1 Introduction

The dominant current trend in genetics is trying to become more precise in targeting individual characteristics related to genotype and environmental factors that are decisive for diagnosis, treatment and prevention of disease. This development has been called personalised or precision medicine. Individuals are exposed to different risks of illness and risk profiling is part of the goal to stratify medical intervention and prevention in accordance with individual characteristics. This development stands in apparent conflict with the parallel aim to strengthen privacy protection as laid down and explicated in detail through the GDPR. One may rightfully ask how much of the private sphere that will be left as a secluded protected sphere as medicine gets more and more personal.

2 Personalised Genetics

There is a massive production of genetic information by academic- and industry-associated scientists. A common feature of this research is its focus on future medical and clinical application. Large prospective biobanks and—omic-databases are created as research infrastructures with links made to medical and personal data. They are intended to revolutionize the whole understanding of clinical and medical application by ‘personalizing medicine’. Advances in genomics and Next Generation Sequencing are leading to the discovery of new genes that cause disease or at least correlate with a higher risk. From the perspective of current and future patients, the development of the field of genetic and life-style related risk information is of immense interest. The vision that is now being established and applied in the clinics is that we may move from trial-and-error therapies to evidence-based personalised medicine in clinical practice. It should be observed that the term ‘personalised’ does not imply medicine tailored to the needs of each individual but rather an approach whereby populations of patients are stratified into groups of good and bad responders before treatment is started, or to groups with special sensitivity to toxicity of drugs.Footnote 1 However, within a relatively short time frame one can foresee the usage of pre-emptive screening of an individual’s genome, perpetually available as part of an individual’s genetic examination, i.e. genetic examination performed in anticipation of future medical needs, and the associated development of medical record systems that can accommodate large-scale patient-specific genotypic information to be used in future medical consultations by general practitioners, specialist doctors and by their patients.Footnote 2

Traditionally, genetic testing was confined to specialist medical genetic services, focused on relatively rare, high penetrance inherited diseases. In contrast, the common, complex disorders such as dementia, heart diseases, diabetes, and cancer are usually the result of variation in many genes, each contributing a small amount of genetic susceptibility, acting in concert with environmental or epigenetic factors. Some of the environmental factors might be changeable (as nutrition, exercise, avoiding toxic substances) while other rather less (such as pollution of air or water, psycho-social stress). Being genetically higher at risk might give individuals a reason to avoid those manageable factors to counterbalance their risk. But the interpretation of such information is generally very complicated already in a traditional clinical setting. The challenge for the health care system is illustrated by the following Fig. 1:Footnote 3

Fig. 1
A schematic has factors in 4 columns. 1. identified genes with high penetrance. 2. genetic vulnerability but genes have not been identified for testing. 3. there is a genetic component but several modifiable risk factors influence the total risk. 4. a specific modifiable risk factor is decisive for the absolute risk.

Relative importance of genetic and environmental factors affecting an individual’s prospect of modifying his or her health risk

Full size image

The numeral I at the left of the figure represents diseases in which an individual can do very little to control his or her risk. At the other extreme, IV on the right, we find diseases where almost the entire risk may be managed if the individual changes health-related behaviour. One example here is Cardiovascular Diseases where for Heart Infarction 90% of the total risk is related to modifiable factors.Footnote 4 Another challenge in bringing new pre-emptive information to the clinic is related to risk perception. Interpretation of risk language as well as risk perception is variable and in order for clinicians, counsellors and their patients to engage in meaningful shared decision-making more knowledge is needed about individuals’ perceptions as well as of how to apply different models of risk communication and informed consent that respects autonomy. Risk communication in the clinic has been criticized for leaving the patient alone with difficult assessments and decisions to make.Footnote 5 At the same time, one should acknowledge that genetic profiling with identification of biomarkers is estimated to enable prediction and facilitate early treatment as well as preventive interventions of great benefit for individuals carrying an increased risk.

Genetic, medical and environmental data are the key tools for this development in personalised medicine and sharing of data between different research groups across national borders an intrinsic feature. Sharing and access to data is vital for most health-related research but it is of highest importance for research in Rare Diseases because of the scarcity of research participants and their associated data.Footnote 6 GDPR recognizes the special sensitivity and need for protection of genetic data. Genetic data is defined as ‘personal data relating to the inherited or acquired genetic characteristics of a natural person which result from the analysis of a biological sample from the natural person in question, in particular chromosomal, deoxyribonucleic acid (DNA) or ribonucleic acid (RNA) analysis, or from the analysis of another element enabling equivalent information to be obtained’.Footnote 7 With this definition also proteins and other biomarkers, that are playing an increasing role in personalised medicine, are covered.

3 The Central Value of Privacy

The central value of privacy and the recognition of each individual’s claim of a protected private sphere can be thought to be justified by the circumstance that every human being has the right to determine who is allowed to have an insight into personal matters or to have access to information relating to that person as a private individual. This is how the notion of privacy protection is laid out in the EU Charter of Fundamental Rights.Footnote 8 This Charter emphasizes the right of each individual to protection of privacy within the fields of medicine and biology, implying a free and informed consent regarding access to their data according to procedures laid down by law (Article 3). Article 8 of the Charter also grants the individual the right to the protection of personal data implying that the processing of such data requires consent of the person concerned or other legally-recognized means. These articles conform to the European Convention for the Protection of Human Rights and Fundamental Freedoms, and the Social Charters adopted by the Council of Europe.

From a psychological viewpoint, the scope of the private sphere which a person wishes to define in this way, will be found to vary greatly. Whereas one person may be very unwilling to provide private information, another will freely expose themselves, both physically and with regard to their inner tendencies and thoughts. Some people look upon the fact that they can be observed through a window by a stranger as invasive, whereas others accept it without difficulty as part of the price to be paid for living in a town. From a historical and a philosophical point of view there are several accounts of privacy and its central importance in society.Footnote 9 James Rachels has suggested the enjoyment of a protected private sphere as a necessary condition for social diversity where we may have different kinds of relationships with our fellow beings.Footnote 10 According to Rachels, a private sphere is necessary in order to maintain a variety of social relations and he argues for the value of private life as a necessary requirement for being at all able to participate in several different types of relations. In Rachels’ view, there is a close connection between human beings’ control over who has access to personal information and their capacity to maintain different types of relationships with different people. If all had the same right to intimacy and access to the same information about an individual, it becomes difficult for the individual to live a socially fully adequate life together with family members, friends, colleagues, neighbours, cosignatories to an agreement or the man in the street or subway.

Historically and culturally the importance and practical implementation of a protected private sphere has varied but two central features seem to be common.Footnote 11 It is important (1) that an individual has access to a secluded private sphere and (2) that each individual is free to decide who will have access to this sphere, for example, to private information or to a private space. Invasion of privacy can lead to injustice through unfairly discriminatory use of personal information though an individual may be harmed merely by having exposed to the public gaze what they would prefer to be private. Respect for privacy is a means of respecting an individual but it can also be instrumental to establish trust, for example, in medical research contexts. Privacy is a central social value but it is not an absolute value. It has sometimes to be balanced against other important interests, both for society at large and for the individual citizens themselves. The individual has an interest in being allowed to be left in peace but at the same time participating in a community together with other people. Individuals seek an opportunity for a private sphere, which is part of a larger social space in which they participate in various types of social relationships together with other individuals. Within the family, individuals wish people to respect that certain matters are deeply personal, but at the same time they wish to participate in the inner life of the family. So too, in the case of friendship. There is a desire both for privacy and for participation. Genetic research has provided insight into the individual’s genetic material in a way which was previously impossible, but thereby allowing new possibilities for the diagnosis and treatment of hereditary illnesses. Individuals have an interest in non-interference but also an interest in profiting from the results, which such interference can give. It is only through participation in research projects and the establishment of large infrastructures for biobanking, genetic and -omic research an individual may reap the fruits in terms of improved diagnosis, treatment and prevention. This central feature of having to balance privacy against other vital interests is well reflected both in accounts of human rights and, as we will see, in the legal premises as laid down in Recital 4 of GDPR.

4 Balancing Privacy with Research Interests from a Human Rights Perspective and the Principle of Proportionality

As described, the Charter of Fundamental Rights of the European Union emphasizes the right of each individual to protection of privacy. In addition, the Charter also lays down human fundamental rights of each individual to social security benefits and social services in cases of illness (Article 34) as well as the rights to preventive health care and to benefit from medical treatment under the conditions established by national laws and practices (Article 35). Accordingly, the founding document of the European Union recognizes both the privacy right leading to requirements of respecting autonomy, providing information, obtaining consent etc., and the right to health care and social services in cases of illness as fundamental individual rights, notwithstanding that there may also be societal and public health related interests concerned. Normally we consider a right to be empty and rather meaningless if there is no corresponding duty. This is usually the case with rights to health, they require someone to take on the corresponding duty, to provide the necessary means for fulfilling the right and to monitor how the rights to health are recognized. Within the European context these duties will fall on the national governments who will have to provide the resources needed for implementing rights to health, medicine and social services. This will not be part of the EU competencies and the European Commission powers. However, they have both the competence and the powers to lay down the principles that should guide how the balancing of the different rights and interests should be made. This is the role of the GDPR regarding the protection of privacy.

The basic principle in this regard is the principle of proportionality as stated in Recital 4: ‘The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality’. This guiding principle reflects indeed very well the need of ethical balancing privacy interests against other interests such as those related to carrying out scientific research and using genetic data for the benefit of current and future patients, in accord with the account provided regarding privacy above. With this principle of proportionality, with its emphasis of taking into account both privacy concerns and the use of personal data for vital ends such as to be accomplished through research, in mind I will now turn to some of the detailed regulations in the GDPR and what they may imply for scientific research using genetic as well as other kinds of personal data.

From a doctrinal legal perspective it remains to be seen how exactly the different interests of privacy and scientific research should be balanced, something that should be based on case law from the European Court of Human Rights and the Court of Justice of the European Union. Meanwhile and pending such cases, there is a need for national legislators, national authorities, ethical review boards and researchers to steer in a way that takes account of the basic ethical values as discussed and exemplified in GDPR. It should in this context be observed that, generally speaking, researchers are loyal to the law and that they rarely, if ever, appeal a decision made by a public authority, or go to court in order to get their way through regarding, e.g. issues related to the use of personal data or informed consent procedures. The intention in this analysis is that the premises provided will be helpful as a guide for the national implementation of GDPR in the context of scientific research.

4.1 Premise 1: Promote the Free and Secure Flow of Data Across Borders

The sharing of genomic and health-related data for biomedical research is of key importance in ensuring continued progress in our understanding of human health and wellbeing. In particular for rare diseases but to an increasing extent also in other disease areas sharing of data is necessary in order to validate biological and clinical findings made in smaller local and national cohorts. As exemplified by a case in the area of rare diseases, a clinical trial in the rare disease juvenile dermatomyositis had to engage with 103 clinical centers in 30 different countries worldwide in order to collect the needed number of 130 patients.Footnote 12 On this background Recital 53 of GDPR is pertinent: ‘Member States should be allowed to maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or data concerning health. However, this should not hamper the free flow of personal data within the Union when those conditions apply to cross-border processing of such data’. Further support for this may be found in Article 27 of the 1948 Universal Declaration of Human Rights which lays down the rights of every individual in the world ‘to share in scientific advancement and its benefits’ (including to freely engage in responsible scientific inquiry), and at the same time ‘to the protection of the moral and material interests resulting from any scientific… production of which [a person] is the author.’

It should be observed that open access and free flow of data does not imply unconditional flow. GDPR sets up several precautionary measures in order to protect data from unauthorised use, as will be presented shortly. There are also interests of researchers, institutions and research subjects that needs to be considered. The following five principles for the stewardship of bio-specimens and data repositories may constitute a common premise for sharing and access to data, as well as human biological samples.Footnote 13

  1. I.

    Respect for privacy and autonomy: stewardship implies protection of participants’ privacy. Privacy protection measures should be in place and informed consent must provide provisions for future research purposes described in general terms using data and biospecimens.

  2. II.

    Reciprocity: stewardship also implies giving back. Feedback of general results should be channeled to institutions and patients.

  3. III.

    Freedom of scientific enquiry: stewardship should encourage openness of scientific enquiry, and maximize data and bio-specimen use and sharing so as to exploit their full potential to promote health.

  4. IV.

    Attribution: the intellectual investment of investigators involved in the creation of data registries and bio-repositories is often substantial, and should be acknowledged by mutual agreement.

  5. V.

    Respect for intellectual property: the sharing of data and biospecimens needs to protect proprietary information and address the requirements of institutions and third-party funders.

It is made clear in the GDPR that use and sharing of data should always be made in a secure manner. As stated in Recital 39, ‘Personal data should be processed in a manner that ensures appropriate security and confidentiality of the personal data, including for preventing unauthorised access to or use of personal data and the equipment used for the processing’.

The chief instrument for achieving this is to protect individuals from identification by using a mechanism for pseudonymization. The definition of this is described in Article 4.5, pseudonymization ‘means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person’. In practice there are several technical solutions available. When designing such a system of protection one must always keep in mind that while there should be strong measures for protection of privacy one must not make it too cumbersome for researchers to use and share data in an efficient way.

4.2 Premise 2: Make Sure Informed Consent and/or Ethical Approval Covers All Use of Data

Following Article 6.1.a end e, for research purposes there are in essence two applicable legal grounds for the use of personal data: an informed consent followed by an approval by an ethical review board or such an approval based on the recognition of a research project as being of public interest. It should be observed here that also private research institutes and companies may refer to handling of personal data for a research purpose as being a public interest, provided that national law lays down that research performed by them can be regarded as a public interest. The latter ground is of particular interest for retrospective studies where it may be impractical to contact research subjects and ask for a renewed consent. This is evident from the wordings of Recital 62: ‘However, it is not necessary to impose the obligation to provide information where the data subject already possesses the information, where the recording or disclosure of the personal data is expressly laid down by law or where the provision of information to the data subject proves to be impossible or would involve a disproportionate effort. The latter could in particular be the case where processing is carried out for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes’. In any case a research project processing personal data needs approval by a legitimate ethical review board, also when claiming public interest as the legal ground.

Regarding informed consent it should be observed that GDPR recognizes the need and option for a broad consent covering future yet unspecified research projects, to an extent that was not the case with the preceding directive of data protection. Recital 33 states that ‘It is often not possible to fully identify the purpose of personal data processing for scientific research purposes at the time of data collection. Therefore, data subjects should be allowed to give their consent to certain areas of scientific research when in keeping with recognised ethical standards for scientific research. Data subjects should have the opportunity to give their consent only to certain areas of research or parts of research projects to the extent allowed by the intended purpose’.

As is stated in the guidelines on informed consent from the Article 29 Working Party this does not disapply the obligations with regard to the requirements of specific informed consent whenever that is feasible: ‘This means that, in principle, scientific research projects can only include personal data on the basis of consent if they have a well-described purpose. For the cases where purposes for data processing within a scientific research project cannot be specified at the outset, Recital 33 allows as an exception that the purpose may be described at a more general level’.Footnote 14 For a further clarification on how to deal with this possibility of a broad consent while adhering to standards for privacy protection there is a long tradition of ethics research.Footnote 15 The basic approach suggested is to make a distinction between the purpose of research—that may be described in general terms (e.g. lung cancer research or research in rare diseases)—and the elements of the process and design of a research project where different designs may imply different levels of risk for privacy intrusion with subsequent harm for the research subject—where the description should be more specific. One should then try to be specific about issues like, the identity of the data controller, the nature of research (e.g. will it include whole genome sequencing), if data is going to be shared with other research partners and across national borders, if collaboration is planned with commercial partners, if there will be linkage to registry data, if there will be feed-back of research results or incidental findings and how data will be protected from unauthorized use. There should always be an option provided for withdrawal from a project and the way to do this needs to be clearly described in the consent form.

4.3 Premise 3: Establish Codes of Conduct for Facilitating Joint Research Projects

As research is to a growing extent carried out in large international networks there is a need to have agreement on basic elements. The GDPR will provide the basic requirements regarding personal data protection but that is often provided on a rather general level. The need for further specification is also recognized in this legislation. Recitals 77 and 98 states that guidance on the implementation of GDPR, e.g. regarding identification of risks and best practices to mitigate these risk, may be provided by means of approved codes of conduct or guidelines by the Data Protection Board.

It is essential that these codes of conduct reflect the needs and conditions related to different research contexts since the way personal data is used may vary in different contexts. However, there are examples of such codes of conduct that may serve as inspiration and provide guidance on what to include and how to design them. One such example is the RD-Connect Code of Conduct.Footnote 16 The research project RD-Connect was established in November 2012 through a grant from the European Commission under the seventh framework programme (FP7). It provided infrastructure, tools and resources to facilitate and accelerate rare disease research by maximizing the availability, analysis and (re)use of rare disease data and biological samples. It is sustained on an ongoing basis by European and national funding mechanisms and close connection with pan-European biomedical research infrastructures, in particular ELIXIR and BBMRI-ERIC. The RD-Connect Genome-Phenome Analysis Platform (GPAP) is an online, controlled-access suite of software tools and underlying secure database that enables the standardized collection, integration, storage, real-time analysis and reuse of linked genomic and phenotypic data and metadata on individuals with rare diseases. The GPAP interface enables clinicians and researchers to analyze and interpret the full genomic datasets they submit for both diagnosis and gene discovery on an individual patient basis and to link these with phenotypic data and biosample availability for the same individual. A Code of Conduct was developed to regulate the terms on which users gain access to the RD-Connect Genome-Phenome Analysis Platform. Other RD-Connect tools and resources share the same goal of enabling rare disease research and data and sample sharing for the benefit of patients. The Code of Conduct specified definitions of crucial terms based on the GDPR, gave a motivation as well as principles and specific rules for sharing and access to data. An adherence agreement was signed with each user.

A Code of Conduct, with associated Adherence Agreement, may provide a helpful tool for balancing privacy interests with research interests in line with what is argued in this chapter, in addition to implementations of GDPR in national law. An advantage with such codes of conduct is that they can have attention to contextual conditions related to specific research contexts and areas, as well as have regard to challenges and concerns related to the advancement of scientific research and the development of new tools, e.g. for combining massive amounts of data from different sources (Big Data).

5 Conclusions

GDPR has laid down the legal premises for processing of personal data. National laws and specific regulations by national authorities will provide further guidance to researchers. It is essential that all this rule making is having regard to and is taking into account the basic need and prerogative to balance privacy interests against research interests, since privacy protection cannot be an absolute condition when engaging in scientific research. This has then implications also for when researchers propose e.g. protection measures regarding access to personal data. Protection measures should not be so strict so that they hinder important research from being carried out. In a similar vein, ethical review boards should take into account the need to balance privacy interests, not only against risks of intrusions but also against the estimated utility of research.