I am pleased to present here from time to time the major challenges of the digitalization of the European healthcare market. After my previous contribution on the special requirements for data collection, processing and retention in clinical studies on medicinal products, I would like to focus today on the particular challenges of data protection in bio-banking - with a special view to Germany.
Bio-banks represent a particular challenge in terms of data protection. Bio-banks are collections of samples of human body substances such as tissue, blood, urine or saliva, which are linked to personal data and socio-demographic information about individual persons.
In Germany, there are about 130 bio-banks to date which are operated by both public and private institutions. In contrast to some other EU Member States, the use of bio-material for research in Germany is currently not separately regulated under data protection law. Rather, the examination of genetic samples and data for research purposes has even been expressly excluded from the scope of application of the Act on Genetic Testing of Human Beings 2009 ('GenDG'). Only a few state hospital laws (e.g. in Hamburg) specify regulations on the collection of bio-samples and data.
The other existing international guidelines and recommendations, such as the Recommendation Rec(2006)4 of the Council of Europe on Research on Biological Materials of Human Origin or the OECD Guidelines for Biobanks and Genetic Research Databases of 2009 or the Guide for Research Ethics Committee Members issued by the Steering Committee of the Council of Europe, are all legally non-binding.
Since the amount of data accumulated in bio-banks is constantly growing and the associated possibilities for misuse are thus increasing, appropriate binding regulations are needed.
This is all the more true given that data from bio-banks are frequently transferred across borders. A key question that must be taken into account in legal regulation is, among other things, whether bio-samples can be anonymised at all given that genetic information is always retained when they are stored. Further, anonymisation is frequently not compatible with the research purpose underlying the storage of bio-data, for example when donors are to be contacted again.
You are welcome to also read my detailed sector-specific contributions on dataguidance.com.
Photo by CDC on unsplash
Please note this blog post was written by a Clifford Chance LLP employee. Clifford Chance LLP is the parent company of Clifford Chance Applied Solutions (CCAS). The content within this post does not constitute legal advice.