Data Protection Legislation

Søren Holm, Cardiff University, Cardiff, UK

Published online: September 2009

DOI: 10.1002/9780470015902.a0005196.pub2

Data protection legislation regulates the acquisition, storage, transfer and processing of personal data of all kinds. Human genetic information, whether in digital form or in tissue samples, is by definition personal data and its use will therefore in many cases be governed by data protection legislation. The article introduces the key distinction between data security and wider data protection, and further explores the key legal requirements for data protection. In general, the requirements for legal use of genetic data are informed consent to acquisition and fair processing of any data that are held or generated. The approach to data protection differs between the European Union and the USA and these differences are explained.

Key concepts:

  • The purpose of data protection legislation is to ensure (1) data security and (2) that data acquisition and processing only occurs in accordance with the law.
  • Data acquisition usually requires informed consent from the data subject.
  • There are different rules for the processing of identifiable and nonidentifiable personal data.
  • There are specific protections in relation to sensitive data, including health data.
  • Anonymity and nonidentifiability are two different concepts.
  • Identifiability is only absent if deductive identification is very difficult.
  • The approach to data protection differs significantly between the European Union and the USA.

Keywords: data protection; informed consent; tissue samples; transfer of data; anonymity; genetic information

 References
    book Council of Europe (1981) Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data. Strasbourg, 28 January 1981. European Treaty Series No. 108. Strasbourg, France: Council of Europe Publishing.
    book Council of Europe Committee of Ministers (1981) Recommendation No. R(81)1 on Regulations for Automated Medical Data Banks. Strasbourg, France: Council of Europe Publishing.
    book Council of Europe Committee of Ministers (1997) Recommendation No. R(97)5 on The Protection of Medical Data. Strasbourg, France: Council of Europe Publishing.
    book European Union (1995) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on The Protection of Individuals with Regard to the Processing of Personal Data and of the Free Movement of Such Data. Luxembourg: Office for Official Publications of the European Union.
    other US Congress (1990) Americans with Disabilities Act of 1990. Public Law 101–336.
    other US Congress (1996) Health Insurance Portability and Accountability Act of 1996. Public Law 104–191, tit. II, 110 Stat. 1936,1991.
 Further Reading
    book Beyleveld D, Townend D, Rouillé-Mirza S and Wright J (eds) (2005) The Data Protection Directive and Medical Research Across Europe. Farnham, UK: Ashgate.
    book Jastone LO (2006) Federal Protection for Human Research Subjects: an Analysis of the Common Rule and Its Interactions with FDA Regulations and The HIPAA Privacy Rule. Hauppauge, NY: Nova Science Publishers.

Related Sub-Topics:

Bioethics
Contact Editor close
Submit a note to the editor about this article by filling in the form below.

* Required Field

Article Title: Data Protection Legislation
 
How to Cite close
Holm, Søren(Sep 2009) Data Protection Legislation. In: eLS. John Wiley & Sons Ltd, Chichester. http://www.els.net [doi: 10.1002/9780470015902.a0005196.pub2]