On 12 March 2014, the European Parliament voted on its position on the new European Union (EU) proposal for a General Data Protection Regulation, which will be now negotiated among the European Parliament, the Council of the European Union and the European Commission [1]. The final text will set the rules under which personal data are to be handled in the EU. It will thus affect many areas of our everyday life, including health and research. The cancer community is deeply concerned about unintended consequences of the current wording of the draft Regulation [2], which may put at stake the survival of retrospective clinical research, biobanking, and population-based cancer registries in the EU. In fact, the EU Parliament's recent. Resolution [3] on the Regulation imposes, or may be interpreted as imposing, the requirement for researchers to ask for a patient's ‘specific’ consent every single time new research is carried out on already available data and/or tissues. This would lead to the necessity of researchers continuously asking patients to ‘re-consent’ for every single use of their data. In fact, the European Parliament's Resolution [3], Amendment 191 states that,

1b. Where the data subject's consent is required for the processing of medical data exclusively for public health purposes of scientific research, the consent may be given for one or more specific and similar researches. However, the data subject may withdraw the consent at any time.

Likewise, it would hinder the very collection of vital health information by requiring consent for the recording of data in population-based disease registries, which by definition need be all-inclusive, i.e. must collect all of the data of all individuals belonging to a given population. Amendment 191:

2. Processing of personal data concerning health which is necessary for historical, statistical or scientific research purposes shall be permitted only with the consent of the data subject, and shall be subject to the conditions and safeguards referred to in Article 83.

2a. Member States law may provide for exceptions to the requirement of consent for research, as referred to in paragraph 2, with regard to research that serves a high public interest, if that research cannot possibly be carried out otherwise. The data in question shall be anonymised, or if that is not possible for the research purposes, pseudonymised under the highest technical standards, and all necessary measures shall be taken to prevent unwarranted re-identification of the data subjects. However, the data subject shall have the right to object at any time in accordance with Article 19.

This text now forms the official position of the European Parliament. On behalf of the European oncology community, the entities endorsing this position paper would like the ongoing legislative negotiation process on the draft text to find the right balance to fully protect the privacy of patient data, while maintaining ease of access to data for translational, clinical, and public health research. We would like to see a harmonised implementation of the Data Protection Regulation across 28 EU Member States in order to avoid varied interpretations of the same law in different countries. We are convinced that a safe balance between all rights concerned can be achieved, and conflicts among different rights can be avoided, especially where we feel that such conflicts in reality may not exist at all. Progress in health research made over the last 40 years both on infectious diseases and non-communicable diseases, such as heart diseases and cancer, must continue in the EU countries.

data protection and confidentiality

Since the time of the Hippocratic Oath, the confidentiality of patient data has been protected. Additional safeguards exist through medical codes of ethics. In regard to research projects, their approval by independent review boards and/or ethics committees is universally required. Patient representatives should be included in these committees as well as in those overseeing the storage of patient tissue in biobanks. Full transparency should be provided on the mechanisms of research and the functioning of biobanks, through online facilities for example, so that the public is kept updated on their evolution.

We agree that every safeguard should be put in place to minimise the risk of breaches in confidentiality, including resorting to forms of pseudo-anonymisation of data when this does not lead to compromises in data quality [3]. Data and tissues, such as tumour samples, are stored within hospital archives for medical and legal reasons, where breaches to confidentiality are generally negligible. Risks are further minimised when tissues are stored within biobanks, which place safety among their highest priorities. In any case, these safeguards can be properly foreseen by laws.

When publishing the results of research studies, patient data are disseminated only as aggregate information and summary results. The identity of individuals remains completely undisclosed. We agree that additional legal protection of patient data and tissue samples is envisaged by the EU, which legally prohibits patient data being processed for purposes not related to health research or in such a way as to create discrimination against any single individual. In effect, we believe that the protection of a person's privacy can well be fulfilled through safeguards that should be monitored and adapted to new situations over time. These safeguards to protect patient data can work effectively regardless of what kind of consent a patient has given.

data protection and ethical issues

Actually, the need for patient consent goes beyond privacy protection and to some extent is a different issue. Ethically speaking, it can be intended as a consequence of the principle of individual autonomy, which has been viewed as one of the four pillars of current medical ethics, along with beneficence, non-maleficence, and justice [4]. This means that a patient must exert his/her autonomy when choosing whether to accept to undergo a treatment, as well as to enter a clinical trial. However, when research is done retrospectively on patient's data and/or residual tissues (i.e. tissues which have not been collected specifically for research purposes and/or are left over after all clinically useful diagnostic assessments have been done), there are wide discrepancies as to whether a patient's consent is needed. Current legislations across the EU diverge to some extent. Some countries require specific patient consent for any retrospective research. Others allow patients to explicitly opt-out of future research to be done on their data and tissues. Still others allow retrospective research without any form of patient consent [5]. While we respect cross-cultural discrepancies about the requirement of patient consent, our view is that patient consent should be a ‘broad’, one-time consent [6, 7]. In other words, patients should have the right to give once forever their consent for their data and/or tissues to be processed for research purposes. This consent could be withdrawn by the patient at any time, but researchers should not be compelled to ask for ‘re-consent’ by patients whenever new research is planned on their data and/or tissues.

Actually, the consent could even be more or less broad, depending on patient's choice at the time the consent is given. We should simply avoid the notion of a ‘specific’ consent, which would result in researchers needing to obtain continuous patient re-consent every time new research is carried out. Continually obtaining ‘specific’ consent is practically unfeasible, time-consuming, administratively burdensome, expensive, and also intrusive into patients' lives even many years after their disease experience. It is important to note that our position of advocating for a ‘one-time’ consent means that patients will be informed that their data/tissues will be used for future research, and they will be informed about the conditions under which their data and tissues will be stored, making the protection safeguards a part of their consent. Under this scenario, the patient retains the right to deny the consent and to withdraw it at any time. Thus, a more or less broad, ‘one-time’, withdrawable consent would allow patients—if, and only if, they are willing—to ‘donate’ their data and/or tissues to promote the public interest of future health research. In this way, the ethical principle of a patient's autonomy would be fully respected, since the choice is made by the patient and is withdrawable at any time. Along this line of reasoning, ‘opt-out’ choices, dynamic consents [8], and similar options would be variations of the same principle. Indeed, there is evidence of favourable attitudes of patients towards the concept of this kind of consent [9].

data protection, epidemiological research, and population-based disease registries

On the other side, with regard to public health epidemiological research through population-based disease registries, a derogation from the obligation of any form of consent is essential [10]. In the field of public health research, disease registration is now well established and has led to many major advances. In oncology, it provided reliable population-based data on incidence, prevalence, and survival rates of cancers. These data have been crucial in understanding trends in cancer occurrence—i.e. to trace cancers to their specific causes, to correlate survival with changes in health organisation, to assess the outcome of newly implemented treatments, to plan new actions in health policy, to establish cancer plans and measure their effectiveness, and so on. By definition, cancer registries can only fulfil the essential goals of public health if they can collect and scrutinise entire patient populations. For this reason, they are incompatible with any requirement of individual consent. If a patient is allowed not to consent, the data provided by the relevant registry will be incomplete or unrepresentative, and can lead to incorrect conclusions. Even if the number of patients denying their consent might be negligible, the actual process of obtaining consent from every individual within a country or region would be almost impossible. The Data Protection Regulation therefore should not include an option for patients to ‘opt-out’ of having their data recorded in population-based disease registries. In return for this exemption, disease registration should be carried out by public bodies, or publicly endorsed bodies; should comply with stringent safety requirements; should be overseen by public bodies in a fully transparent manner.

recommendations

In summary, patients should have the right to ‘donate’ their data and tissues to health research. Patient consent for use of data or tissue for health research should be a fully informed, withdrawable, more or less broad, ‘one-time’ process, which truly implements the patients' rights, rather than creating burdensome, possibly harmful consequences to the patients' community. The patient shall retain access to the tissue and data donated, hence ensuring him/her to obtain relevant information related to his/her condition. On the contrary, denial of this right would make patients less free, because they would be denied a civil right, i.e. to contribute to research, which advances knowledge and leads to new ways of improving their health and that of other patients. There need to be put in place legal provisions to protect data confidentiality, reviewing mechanisms to oversee retrospective researches and biobanks, and a system allowing full transparency of research processes and storage of patient tissue in biobanks. Cancer registries should be able to register cancer cases and patient data without the requirement of patient consent, in order to provide society and health administrators with exhaustive health data for public health policy decisions.

The European cancer community urges all EU decision makers to save research, as well as to protect the right of patients to donate their data and tissues to advance research and find cures. EU decision makers are urged to change the European Parliament Amendments 191 and 194 to Articles 81 and 83, as they would impair public health research within and across EU Member States. A balance between the right to privacy and the right to health can be achieved by reasonably addressing all concerns, while fully complying with those relating to confidentiality and ethical use of personal health data.

disclosure

The author has declared no conflicts of interest.

references

1
2012
 
European Commission Proposal for a Regulation on the protection of individuals with regard to processing of personal data and on the free movement of such data (General Data Protection Regulation) COM (2012) 11 final;
2
Di Iorio
CT
Carinci
F
Oderkirk
J
Health research and systems' governance are at risk: should the right to data protection override health?
J Med Ethics
 , 
2013 October 10
 
[epub ahead of print], doi: 10.1016/j.ejca.2013.09.005.
3
European Parliament legislative resolution of 12 March 2014 on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012)0011 – C7-0025/2012-2012/0011(COD)
4
Beauchamp
T
Childress
J
The Principles of Biomedical Ethics
 , 
2008
6th edition
Oxford
Oxford University Press
5
van Veen
EB
Riegman
PH
Dinjens
WN
, et al.  . 
TuBaFrost 3: regulatory and ethical issues on the exchange of residual tissue for research across Europe
Eur J Cancer
 , 
2006
, vol. 
42
 (pg. 
2914
-
2923
)
Google Scholar
CrossRef
Search ADS
PubMed
 
6
Sheehan
M
Martin
J
Can broad consent be informed consent?
Public Health Ethics
 , 
2011
, vol. 
4
 (pg. 
226
-
235
)
Google Scholar
CrossRef
Search ADS
PubMed
 
7
Hansson
MG
Dillner
J
Bartram
CR
, et al.  . 
Should donors be allowed to give broad consent to future biobank research?
Lancet Oncol
 , 
2006
, vol. 
7
 (pg. 
266
-
269
)
Google Scholar
CrossRef
Search ADS
PubMed
 
8
Steinsbekk
KS
Myskja
BK
Solberg
B
Broad consent versus dynamic consent in biobank research: is passive participation an ethical problem?
Eur J Hum Gen
 , 
2013
, vol. 
21
 (pg. 
897
-
902
)
Google Scholar
CrossRef
Search ADS
 
9
Simon
CM
L'Heureaux
J
Murray
JC
, et al.  . 
Active choice but not too active: public perspectives on biobank consent models
Gen Med
 , 
2011
, vol. 
13
 (pg. 
821
-
831
)
10
Andersen
MR
Storm
HH
on behalf of the Eurocourse Work Package 2 Group
Cancer registration, public health and the reform of the European data protection framework: abandoning or improving European public health research?
Eur J Cancer
 , 
2013
 
[Epub ahead of print]

endorsements

This ESMO position paper on the EU General Data Protection Regulation is endorsed by the following organisations, and under review for endorsement by additional organisations:

European Organization for Research and Treatment of Cancergraphic

European, Middle Eastern & African Society for Biopreservation and Biobankinggraphic

Eurocan Platformgraphic

European Society of Surgical Oncologygraphic

European Society of Pediatric Oncologygraphic

European CanCer Organisationgraphic

European Cancer Patient Coalitiongraphic

European SocieTy for Radiotherapy & Oncologygraphic

Association of European Cancer Leagues (ECL)graphic

© The Author 2014. Published by Oxford University Press on behalf of the European Society for Medical Oncology. All rights reserved. For permissions, please email: journals.permissions@oup.com.
Issue Section:
Editorials
Download All Figures