The opening and sharing of scientific data- The Data Policy of the U.S. National Institutes of Health

The opening and sharing of scientific data- The Data Policy of the U.S. National Institutes of Health

Li-Ting Tsai

  Scientific research improves the well-being of all mankind, the data sharing on medical and health promote the overall amount of energy in research field. For promoting the access of scientific data and research findings which was supported by the government, the U.S. government affirmed in principle that the development of science was related to the retention and accesses of data. The disclosure of information should comply with legal restrictions, and the limitation by time as well. For government-sponsored research, the data produced was based on the principle of free access, and government policies should also consider the actual situation of international cooperation[1]Furthermore, the access of scientific research data would help to promote scientific development, therefore while formulating a sharing policy, the government should also consider the situation of international cooperation, and discuss the strategy of data disclosure based on the principle of free access.

  In order to increase the effectiveness of scientific data, the U.S. National Institutes of Health (NIH) set up the Office of Science Policy (OSP) to formulate a policy which included a wide range of issues, such as biosafety (biosecurity), genetic testing, genomic data sharing, human subjects protections, the organization and management of the NIH, and the outputs and value of NIH-funded research. Through extensive analysis and reports, proposed emerging policy recommendations.[2] At the level of scientific data sharing, NIH focused on "genes and health" and "scientific data management". The progress of biomedical research depended on the access of scientific data; sharing scientific data was helpful to verify research results. Researchers integrated data to strengthen analysis, promoted the reuse of difficult-generated data, and accelerated research progress.[3] NIH promoted the use of scientific data through data management to verify and share research results.

  For assisting data sharing, NIH had issued a data management and sharing policy (DMS Policy), which aimed to promote the sharing of scientific data funded or conducted by NIH.[4] DMS Policy defines “scientific data.” as “The recorded factual material commonly accepted in the scientific community as of sufficient quality to validate and replicate research findings, regardless of whether the data are used to support scholarly publications. Scientific data do not include laboratory notebooks, preliminary analyses, completed case report forms, drafts of scientific papers, plans for future research, peer reviews, communications with colleagues, or physical objects, such as laboratory specimens.”[5] In other words, for determining scientific data, it is not only based on whether the data can support academic publications, but also based on whether the scientific data is a record of facts and whether the research results can be repeatedly verified.

  In addition, NIH, NIH research institutes, centers, and offices have had expected sharing of data, such as: scientific data sharing, related standards, database selection, time limitation, applicable and presented in the plan; if not applicable, the researcher should propose the data sharing and management methods in the plan. NIH also recommended that the management and sharing of data should implement the FAIR (Findable, Accessible, Interoperable and Reusable) principles. The types of data to be shared should first in general descriptions and estimates, the second was to list meta-data and other documents that would help to explain scientific data. NIH encouraged the sharing of scientific data as soon as possible, no later than the publication or implementation period.[6] It was said that even each research project was not suitable for the existing sharing strategy, when planning a proposal, the research team should still develop a suitable method for sharing and management, and follow the FAIR principles.

  The scientific research data which was provided by the research team would be stored in a database which was designated by the policy or funder. NIH proposed a list of recommended databases lists[7], and described the characteristics of ideal storage databases as “have unique and persistent identifiers, a long-term and sustainable data management plan, set up metadata, organizing data and quality assurance, free and easy access, broad and measured reuse, clear use guidance, security and integrity, confidentiality, common format, provenance and data retention policy”[8]. That is to say, the design of the database should be easy to search scientific data, and should maintain the security, integrity and confidentiality and so on of the data while accessing them.

  In the practical application of NIH shared data, in order to share genetic research data, NIH proposed a Genomic Data Sharing (GDS) Policy in 2014, including NIH funding guidelines and contracts; NIH’s GDS policy applied to all NIHs Funded research, the generated large-scale human or non-human genetic data would be used in subsequent research. [9] This can effectively promote genetic research forward.

  The GDS policy obliged researchers to provide genomic data; researchers who access genomic data should also abide by the terms that they used the Controlled-Access Data for research.[10] After NIH approved, researchers could use the NIH Controlled-Access Data for secondary research.[11] Reviewed by NIH Data Access Committee, while researchers accessed data must follow the terms which was using Controlled-Access Data for research reason.[12] The Genomic Summary Results (GSR) was belong to NIH policy,[13] and according to the purpose of GDS policy, GSR was defined as summary statistics which was provided by researchers, and non-sensitive data was included to the database that was designated by NIH.[14] Namely. NIH used the application and approval of control access data to strike a balance between the data of limitation access and scientific development.

  For responding the COVID-19 and accelerating the development of treatments and vaccines, NIH's data sharing and management policy alleviated the global scientific community’s need for opening and sharing scientific data. This policy established data sharing as a basic component in the research process.[15] In conclusion, internalizing data sharing in the research process will help to update the research process globally and face the scientific challenges of all mankind together.

 

 

[1]NATIONAL SCIENCE AND TECHNOLOGY COUNCIL, COMMITTEE ON SCIENCE, SUBCOMMITEE ON INTERNATIONAL ISSUES, INTERAGENCY WORKING GROUP ON OPEN DATA SHARING POLICY, Principles For Promoting Access To Federal Government-Supported Scientific Data And Research Findings Through International Scientific Cooperation (2016), 1, organized from Principles, at 5-8, https://obamawhitehouse.archives.gov/sites/default/files/microsites/ostp/NSTC/iwgodsp_principles_0.pdf (last visited December 14, 2020).

[2]About Us, Welcome to NIH Office of Science Policy, NIH National Institutes of Health Office of Science Policy, https://osp.od.nih.gov/about-us/ (last visited December 7, 2020).

[3]NIH Data Management and Sharing Activities Related to Public Access and Open Science, NIH National Institutes of Health Office of Science Policy, https://osp.od.nih.gov/scientific-sharing/nih-data-management-and-sharing-activities-related-to-public-access-and-open-science/ (last visited December 10, 2020).

[4]Final NIH Policy for Data Management and Sharing, NIH National Institutes of Health Office of Extramural Research, Office of The Director, National Institutes of Health (OD), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-013.html (last visited December 11, 2020).

[5]Final NIH Policy for Data Management and Sharing, NIH National Institutes of Health Office of Extramural Research, Office of The Director, National Institutes of Health (OD), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-013.html (last visited December 12, 2020).

[6]Supplemental Information to the NIH Policy for Data Management and Sharing: Elements of an NIH Data Management and Sharing Plan, Office of The Director, National Institutes of Health (OD), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-014.html (last visited December 13, 2020).

[7]The list of databases in details please see:Open Domain-Specific Data Sharing Repositories, NIH National Library of Medicine, https://www.nlm.nih.gov/NIHbmic/domain_specific_repositories.html (last visited December 24, 2020).

[8]Supplemental Information to the NIH Policy for Data Management and Sharing: Selecting a Repository for Data Resulting from NIH-Supported Research, Office of The Director, National Institutes of Health (OD), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-016.html (last visited December 13, 2020).

[9]NIH Genomic Data Sharing, National Institutes of Health Office of Science Policy, https://osp.od.nih.gov/scientific-sharing/genomic-data-sharing/ (last visited December 15, 2020).

[10]NIH Genomic Data Sharing Policy, National Institutes of Health (NIH), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-14-124.html (last visited December 17, 2020).

[11]NIH Genomic Data Sharing Policy, National Institutes of Health (NIH), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-14-124.html (last visited December 17, 2020).

[12]id.

[13]NIH National Institutes of Health Turning Discovery into Health, Responsible Use of Human Genomic Data An Informational Resource, 1, at 6, https://osp.od.nih.gov/wp-content/uploads/Responsible_Use_of_Human_Genomic_Data_Informational_Resource.pdf (last visited December 17, 2020).

[14]Update to NIH Management of Genomic Summary Results Access, National Institutes of Health (NIH), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-19-023.html (last visited December 17, 2020).

[15]Francis S. Collins, Statement on Final NIH Policy for Data Management and Sharing, National Institutes of Health Turning Discovery Into Health, https://www.nih.gov/about-nih/who-we-are/nih-director/statements/statement-final-nih-policy-data-management-sharing (last visited December 14, 2020).

 

Links
Download
※The opening and sharing of scientific data- The Data Policy of the U.S. National Institutes of Health,STLI, https://stli.iii.org.tw/en/article-detail.aspx?no=105&tp=2&i=168&d=8594 (Date:2024/06/14)
Quote this paper
You may be interested
The Status of Taiwan's Regulations Concerning with Access to Biological Resources

Preface In actual practice, the research and development of biotech medicine, food, and environmental products cannot be done by in-lab researches. This is a unique character of the biotechnology industry. To get the research going, the researchers need to search for and exploit new biological materials and, samples outside the lab. Therefore, the access to and management of biological resources have significant impact on the stimulation and development of national biotech industry. Ever since the enforcement of Convention on Biological Diversity (CBD) in 1992 by 172 countries, a general principal about conserving biological diversity and using biological resources has been set. According to CBD, States have sovereign rights over their own biological resources. CBD also encourages each State to access to and manage the biological resources conformed with the principals of conservation, sustainability, NOEL environment friendly, and adequate sharing of benefit arising from biological resources. Therefore, issues such as environmental protection and sustainability have become political issues internationally. If the ABS system for the access to biological resources is designed too strictly, the establishment of the system will make the research and development staffs and related institutions hang back with hesitation both domestically and internationally. Their intention of bioprospecting in the designated country will then be reduced. On the other hand, if the system is designed too loosely, it will not be able to protect the rights of the owner of the resources. As a result, currently, every country holds a cautious attitude in setting up the regulations of managing the access to biological resources. Currently, many countries and regional international organizations already set up ABS system, such as Andean Community, African Union, Association of Southeast Asia Nations (ASEAN), Australia, South Africa, and India, all are enthusiastic with the establishment of the regulations regarding the access management of biological resources and genetic resources. On the other hand, there are still many countries only use traditional and existing conservation-related regulations to manage the access of biological resources. Since it has been more than 10 years that the regulation of access to biological resources and benefit sharing has been developed in some countries, how is Taiwan's current situation regarding this issue? Taiwan's Existing Regulations on the Access to Bioloical Resources In terms of regulations, Taiwan's existing management style of the access to biological resources is similar to that of the US and the EU. It refers to the existing regulations on environmental protection and conservation, and evaluates from the perspective of environmental protection to control and manage the exploitation and application of the related biological resources. These regulations include the Wildlife Conservation Act, theNational Park Law, the Forestry Act, the Cultural Heritage Preservation Act, and the Aboriginal Basic Act. The paragraphs below describe the contents of the acts mentioned that are related to the access to biological resources. 1 、 Wildlife Conservation Act According to the Wildlife Conservation Act, the Protected Species and the products made of cannot be hunted, traded, owned, imported, exported, raised, bred, and processed unless the number of protected wildlife has exceeded the amount the environment permits, or carry the objectives of academic research and education with the permits of central or regional authorities. As for the hunting of General Wildlife, pre-application and approval is needed with the exception of projects based on the objectives of academic research or education. In addition, the import and export of the living wildlife and the products of Protected Wildlife are restricted to the condition of being permitted by management authority. With respect to the import and export of living Protected Wildlife, Academic research institutions and colleagues are the only person who can seek for the approval of management authority before they proceed. 2 、 National Park Law The design and management of Taiwan's national parks are based on the regulations listed in the National Park Law with the purpose of protecting our country's exclusive natural scenery, wildlife and historical spots. Based on the properties and the nature of resources, the national park management structures the preserved area into general control area, playground and resting area, spot of historical interest, special landmark area, and ecological protection area. Ecological protection area refers to the areas where the natural surroundings, creatures, the society they live and propagate are strictly protected only for the research of ecology. According to the regulation of National Park Law, inside the national park area, it is prohibited to hunt animals, fish, take off flowers or trees, not to mention the behaviours that are prohibited by the management authority. Exceptions are made based on the conditions of preserved areas and for the research purposes. In the general control area or resting area, the national park authority allows fishing or other activities agreed by the authority. However, these activities are prohibited in the preserved area of historical interest, special landmark area, and ecological protection area. To suit special purposes, in the special landmark area or ecological protection area, collection of specimens is allowed subject to the approval of authority. Under the purpose of academic research, better management of public safety, and special management of national park, the Ministry of the Interior will permit the collection of specimen. However, to enter the ecological protection area, one must obtain the permission of authority. 3 、 Forestry Act To protect the forest resources and to maximize the public welfare and economic effectiveness, some of the properties are classified as forestry land and being managed by authority. Based on the Forestry Act, management authority has to restrict the area of cutting timber and to identify the area or period of restricted digging of greensward, tree roots, and grass roots, based on the condition of the forest. In addition, to maintain the current ecological environment in the forest, and to preserve the diversity of species, identification of natural preserved area is needed inside the forestland. The entrance and exit of human and vehicles are controlled based on the nature of the resources inside the preserve area. Unless obtaining the approval from the management authority, not a single activity of damaging, logging or digging soil, stones, greensward and roots is allowed. Furthermore, any unauthorized activity of collecting specimen inside the forest recreation area and natural reserve will be fined. Collecting flowers and plants in these areas, or trespassing the natural reserve will also be fined. Only the activities taken by the aborigines to sustain their living or accommodate their customs are not restricted. 4 、 Cultural Heritage Preservation Act The objectives of setting up the Cultural Heritage Preservation Act are to preserve and apply the cultural resources, to enrich the spiritual lives of citizens, and to add glory to the existing diverse cultures. The Cultural Heritage Preservation Act classifies the natural landscape and scenery as cultural assets. Vistas of Natural Culture refer to the natural areas, landforms, plants and mineral which contain the values of preservation. It can be further grouped into natural preserved area and natural monuments. Since the natural monuments include the unusual plants and mineral, it is connected to the management of biological resources. According to the Cultural Heritage Preservation Act, unless approved by the management authority, it is prohibited to collect, log, destroy the plants or bio resources classified as natural monuments or trespass into the area of natural preserve. For the purposes of academic research, or for the memorial ceremony of aboriginal custom, research institute and the aborigines can collect the natural monuments without the approval of authority. 5 、 Aboriginal Basic Act To protect the basic rights of the aborigines, and to sustain and develop the aboriginal society, the Aboriginal Basic Act was designed and enacted. The government not only admits the aborigine's rights in lands and natural resources, but also permits the non-profit behaviour such as hunting of wildlife, colleting of wild plants and fungi for the objective of complying with traditional culture, ceremony or private uses. In addition, the Aboriginal Basic Act provides the requirement of Prior Informed Consent (PIC) to require government or private individual to inform the aborigines before they proceed with land development, resource exploitation, ecological preservation, and academic research in the land where the aborigines live. They need to consult and obtain the aborigines' agreement or participation, and to share the related interests derived from this project. In the case of restricting the aborigine's right of the use of land or natural resources by law, the government,shall consult with the aborigines or the tribe and reach the agreement. When the government wish to design and establish national park, national scenic area, forestry area, ecological protection area, recreational area, or other resource management authorities, the government should obtain the agreement from the local aborigines and to build up the co-management mechanism.

Executive Yuan Promotes Free Economic Demonstration Zone

I.Background To promote more liberal and internationalized development of Taiwan economy, Premier of Executive Yuan approved the “Free Economic Demonstration Zone Plan” on April 26, 2013. Meanwhile, an Executive Yuan Working Group on Promotion of Economic Demonstration Zone is set up to accelerate the mapping out of the promotion programs as well as detailed action plans. The first phase of the Free Economic Demonstration Zone is to be officially initiated in July. According to the “Free Economic Demonstration Zone Plan”, the relevant laws and provisions regarding the flowing of human and financial capitals, and of logistics, will be loosen up to a great degree, based on the core ideas of liberalization, internationalization, and forwardness. Other related measures such as offering of lands and taxation would also be made, in order to attract capitals from both the inside and outside of the country. In addition, the Free Economic Demonstration Zone will first develop economic activities such as intelligent computing, international medicine services, value-added agriculture and cooperation among industries, to accelerate the transformation of the industrial structure of Taiwan. In order to construe an excellent environment for business of full liberalization and internationalization, the promotion strategies will be focused on “break-through of legal frameworks and innovations of management mechanisms”. II.Content of the Plan To accelerate the promotion process, the Free Economic Demonstration Zone will be conducted in two phases. The first phase is centered on the existing free trade port areas, including five ports and one airport, incorporated with the nature of “being inside the country border but outside the tariff zone”. All the industrial parks in the near counties and cities will also be integrated. The promotion will be set out simultaneously in the north, middle and south of Taiwan. The effects of the promotion are expected to be magnified by fully utilizing the resources and the unique characters of industries of each region. Moreover, the promulgation of a special legislation on the Free Economic Demonstration Zone would be facilitated in the future. After this special legislation is passed, the set-ups of demonstration zones can be applied by authorities either of central or of local government and the related promotion works of the second phase will be unfolded immediately. According to the Executive Yuan, the Free Economic Demonstration Zone will be beneficial in terms of creating positive conditions for Taiwan to participate in regional trade organizations and attract both local and foreign investment, injecting new movement into the economic growth of Taiwan. III.Recent Development In addition, on August 8, 2013, relevant discussions on “Furtherance Plan for Free Economic Demonstration Zone Phase One” are further unfolded in the Executive Yuan conference. In addition, the Premier also indicates, that the furtherance of the Free Economic Demonstration Zone (hereafter: FEDZ) is divided into two phases. The first phase starts from the moment that the Plan is approved till the related special legislation is passed and promulgated. In this phase, the relevant tasks can be achieved through the ways of promulgation of administrative orders. On the other hand, the tasks concerning taxation benefits and other parts that involve legislation will not able to be initiated till the second phase of the Plan. For those tasks, the Council for Economic Planning and Development is asked to complete the drafting of this special legislation and related procedures for registering it into the Executive Yuan, together with the Ministry of Economic Affairs and other concerned agencies, in the hope that the related legislation works of the Executive Yuan can be completed before the end of this year. In respect of “Furtherance Plan for Free Economic Demonstration Zone Phase One”, Premier Jiang further points out, that FEDZ is a model incorporates the concept of “being inside the country border but outside the tariff zone” and the idea of “combining the stores upfront and the factories behind, outsourcing manufactures”. In this way, the hinterland of a port can be expended and magnified effects to be achieved through using the resources provided by the factory in behind. Under this pattern, the expansion effects that cities and counties such as New Taipei City and Changhua Country fight for, can be further extended by this concept of “factories in the back”. As for Port of Anping, over which Tainan City government has proactively fought for, can be listed as a demonstration zone once the Executive Yuan approved it as free trade port zone. In the future, other places that are with forward-looking industry and suitable can still be enlisted. Premier Jiang further expresses that, there are four demonstration industries in the first phase, including intelligent computing, international medicine services, value-added agriculture and cooperation among industries. Yet, he also points out that the demonstration of liberalized economy is a concept of “4+N”. It means that the demonstration will not be limited to the scope of these four industries. Other industries that match up with the idea of liberalization, internationalization and foresight can all be incorporated into FEDZ through continuing examination. Moreover, Premier Jiang later mentions on August 14th, that FEDZ is a crucial task for the government at this moment. He thus requests the Ministry of Economic Affairs, Ministry of Transportation and Communications, Ministry of Health and Welfare, and the Council of Agriculture, to enhance the training and service quality of staffers of the single service window of furtherance of FEDZ. Moreover, Premier Jiang additionally indicated in November, that the scope of the FEDZ will include Pingtung Agricultural Biotechnology Park and Kaohsiung Free Trade Port Area. The combination of the two will facilitate adding value to the agriculture in Taiwan and put momentum into quality agriculture, making the high-quality agricultural products of our country being sold to all over the world with swift logistic services. Premier Jiang also mentioned, that in order to avoid Taiwan being marginalized amid regional integrations of global economies, the government is facilitating industries of potentials by proactively promote the FEDZ. The current approach is to expend the original free trade port area with legislative bases, creating the demonstration zones of free economy by combing original establishments such as Pingtung Agricultural Biotechnology Park. If this approach and system is proved feasible, the next step would be promoting it to island-wide, making the whole nation open-up. IV.Conclusion In the past decade, the economic development in Taiwan, compared to neighboring economic zones such as Hong Kong, Korean or Singapore, was indeed stagnant. It is thus a positive move for the government to put great efforts in promoting FEDZ, in the hope that the liberalization and internationalization of the economy of this country can therefore be significantly improved. Yet, some commentators are of slightly more skeptical opinions, reminding that in terms of the tax relaxation in the Plan, similar approach was already taken by the government before, which did not lead to the expected outcome. In sum, it still remains as a continuing task for us and for the administration as well, to ponder on how Taiwan can find out its own unique strength in the face of global competition. How we can attract more international partners, to create mutual economic benefits. The FEDZ is undoubtedly a first step. Nevertheless, challenges are still ahead of the government, as to how to take many more steps in the future, in order to make Taiwan to march on the stage of the world again.

The Study of Estonian Human Genes Database

I. Introduction The human genes database or human genome project, the product under the policy of biotechnology no matter in a developed or developing country, has been paid more attention by a government and an ordinary people gradually. The construction of human genes database or human genome project, which is not only related to a country’s innovation on biotechnology, but also concerns the promotion of a country’s medical quality, the construction of medical care system, and the advantages brought by the usage of bio-information stored in human genes database or from human genome project. However, even though every country has a high interest in setting up human genes database or performing human genome project, the issues concerning the purposes of related biotechnology policies, the distribution of advantages and risks and the management of bio-information, since each country has different recognition upon human genes database or human genome project and has varied standards of protecting human basic rights, there would be a totally difference upon planning biotechnology policies or forming the related systems. Right now, the countries that vigorously discuss human genes database or practice human genome project include England, Iceland, Norway, Sweden, Latvia and Estonia. Estonia, which is the country around the Baltic Sea, has planned to set up its own human genes database in order to draw attention from other advanced countries, to attract intelligent international researchers or research groups, and to be in the lead in the area of biotechnology. To sum up, the purpose of constructing Estonian human genes database was to collect the genes and health information of nearly 70% Estonia’s population and to encourage bio-research and promote medical quality. II. The Origin of Estonian Human Genes Database The construction of Estonian human genes database started from Estonian Genome Project (EGP). This project was advocated by the professor of biotechnology Andres Metspalu at Tartu University in Estonia, and he proposed the idea of setting up Estonian human genes database in 1999. The purposes of EGP not only tried to make the economy of Estonia shift from low-cost manufacturing and heavy industry to an advanced technological economy, but also attempted to draw other countries’ attention and to increase the opportunity of making international bio-researches, and then promoted the development of biotechnology and assisted in building the system of medical care in Estonia. EGP started from the agreement made between Estonian government and Eesti Geenikeskus (Estonian Genome Foundation) in March, 1999. Estonian Genome Foundation was a non-profit organization formed by Estonian scientists, doctors and politicians, and its original purposes were to support genes researches, assist in proceeding any project of biotechnology and to set up EGP. The original goals of constructing EGP were “(a) reaching a new level in health care, reduction of costs, and more effective health care, (b) improving knowledge of individuals, genotype-based risk assessment and preventive medicine, and helping the next generation, (c) increasing competitiveness of Estonia – developing infrastructure, investments into high-technology, well-paid jobs, and science intensive products and services, (d) [constructing] better management of health databases (phenotype/genotype database), (e) … [supporting]… economic development through improving gene technology that opens cooperation possibilities and creates synergy between different fields (e.g., gene technology, IT, agriculture, health care)”1. III. The Way of Constructing Estonian Human Genes Database In order to ensure that Estonian human genes database could be operated properly and reasonably in the perspectives of law, ethics and society in Estonia, the Estonian parliament followed the step of Iceland to enact “Human Genes Research Act” (HGRA) via a special legislative process to regulate its human genes database in 2000. HGRA not only authorizes the chief processor to manage Estonian human genes database, but also regulates the issues with regard to the procedure of donation, the maintenance and building of human genes database, the organization of making researches, the confidential identity of donator or patient, the discrimination of genes, and so on. Since the construction of Estonian human genes database might bring the conflicts of different points of view upon the database in Estonia, in order to “avoid fragmentation of societal solidarity and ensure public acceptability and respectability”2 , HGRA adopted international standards regulating a genes research to be a norm of maintaining and building the database. Those standards include UNESCO Universal Declaration on the Human Genome and Human Rights (1997) and the Council of Europe’s Convention on Human Rights and Biomedicine (1997). The purpose of enacting HGRA is mainly to encourage and promote genes researches in Estonia via building Estonian human genes database. By means of utilizing the bio-information stored in the database, it can generate “more exact and efficient drug development, new diagnostic tests, improved individualized treatment and determination of risks of the development of a disease in the future”3 . In order to achieve the above objectives, HGRA primarily puts emphasis on several aspects. Those aspects include providing stronger protection on confidential identity of donators or patients, caring for their privacy, ensuring their autonomy to make donations, and avoiding any possibility that discrimination may happen because of the disclosure of donators’ or patients’ genes information. 1.HERBERT GOTTWEIS & ALAN PETERSEN, BIOBANKS – GOVERNANCE IN COMPARATIVE PERSPECTIVE 59 (2008). 2.Andres Rannamae, Populations and Genetics – Legal and Socio-Ethical Perspectives, in Estonian Genome Porject – Large Scale Health Status Description and DNA Collection 18, 21 (Bartha Maria Knoppers et al. eds., 2003. 3.REMIGIUS N. NWABUEZE, BIOTECHNOLOGY AND THE CHALLENGE OF PROPERTY – PROPERTY RIGHTS IN DEAD BODIES, BODY PARTS, AND GENETIC INFORMATION, 163 (2007).

Post Brexit – An Update on the United Kingdom Privacy Regime

Post Brexit – An Update on the United Kingdom Privacy Regime 2021/9/10   After lengthy talks, on 31 January 2020, the United Kingdom (‘UK’) finally exited the European Union (‘EU’). Then, the UK shifted into a transition period. The UK government was bombarded with questions from all stakeholders. In particular, the data and privacy industry yelled out the loudest – what am I going to do with data flowing from the EU to the UK? Privacy professionals queried – would the UK have a new privacy regime that significantly departs from the General Data Protection Regulation (‘GDPR’)? Eventually, the UK made a compromise with all stakeholders – the British, the Europeans and the rest of the world – by bridging its privacy laws with the GDPR. On 28 June 2021, the UK obtained an adequacy decision from the EU.[1] This was widely anticipated but also widely known to be delayed, as it was heavily impacted by the aftermaths of the invalidation of the US- EU Privacy Shield.[2]   While the rest of the world seems to silently observe the transition undertaken by the UK, post-Brexit changes to the UK’s privacy regime is not only a domestic or regional matter, it is an international matter. Global supply chains and cross border data flows will be affected, shuffling the global economy into a new order. Therefore, it is crucial as citizens of a digital economy to unpack and understand the current UK privacy regime. This paper intends to give the reader a brief introduction to the current privacy regime of the UK. The author proposes to set out the structure of the UK privacy legislation, and to discuss important privacy topics. This paper only focuses on the general processing regime, which is the regime that is most relevant to general stakeholders. UK Privacy Legislation   There are two main privacy legislation in the UK – the Data Protection Act 2018 (‘DPA’) and the United Kingdom General Data Protection Act (‘UK GDPR’). These two acts must be read together in order to form a coherent understanding of the current UK privacy regime.   The UK GDPR is the creature of Brexit. The UK government wanted a smooth transition out of the EU and acknowledged that they needed to preserve the GDPR in their domestic privacy regime to an extent that would allow them to secure an adequacy decision. The UK government also wanted to create less impact on private companies. Thus, the UK GDPR was born. Largely it aligns closely with the GDPR, supplemented by the DPA. ICO   The Information Commissioner’s Office (‘ICO’) is the independent authority supervising the compliance of privacy laws in the UK. Prior to Brexit, the ICO was the UK’s supervisory authority under the GDPR. A unique feature of the ICO’s powers and functions is that it adopts a notice system. The ICO has power to issue four types of notices: information notices, assessment notices, enforcement notices and penalty notices.[3] The information notice requires controllers or processors to provide information. The ICO must issue an assessment notice before conducting data protection audits. Enforcement is only exercisable by giving an enforcement notice. Administrative fines are only exercisable by giving a penalty notice. Territorial Application   Section 207(1A) of the DPA states that the DPA applies to any controller or processor established in the UK, regardless where the processing of personal data takes place. Like the GDPR, the DPA and the UK GDPR have an extraterritorial reach to overseas controllers or processors. The DPA and the UK GDPR apply to overseas controllers or processors who process personal data relating to data subjects in the UK, and the processing activities are related to the offering of goods or services, or the monitoring of data subjects’ behavior.[4] Transfers of Personal Data to Third Countries   On 28 June 2021, the UK received an adequacy decision from the EU.[5] This means that until 27 June 2025, data can continue to flow freely between the UK and the European Economic Area (‘EEA’).   As for transferring personal data to third countries other than the EU, the UK has similar laws to the GDPR. Both the DPA and the UK GDPR restrict controllers or processors from transferring personal data to third countries. A transfer of personal data to a third country is permitted if it is based on adequacy regulations.[6] An EU adequacy decision is known as ‘adequacy regulations’ under the UK regime.   If there is no adequacy regulations, then a transfer of personal data to a third country will only be permitted if it is covered by appropriate safeguards, including standard data protection clauses, binding corporate rules, codes of conduct, and certifications.[7] The ICO intends to publish UK standard data protection clauses in 2021.[8] In the meantime, the EU has published a new set of standard data protection clauses (‘SCCs’).[9] However, it must be noted that the EU SCCs are not accepted to be valid in the UK, and may only be used for reference purposes. It is also worth noting that the UK has approved three certification schemes to assist organizations in demonstrating compliance to data protection laws.[10] Lawful Bases for Processing   Basically, the lawful bases for processing in the UK regime are the same as the GDPR. Six lawful bases are set out in article 6 of the UK GDPR. To process personal data, at least one of the following lawful bases must be satisfied:[11] The data subject has given consent to the processing; The processing is necessary for the performance of a contract; The processing is necessary for compliance with a legal obligation; The processing is necessary to protect vital interests of an individual – that is, protecting an individual’s life; The processing is necessary for the performance of a public task; The processing is necessary for the purpose of legitimate interests, unless other interests or fundamental rights and freedoms override those legitimate interests. Rights & Exemptions   The UK privacy regime, like the GDPR, gives data subjects certain rights. Most of the rights granted under the UK privacy regime is akin to the GDPR and can be found under the UK GDPR. Individual rights under the UK privacy regime is closely linked with its exemptions, this may be said to be a unique feature of the UK privacy regime which sets it apart from the GDPR. Under the DPA and the UK GDPR, there are certain exemptions, meaning organizations are exempted from certain obligations, most of them are associated with individual rights. For example, if data is processed for scientific or historical research purposes, or statistical purposes, organizations are exempted from provisions on the right of access, the right to rectification, the right to restrict processing and the right to object in certain circumstances.[12] Penalties   The penalty for infringement of the UK GDPR is the amount specified in article 83 of the UK GDPR.[13] If an amount is not specified, the penalty is the standard maximum amount.[14] The standard maximum amount, at the time of writing, is £8,700,000 (around 10 million Euros) or 2% of the undertaking’s total annual worldwide turnover in the preceding financial year.[15] In any other case, the standard maximum amount is £8,700,000 (around 10 million Euros).[16] Conclusion   The UK privacy regime closely aligns with the GDPR. However it would be too simple of a statement to say that the UK privacy regime is almost identical to the GDPR. The ICO’s unique enforcement powers exercised through a notice system is a distinct feature of the UK privacy regime. Recent legal trends show that the UK while trying to preserve its ties with the EU is gradually developing an independent privacy persona. The best example is that in regards to transfers to third countries, the UK has developed its first certification scheme and is attempting to develop its own standard data protection clauses. The UK’s transition out of the EU has certainly been interesting; however, the UK’s transformation from the EU is certainly awaited with awe. [1] Commission Implementing Decision of 28.6.2021, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom, C(2021) 4800 final,https://ec.europa.eu/info/sites/default/files/decision_on_the_adequate_protection_of_personal_data_by_the_united_kingdom_-_general_data_protection_regulation_en.pdf.. [2] Judgment of 16 July 2020, Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems, C-311/18, EU:C:2020:559, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62018CJ0311. [3] Data Protection Act 2018, §115. [4] Data Protection Act 2018, §207(1A); REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 3. [5] supra note 1. [6] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 44-50. [7] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 46-47. [8]International transfers after the UK exit from the EU Implementation Period, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit/ (last visited Sep. 10, 2021). [9] Standard contractual clauses for international transfers, European Commission, https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en (last visited Sep. 10, 2021). [10] ICO, New certification schemes will “raise the bar” of data protection in children’s privacy, age assurance and asset disposal, ICO, Aug. 19, 2021, https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/08/ico-approves-the-first-uk-gdpr-certification-scheme-criteria/ (last visited Sep. 10, 2021). [11] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 6(1)-(2); Lawful basis for processing, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/ (last visited Sep. 10, 2021). [12] Data Protection Act 2018, sch 2, part 6, para 27. [13] id. at §157. [14] id. [15] id. [16] id.

TOP