon ei sisalda publikatsioone
Keywords
genetic research, gene donors, personal data, health data, data processing, access to information, informed consent, data security, juridical aspects