GDPR and consent for scientific research

Cláudia Monge was a key note speaker at the symposium organised by Infarmed in the context of the commemoration of its 25th anniversary, on the subject of “From Regulation to the Protection of Citizens: legal aspects”.

Cláudia Monge, key note speaker in the panel entitled “GDPR and consent for scientific research”, structured her intervention into four parts: Framework – the GDPR; Consent for the purposes of the GDPR; Processing of health data; and Clinical research, data protection and consent.

The new aspects of the GDPR highlighted by the Lawyer and Professor of the Faculty of Law of the University of Lisbon in her presentation are the reinforcement of data subjects’ rights and security measures. The new data protection regulation, in which the situations of prior checking by the national supervisory authority become very residual, is based on the adoption by the controllers of the appropriate security measures and the exercise by the data subjects of their rights. Individuals should therefore be able to exercise their rights, and in particular to give free and informed consent for the treatment of their medical data, and in this area, literacy and health education play an key role, the promotion of which is a key responsibility of the State.

The general principles of data protection to be observed, such as lawfulness of processing and purpose limitation, have been highlighted and it was said that consent has to be given for specific purposes. It was also pointed out that the General Data Protection Regulation recognizes research as a purpose in data processing, subject to adequate safeguards. The specific rules of the Regulation on clinical research were presented.

When the processing serves multiple purposes, Claudia Monge pointed out in the second point of her presentation – Consent within GDPR – consent must be given for all these purposes.
The misuse of health data for scientific research with or without the identity of the data subjects is seen as a risk in the treatment of health data, and it is important to avoid this risk and to adopt the appropriate security measures for the protection of personal data, so that the confidentiality of the data can be safeguarded and the citizens’ confidence in the processing of their data can benefit the evolution of scientific research.

In her last point, “Clinical research, data protection and consent”, the lawyer talked about the regime of Article 89 of the Regulation on data minimization, specific rules and secondary use, consent, anonymisation and pseudonymization and the recital of the Regulation.

To conclude her speech, the speaker presented a summary with some conclusions on the topic:

  • The clinical research regime must be integrated as a data protection regime;
  • Research is recognized as the purpose and basis of the legitimacy of the processing of personal data;
  • Specificities are allowed in the data protection regime because its purpose is clinical research;
  • Clinical research as a specific purpose must be clearly covered by the consent of the holder;
  • The guarantee of the protection of personal data is a condition for conducting clinical research.

More in Communication