We have entered a new phase in biobanking and genomics research where infrastructure are being built that will make it possible to link and network biobanks in a way that has not been possible before. In the future, there is the potential for research ‘portals’ to be developed which will provide gateways into these networks of different infrastructure. This will make it possible for researchers to make one enquiry that will enable them to access a number of different biobanks and datasets around the world at once. Therefore, it is impossible to talk about the future of biobanking governance without discussing the research governance frameworks in place for medical research as a whole. These trends in research raise a number of challenges for our current research governance structure which is nationally orientated and based on the ‘one researcher, one project, one jurisdiction’ model. In this paper, I will argue that our existing research governance frameworks are unable to provide the level of oversight and accountability mechanisms that are required to facilitate this new way of doing research. The practices, oversight bodies, and conceptual underpinnings of our current research governance system are a historical legacy of a previous way of doing and thinking about research. To develop a research governance structure that can enable data flows through networks in an ethical and lawful way, we need to radically re-think the way that we organise, structure and conceptualise international research governance. In the conclusion of this paper, I will lay out some preliminary ideas of the steps that need to be taken to bring our research governance frameworks into the 21st century.

Trends within biobanking

Over the past 10 years there has been an accelerated growth in the biobanking field. Many governments and funding bodies have encouraged the establishment of large population biobanks and have continued to fund longitudinal cohort studies with the aim of using these as biorepositories for many research purposes. A great deal of work has been done by international organisations such as P3G (http://www.p3g.org/) and ISBER (http://www.isber.org/) to harmonise standards and approaches to enable sharing between biobanks. Building on this, the aim of the Biobanking and Biomolecular Resources Research Infrastructure (BBMRI) is to link existing clinical collections to create a research infrastructure within Europe. The aim is that national infrastructures will be linked together in one giant network, using a ‘hubs and spokes’ model based on individual countries. Such initiatives in biobanking have been possible because of advances in computer technology which has increased the ability to categorise, organise and share samples and data. This has been accompanied by a growing opinion that commenced with the Human Genome Project (HGP), that resources funded by the public purse should be made accessible to as many researchers as possible, in order to encourage research and development and maximise the benefits to society. Following the HGP, there have been a number of open access policies that have endorsed this approach. These are the Bermuda Agreement (1996), the Fort Lauderdale Agreement in 2003, the Toronto Agreement and national policies such as the National Institute of Health (NIH 2003), Genome Canada (2005), and the UK Medical Research Council (MRC 2006). The HGP model of ‘doing science’ has developed in tandem with such policies and has led to a number of large international sequencing projects (for example, the Encyclopedia of DNA Elements (ENCODE), the Human Epigenome Project, the HAPMAP Project and the 1000 Genome Project) that place data openly on the web, as well as the funding of projects that require the deposition of sequence data in managed access facilities [such as dbGaP (http://www.ncbi.nlm.nih.gov/projects/gap/cgi-bin/about.html) in the USA and the European Genotyping Archive (European Genotyping Archive: http://www.ebi.ac.uk/ega/page.php)]. As well as this infrastructure development, genomic research is increasingly being carried out by large international consortia funded by a number of countries or through collaborations that span researchers in many countries—such as in many of the European Commission funded projects.

These types of initiatives embody a significant change in the way that scientific research can now be carried out. Research is increasingly of a global nature with data and samples exchanged, accumulated and created through a number of dynamic research networks and collaborations that involve multi-disciplinary teams located in different countries. The role of biobanks and repositories in these networks is to act as ‘nodes’ on the flow of information between researchers and institutions enabling data and samples to be stored, organised and reconfigured for the use in different projects. As plans to develop infrastructure for biobanks based on a hub and spokes model gains momentum, appropriate governance methods will need to be developed that can be used for networks. In the future, it is likely that we will develop portals that will enable scientists to access these flows of data and samples in a seamless way. For example, in the social sciences and in many other fields, journals are no longer solely in paper form and the linkage of different journals and datasets is increasing. This means that it is possible for the individual to access many datasets through one library portal. The information that is received may have come from a number of datasets, but to the person making the enquiry none of this is evident as they obtain only the information that they need. The technology to do this for biobanking is here, as evidenced by powerful search engines such as Google. The real challenge is being able to organise, manage and analyse such large sets and amounts of information (Science Staff 2011) in a way that is useful, allows efficient access to researchers but also is ethically sound and legally compliant. This requires new research governance systems that are global in nature and have the oversight mechanisms to deal with flows of data and samples.

The importance of governance

There are many definitions of governance and regulation in the literature, some of which are narrow in scope and others which are broad. In a forthcoming publication with my co-authors, we attempt to distinguish the differences between these two concepts in relation to biobanking (Kaye et al. 2011). In its broadest sense, governance can be described as ‘the intentional activity of attempting to control, order or influence the behaviour of others (Black 2000), and therefore can cover multiple actors, activities and mechanisms. It can be distinguished from regulation that is narrower in scope and applies just to the formal structures of law and legally constituted regulatory bodies. Governance can be enacted or carried out through a number of different mechanisms. In the biobanking field this consists of documents, procedures, people and professional values and culture. For example, documents such as legislation, regulations, professional guidance and biobank policies can guide and can sometimes dictate behaviour. Procedures can be put in place to support the governance documents and can consist of informal, implicit, institutional norms or ‘the way we do things’, as well as more formal procedures that maybe required by law or regulatory bodies (such as licences and applications for access). There are also a number of stakeholders within biobanking field that develop the documents and procedures as well as the norms and requirements that people follow. These can be professional leaders in the field, advisory boards, research ethics committees as well as external regulatory bodies. In addition, the values and culture that are implicit in a particular context may also influence the way that these various elements of governance are enacted.

The benefit of governance is that it promotes certainty and efficiency as people know what the rules are, what happens, and when. It can ensure uniformity and equality—that things are done in a uniform way with everyone and the same issues being treated the same. Such a system enables problems to be anticipated as there are mechanisms to deal with the routine issues but unanticipated situations can also be resolved efficiently. Having a governance system in place ensures that ethical and lawful research is supported through accountable and transparent decision making. This not only protects the integrity of the research community but also has the effect of promoting public confidence and trust. In a liberal democracy, an effective governance system is seen as one that embodies the better regulation principles of proportionality, accountability, consistency, transparency and targeting (Better Regulation Task Force 2007). These principles in combination require that oversight mechanisms are coherent, appropriate and efficient, and that there are clear lines of accountability for regulators. Policy objectives and processes of review are transparent. In addition, the requirement for targeting means that oversight should be focussed on the problem and enforcers should predominately focus on those whose activities give rise to the most serious risks. Many of our current research governance structures have been developed in an uncoordinated manner largely in response to the requirements of national bodies rather than being designed as part of a systematic global system. Therefore, when we consider research governance at an international level it does not meet many of the principles of better regulation such as coherency and consistency, and being proportionate and targeted.

Current research governance structures

Our current governance structures for research are not designed for networks and enabling the flow of samples and data at a global level. Conceptually, our current research governance systems are parochial, being based around national boundaries and designed for one research projects, one researcher and one jurisdiction. Its origins are in the Nuremberg Trial principles which are intended to protect individual research participants from physical harm rather than informational harm. Therefore, the main purpose of the current research governance system is to protect research participants’ interests and to ensure that research is carried out ethically. A number of procedures, practices and oversight bodies have been established that are based on this design and purpose.

One of the key oversight bodies that are common to most jurisdictions are research ethics committees or institutional review boards (IRBs). (For the purpose of this paper when I refer to ‘research ethics committees’ this covers all committees that undertake this role). These bodies have become one of the main gate-keepers that decide whether a research protocol can proceed and therefore hold considerable power in the research governance system. Typically, a detailed proposal that is written by the principal investigator (or someone familiar with the study) is submitted to a research ethics committee for approval. It gives an explanation of the risks and benefits to the individual participants of involvement in the research protocol as well as providing the informed consent forms and information sheets that will be used in the study. If approved, this is followed by an informed consent process that involves the signing of an informed consent form by a research participant before the project commences. As this is a ‘one project’ model, events in the future such as re-contact with research participants have to be anticipated before the research commences and must be stipulated in the original informed consent form. If further unforseen research is warranted, samples and data can be anonymised and approval obtained from a research ethics committee. However, this is not always desirable or possible.

The problem with this system in terms of oversight is that it is front-loaded (Gostin and Hodges 1999) as all of the research uses must be anticipated when the informed consent form is written and most of the oversight takes place before the research commences. For example, informed consent forms must stipulate all future uses of the data and samples something that is very difficult to do when these are collected for many different research uses. The practical solution has been to obtain a broad consent—that effectively stipulates the ‘rules of the game’ rather that the specific type of consent that is required by the Declaration of Helsinki. There is still considerable debate in the bioethics community as to whether this is ethically sound and legally compliant (Caulfield and Kaye 2009). The result is that the consent forms and information forms must be carefully and meticulously drafted to ensure that they are future proof. As research ethics committees have very little powers of enforcement once the approval of the research protocols have been given, they too need the application to be very detailed. This scrutiny of the proposal is the only time that a research ethics committee will get the opportunity to review the proposal in detail and to make a decision on its merits. Therefore, the concentration of effort in the governance system becomes focussed on forms—the research protocol that is submitted to the research ethics committee and the informed consent forms that are given to participants.

The current research governance system has a few mechanisms in place to first determine whether the research project was carried out according to the original protocol, but also if, and how, secondary uses of research data and samples is executed. This system often does not enable research participants to decide on research uses of their data and samples, but also has the potential to place the ethical burden for secondary research on researchers. Even if national oversight bodies such as research ethics committees were given the mandate to extend their oversight, they do not necessarily have the authority, scope or expertise to assess the privacy risks associated with global data sharing or to ensure compliance with their decisions. To address such concerns new governance solutions have been developed as Data Access Committees (DACs) have been established for projects or infrastructures which share data. Examples of these are found in the Wellcome Trust Case Control Consortium (WTCCC 2007) in the UK and dbGAP (http://www.ncbi.nlm.nih.gov/projects/gap/cgi-bin/about.html) in the US. While these committees provide access oversight for specific projects, they do not provide a simple solution for a researcher who may want to access multiple datasets, as individual applications must still be made to a number of different committees. These special access committees develop a new tier of oversight in addition to research ethics committee approval but they do not enable effective supranational sharing or access. Project-based committees responding to individual applications, like research ethics committees are also not in a position to judge the privacy risks of multiple access applications for data from different projects. The effect of the implementation of DACs is to have placed another oversight committee with the same limitations as research ethics committees, further down the data sharing pathway.

The current research governance system does not address these challenges effectively, as research is being conducted at a supranational level but governance systems are nationally based. The first major problem for many international research consortia is that they must conform to different national legal requirements for the transfer of samples and data across borders (Kaye 2006; Zika et al. 2008; Schulte in den Bäumen et al. 2010). Sharing is therefore difficult, as it is impractical and costly to find out what the ethical and legal requirements are in each country. Even for those who set out to satisfy the legal requirements, it may be difficult to ascertain what those requirements actually are. For example, within the UK, ‘the complexity of the law, amplified by a plethora of guidance, leaves those who may wish to share data in a fog of confusion’ (Thomas and Walport 2008). For samples, the difference in the law between jurisdictions is even more acute, as there is no common overarching European or global legal instrument. This means that there are different legal requirements for samples and data between jurisdictions.

The current governance system also does not meet some of the basic principles of good regulation. The legacy system of governance does not meet the requirements of the new way of doing research that is based on flows of data and networks. As our current system is front-loaded, it provides no straight forward and streamlined oversight of all secondary uses of data. In practice, approval for such uses is largely being done by researchers, specialist advisory boards attached to individual biobanks and new oversight bodies such as DACs. All of these boards require individual applications for access. This means that all research projects are given the same level of scrutiny, despite the nature of the research. While the effect of this has not been fully investigated, such a bespoke system may have the effect of slowing down the research process unnecessarily, leading to multiple applications for the same research protocol to different bodies. Further analysis needs to be carried out to determine how this research governance system conforms to the better regulation principles described above when it is applied to research networks. Based on the above discussion, it appears as if the current governance structure is not coherent, accountable or transparent, when applied to global research networks. Primarily, this is because it is based on the ‘one researcher, one project, one jurisdiction’ model.

What needs to happen?

The aim of this paper is to start a debate as to what such a global governance system might look like, and how it might be constituted. To start this process, there are a number of first steps that need to be undertaken, such as rethinking the conceptual basis of how we govern research and how we might use IT systems more creatively as mechanisms for governance.

To ensure the possibility of research portals and the sustainability of networks, a number of key changes need to be made in the way that we conceptualise, align, and reconstruct our research governance systems. Conceptually, we need to move away from thinking about governance as something that is a paper-based system that occurs at the beginning of the research process. Instead, we should be thinking in terms of data flows and use pathways to enable the sharing and access to data. Our current governance system is based on expert committees that make decisions and use paper-based forms to establish audit trails to meet the regulatory requirements of transparency and accountability. Few of these processes are routine and uniform, with variation in decision making between committees and between jurisdictions. Currently, the norm in the UK is that there is individual review of all research proposals by expert committees. As well as moving from a paper-based system to a digital system, we need to move from the ‘one researcher, one project, one jurisdiction’ model. This requires that the basis of our governance system has to move from a focus simply on the ‘local’ to encompassing global research; to move from paper to digital governance mechanisms; and to move from the idea of one research project with one principal investigator to multiple research projects conducted in global networks.

One possibility is to use information technology as a form of governance, to direct and only allow certain forms of behaviour, rather than relying on committee oversight for each research project. A digital governance system would enable certain things to happen and prevent researchers from doing some things—and this could be done automatically. It could be constructed as pathways or a maze through which research activities could be directed and controlled. This requires the building of a global governance system where some of the governance mechanisms are digital to complement existing committee-based decision making. These digital governance mechanisms could be designed with ethical, legal and social issues (ELSI) considerations already embedded within it or ‘ELSI by design’. The use of digital governance would mean that only ELSI appropriate behaviours could be undertaken and therefore the ELSI considerations would be a part of the governance structure from the earliest stages of thinking about a research proposal through to the finalisation of a research proposal. Such a structure could complement the nationally based regulatory systems and legal requirements, and could provide a bridge between nationally based systems.

This requires the development of a global system of governance, that does not seek to throw away all of the principles or mechanisms that have been developed over time. For instance, the roles of expert review committees are important mechanisms for dealing with research proposals that raise new ELSI challenges. However, they do not need to be used for every new research project. Instead, a combination of triaging, digital governance and expert committee review could be used. Also research has been founded upon principles such as respect for participants, do no harm and the promotion of high standards of professionalism and research integrity. It would be inappropriate to reject such values as they have provided a sound basis for research and have lead to the widely spread public trust that exists. However, these principles may need to be rethought as to how they apply to global research. We also need to articulate the basis for the social contract that can underpin global networks for research.

There are a number of initiatives that are already underway that could form the basis of a digital global governance system. DataSHIELD (http://www.p3gobservatory.org/datashield/summary.htm) is a project aimed at developing a method and an IT interface to provide access to research results via simultaneous parallelized analysis of the individual-level, harmonised data of each study (Wolfson et al. 2010). Under DataSHIELD only anonymous summary-statistics, results or aggregate information can be shared with other researchers in other institutions. This means that individual-level data never leaves the collecting organisation and there is no breach of European data protection law or research governance requirements. Thus, DataSHIELD provides a simple approach to analysing individual-level data in pooled analyses, while enabling researchers to carry out research in an ethical and lawful manner.

The ENCORE project (http://www.encore-project.info/index.html) is aimed at developing a system where individual consent can be obtained from research participants—not just at the beginning of the consent process but on a continuous basis (Bramhall et al. 2011). This use of information technologies allows a more continuous and interactive relationship with participants—or a dynamic consent—rather than the one off broad consent that is currently the only practical solution for many projects or biobanks. The use of a patient ID would allow patient samples and data to be tracked across research studies to remove bias and erroneous identification provide a mechanism for re-contacting individuals for recruitment into new studies, and could be used as a basis for cutting down on research ethics oversight for secondary research. There is the potential for this system to be used as an accreditation system that would mean that projects that used ENCORE would be exempt from some oversight hurdles, such as full ethical review. However, the parameters of what would be acceptable for research participants and researchers still need to be identified and developed into policy before this would be operationalised.

There is the potential to use digital identifiers as governance tools. The ORCID ID (http://www.orcid.org) is currently being developed to track individual researchers’ publications. However, this could also be used as part of a digital governance system. For example, an ORCID IDs could be used to strengthen and streamline governance mechanisms related to data access. They could be used to verify a researcher’s bonafides in conjunction with extra automated layers of individual validation if necessary (such as passwords, security cards, secure number generator devices) when applying for access to data sets and/or seeking research ethics approval, and then monitoring appropriate use of the data by that researcher (Thorisson 2011). A second identifier is also being developed for biobanks. The concept behind bioresource research impact factor is to provide a global register that could be used for biobanks or other repositories (Cambon-Thomsen et al. 2011). This would enable a unique identifier to be attached to such resources. This unique identifier could be used to cite and acknowledge the use of bio-resources in publications and funding grants and in doing so measure their impact.

Conclusion

The aim of this paper has been to articulate some of the challenges that networks for research pose for our current governance system. I have argued that these oversight systems are built upon the ‘one researcher, one project, one jurisdiction’ model of research that does not apply to the new way of carrying out research through networks. We are moving to a future where biobanks, existing biorepositories and reference databases will be linked and networked for research purposes in ways that has not been possible before. Our current governance system for research is unable to provide the oversight and accountability mechanisms that are required for this new and expedited way of doing research. However, this does not mean that the existing system should be thrown away, but rather that we use e-governance mechanisms to improve the existing governance system for research. This paper has not attempted to provide all the solutions to these challenges which will involve a concerted effort by many. Rather the intention is to start the debate that is needed to stimulate further thinking on this subject to provide the basis for action. In this way, we may move to a governance system that is more in tune with the way that research is being carried out and planned in the 21st century.