The newly proposed European Data Protection Directive overprotects research participants and exposes patients to greater risks of contracting illness and dying.
Thus dramatically a recent article in The Lancet Oncology can be summarized, written by Mats G. Hansson at CRB together with Gert Jan van Ommen, Ruth Chadwick and Joakim Dillner.
People who provide data to research registers are not exposed to physical risks, like participants in interventional research. The risks associated with register-based research are informational: unauthorized release of information about participants. One might ask if it even makes sense to say that people “participate in research” when researchers process large data sets.
Patients (and people in general) have significant protection from disease thanks to register-based research. For example, it is estimated that the HPV vaccine will save about 200 women from dying in cervical cancer each year, in Sweden alone. This cancer-preventive treatment became possible because researchers had access to samples dating back to the 1960s providing evidence for a causal connection between a certain virus infection and cervical cancer later in life.
- Despite this vital value in biobanks and registers,
- despite the fact that risks are only informational,
- despite rigorous safety routines to prevent unauthorized spread of information,
- despite the fact that researchers don’t study individuals but statistical patterns, and
- despite the question if people really are “participants” in register-based research,
the EU committee proposing the new directive treats the integrity of “research participants” as so pivotal that researchers who process data not only must be subjected to the same ethical review process as for invasive research, but also must obtain informed consent from each and every one who once gave their data to the register, whenever the researchers want to study a new disease pattern.
Data protection efforts easily lose their sense of proportions, it seems, at least concerning register-based research. Not only is one prepared to expose patients to greater physical risks in order to protect research participants from (already rigorously controlled) informational risks.
One also is prepared to disturb data providers who hardly can be described as “participating” in research, by forcing researchers to recontact them about informed consent. Not only on one occasion, but time and again, year after year, each time a new disease pattern is explored in the registers. That’s what I call privacy intrusion!