Non classé

What Is Legal Basis in Research

The GDPR introduces a new legal basis, usually in addition to consent to research that « performs a task in the public interest or otherwise in the exercise of official authority. » Researchers must therefore prove this new legal basis when processing personal data for research. That basis shall apply where the processing of personal data is necessary for the performance of a task or function carried out in the public interest or in the exercise of official authority vested in the controller (e.B authority). Controllers must already have a legal basis for the processing of personal data. However, the new data protection law brings some changes in this area. For example, organisations must now include the legal basis for the processing in a « privacy policy » (information for data subjects about the processing). This information must be provided at the appropriate level. For example, the legal basis for the processing of a research organisation may be specified in the company information, but project-specific details on the purpose of the processing must be included in the participant`s information sheet for the individual research project. In addition, other national conditions may apply, as EEA countries may introduce specific conditions that must be met in order to rely on certain legal bases under Articles 6 and 9, which has led to legal differences throughout the EEA. However, this point is not addressed in this article. Consent is an important part of the research process and is often obtained to participate in research studies. One reason for this is that any disclosure of confidential information complies with the requirements of the common law duty of confidentiality.

When consent is obtained from research participants, they are usually told how their information is used. In recent guidance on the interaction between the GDPR and clinical trial rules, the European Commission[5] and the European Data Protection Board[6] have distinguished two types of treatment relevant to clinical trials: research activities and activities related to quality and safety monitoring. Section 2. General mandate. « The University . provide research and consulting services and provide advanced leadership in its areas of expertise. Section 10. Science and technology are crucial for national development and progress. The State shall give priority to research and development, invention, innovation and their use; and education, training and scientific and technological services.

It supports adequate and independent indigenous scientific and technological capacities and their application to the production systems and national life of the country. The European Data Protection Board provides two relevant legal bases for the use of sensitive personal data for research purposes: public interest (Article 6(1)(e)) and legitimate interest (Article 6(1)(f)). If the person responsible for carrying out the investigation does not have a legal mandate to do so, the legitimate interest should be taken into account. A legitimate interest cannot be invoked by the authorities, which generally rely on Article 6(1)(e). Article 6(1)(f) may be invoked where the legitimate interests of the controller (or of a third party) are not overridden by the « fundamental rights and freedoms of the data subject ». To this end, interest must be weighed against each other. Understanding your legal basis for the processing of personal data is the best starting point for the correct processing of data. In the EU, marketing authorisation holders are required to carry out pharmacovigilance activities at national level both under EU law (Regulation No 726/2004, Directive 2001/83/EC laying down Implementing Regulation (EU) No 520/2012) and under The legislation of the Member States. Accordingly, pharmacovigilance activities carried out in accordance with this requirement may be based on point (i) of Article 9(2) and point (c) of Article 6(1) (`Compliance with a legal obligation to which the controller is subject`). In the context of health research, test scales are tilted in favor of the controller when the interest benefits the wider community (e.g. B the development of a new drug or a better understanding of a pathology), rather than simply being the commercial interest of the controller.

If the proposed treatment has a significant impact on individuals, the result of the balancing test can be improved by putting in place protective measures to mitigate these impacts, such as. B, pseudonymisation of data, improvement of security, reduction of retention periods and data volume. As indicated in the last two rows of the table above, Article 9(2)(j) establishes a basis for the processing of sensitive personal data for research purposes. This issue is first addressed before addressing the relevant legal bases under Article 6, which can be consulted in conjunction with Article 9(2)(j). Article 7(3) of the GDPR gives individuals the right to withdraw their consent at any time. If consent is used as the legal basis for data processing and the person withdraws consent, there is no longer a legal basis for data processing and processing must be stopped. The processing of your personal data is necessary to protect your life. This legal basis can only be used if there is no other way to save a life. For example, you are in imminent danger but unconscious or mentally unable to give your consent. Or if aid is to begin immediately in the event of a major disaster. These public interest tasks must have a legal basis (i.e. be defined by law).

It is primarily a legal function, but it may also represent other functions of public interest that have a constitutional, customary or non-statutory legal basis. The Article 29 Working Party (« WP29 »), the predecessor of the European Data Protection Board, states that « there is no exception to this requirement for scientific research. If a controller receives a request for revocation, it must in principle delete the personal data without undue delay. [4] If withdrawal of consent is not possible or would significantly compromise the processing, consent is not the correct legal basis on which to rely. .