Legal-Ethical Challenges and Technological Solutions to e-Health Data Consent in the EU

DOAN, Xengie Cheng; Florea, Marcu; Carter, Sarah E.

doi:10.3233/FAIA230088

Download

Paper published in a journal (Scientific congresses, symposiums and conference proceedings)

Legal-Ethical Challenges and Technological Solutions to e-Health Data Consent in the EU

DOAN, Xengie Cheng; Florea, Marcu; Carter, Sarah E.

2023 • In Frontiers in Artificial Intelligence and Applications, 368, p. 243 - 253

Peer reviewed

Permalink
https://hdl.handle.net/10993/55727

DOI
10.3233/FAIA230088

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

FAIA-368-FAIA230088.pdf

Publisher postprint (256.39 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

e-health; dynamic consent; privacy assistant; legal-ethical challenges

Abstract :

[en] e-Health data is sensitive and consenting to the collection, processing, and sharing involves compliance with legal requirements, ethical standards, and appropriate digital tools. We explore two legal-ethical challenges: 1) What are the scope and requirements of digital health data consent? 2) What are the legal-ethical reasons for obtaining consent beyond the GDPR’s legal basis, and how might such consent be obtained? We then propose human-centered solutions to help navigate standards of ethical and legal consent across the EU, purposefully addressing those use cases to compensate for human difficulties in managing consent without clear guidelines. These solutions – including ISO standards, ontologies, consent mechanisms, value-centered privacy assistants, and layered dynamic consent platforms – complement and aid humans to help uphold ethical and rigorous consent.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > IRiSC - Socio-Technical Cybersecurity

Disciplines :

Engineering, computing & technology: Multidisciplinary, general & others

Author, co-author :

DOAN, Xengie Cheng ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC

Florea, Marcu; Rijksuniversiteit Groningen - RUG

Carter, Sarah E.; University of Galway > Data Science Institute and the Discipline of Philosophy ; SFI Centre for Research Training in Digitally-Enhanced Reality

External co-authors :

yes

Language :

English

Title :

Legal-Ethical Challenges and Technological Solutions to e-Health Data Consent in the EU

Publication date :

2023

Event name :

2nd International Conference on Hybrid Human-Artificial Intelligence

Event place :

Munich, Germany

Event date :

26-30 June 2023

Audience :

International

Journal title :

Frontiers in Artificial Intelligence and Applications

ISSN :

0922-6389

eISSN :

1879-8314

Publisher :

IoS Press

Volume :

368

Pages :

243 - 253

Peer reviewed :

Peer reviewed

Focus Area :

Computational Sciences

Additional URL :

https://ebooks.iospress.nl/volumearticle/63336

Name of the research project :

LeADS, KnowGraphs, d-Real

Funders :

EU H2020 projects LeADS (Grant ID:956562) and KnowGraphs (Grant ID:860801) with SFI CRT d-real (Grant No. 18/CRT/6224)

Available on ORBilu :

since 04 August 2023

Statistics

Number of views

85 (8 by Unilu)

Number of downloads

37 (6 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenAlex citations

Bibliography

Ryan KJ, Brady JV, Cooke RE, Height DI, Jonsen AR, King P, et al. The Belmont Report. Washington D.C.: US Department of Health, Education, and Welfare; 1979.
World Medical Association. Declaration of Helsinki, ethical principles for scientific requirements and research protocols; 2013. 4.
Beauchamp TL. Informed consent: its history, meaning, and present challenges. Cambridge Quarterly of Healthcare Ethics. 2011;20(4):515-23.
Childress JF. The Place of Autonomy in Bioethics. The Hastings Center Report. 1990;20(1):12-7.
Regulation (EU) 2016/679 (General Data Protection Regulation). vol. 119; 2016. Available from: http://data.europa.eu/eli/reg/2016/679/oj/eng.
Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act); 2022. Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52020PC0767.
Solove DJ. Introduction: Privacy self-management and the consent dilemma. Harv L Rev. 2012;126:1880.
Klugman CM, Dunn LB, Schwartz J, Cohen IG. The Ethics of Smart Pills and Self-Acting Devices: Autonomy, Truth-Telling, and Trust at the Dawn of Digital Medicine. American Journal of Bioethics. 2018;18(9):38-47. Available from: https://doi.org/10.1080/15265161.2018.1498933.
Lucivero F, Jongsma KR. A mobile revolution for healthcare? Setting the agenda for bioethics. Journal of Medical Ethics. 2018;44(10):685-9.
Robillard JM, Feng TL, Sporn AB, Lai JA, Lo C, Ta M, et al. Availability, readability, and content of privacy policies and terms of agreements of mental health apps. Internet interventions. 2019;17:100243.
Kelley PG, Cranor LF, Sadeh N. Privacy as part of the app decision-making process. In: Bødker S, Brewster S, Baudisch P, Beaudouin-Lafon M, Mackay WE, editors. Proceedings of the Conference on Human Factors in Computing Systems (CHI). Paris: ACM; 2013. p. 3393-402.
Mardis ER. A decade’s perspective on DNA sequencing technology. Nature. 2011;470(7333):198-203.
Bonomi L, Huang Y, Ohno-Machado L. Privacy challenges and research opportunities for genomic data sharing. Nature genetics. 2020;52(7):646-54.
Erlich Y, Shor T, Pe’er I, Carmi S. Identity inference of genomic data using long-range familial searches. Science. 2018;362(6415):690-4.
Takashima K, Maru Y, Mori S, Mano H, Noda T, Muto K. Ethical concerns on sharing genomic data including patients’ family members. BMC Medical Ethics. 2018 Jun;19(1):61.
Minari J, Teare H, Mitchell C, Kaye J, Kato K. The emerging need for family-centric initiatives for obtaining consent in personal genome research. Genome Medicine. 2014 Dec;6(12):118.
12178/03/EN WP 91 Working Document on Genetic Data; 2004. Available from: https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/ 2004/wp91_en.pdf.
Kuru T. Genetic data: The Achilles’ heel of the GDPR? Eur Data Prot L Rev. 2021;7:45.
Kuru T, de Miguel Beriain I. Your genetic data is my genetic data: Unveiling another enforcement issue of the GDPR. Computer Law & Security Review. 2022;47:105752.
of Europe C. Convention for the Protection of Human Rights and Dignity of the Human Being with regard to the Application of Biology and Medicine: Convention on Human Rights and Biomedicine; 1997. Available from: https://rm.coe.int/168007cf98.
UNESCO. Universal Declaration on the Human Genome and Human Rights;. Available from: https://www.unesco.org/en/legal-affairs/ universal-declaration-human-genome-and-human-rights.
Knoppers BM, Kekesi-Lafrance K. The Genetic Family as Patient? American Journal of Bioethics. 2020 Jun;20(6):77–80.
Beriain IDM, Jove D. Is it possible to place limits on the self-determination of your own genetic data? Certainly, and there is an urgent need for it! BioLaw Journal-Rivista di BioDiritto. 2021;(1S):209-22.
per la Protezione dei Dati Personali G. Dati inerenti allo stato di salute - dati genetici, Cittadini e socie-tà dell’informazione; 1999. Available from: https://www.garanteprivacy.it/documents/10160/10704/996886.
Choi H, Park J, Jung Y. The role of privacy fatigue in online privacy behavior. Computers in Human Behavior. 2018;81:42-51.
for German Supervisory Authorities A. Guidance on the interplay between recital 33 and the definition of consent in the GDPR; 2019. Available from: https://www.datenschutzkonferenz-online.de/media/dskb/20190405_auslegung_bestimmte_bereiche_wiss_forschung.pdf.
Supervisor EDP. Preliminary Opinion on data protection and scientific research; 2023. Available from: https://edps.europa.eu/data-protection/our-work/publications/opinions/ preliminary-opinion-data-protection-and-scientific_en.
Hallinan D. Broad consent under the GDPR: an optimistic perspective on a bright future. Life Sciences, Society and Policy. 2020 Jan;16(1):1. Available from: https://doi.org/10.1186/ s40504-019-0096-3.
Regulation (EU) No 536/2014 of the European Parliament and of the Council of 16 April 2014 on clinical trials on medicinal products for human use, and repealing Directive 2001/20/EC. vol. 158; 2014. Available from: http://data.europa.eu/eli/reg/2014/536/oj/eng.
Assembly WG. WMA Declaration of Taipei on Ethical Considerations Regarding Health Databases and Biobanks; 2016. Available from: https://www.wma.net/what-we-do/medical-ethics/declaration-of-taipei/.
Staunton C, Slokenberga S, Mascalzoni D. The GDPR and the research exemption: considerations on the necessary safeguards for research biobanks. European Journal of Human Genetics. 2019 Aug;27(8):1159-67. Number: 8 Publisher: Nature Publishing Group. Available from: https://www.nature.com/articles/s41431-019-0386-5.
Opinion 3/2019 concerning the Questions and Answers on the interplay between the Clinical Trials Regulation (CTR) and the General Data Protection regulation (GDPR) | European Data Protection Board; 2019. Available from: https://edpb.europa.eu/our-work-tools/our-documents/opinion-art-70/opinion-32019-concerning-questions-and-answers_en.
European Commission DG Research & Innovation. Ethics and data protection; 2021. Available from: https://ec.europa.eu/info/funding-tenders/opportunities/docs/2021-2027/horizon/guidance/ethics-and-data-protection_he_en.pdf.
Beauchamp TL, Rauprich O. Principlism. In: ten Have H, editor. Encyclopedia of Global Bioethics. Champlain: Springer; 2016. p. 1-12.
O’Neill O. Autonomy and Trust in Bioethics. Cambridge: Cambridge University Press; 2002. Available from: https://www.cambridge.org/core/product/identifier/9780511606250/type/ book.
NortonLifeLock. MyHeritage data breach exposes info of more than 92 million users; 2018. Available from: https://us.norton.com/blog/emerging-threats/ myheritage-data-breach-exposes-info-of-more-than-92-million-user. [37] Bynum TW. The foundation of computer ethics. Computers and Society. 2000;30(2):6-13. [38] Bynum TW. Flourishing ethics. Ethics and Information Technology. 2006;8(4):157-73.
Kantar N, Bynum TW. Global ethics for the digital age – flourishing ethics. Journal of Information, Communication and Ethics in Society. 2021;19(3):329-44.
Wiener N. The Human Use of Human Beings: Cybernetics and Society. 2nd ed. Houghton Mifflin; 1950.
Moor JH. Just consequentialism and computing. Ethics and Information Technology. 1999;1(1):65-9.
Floridi L. Information ethics: On the philosophical foundation of computer ethics. Computer Ethics. 1999;1:37-56.
Ryan RM, Curren RR, Deci EL. What humans need: Flourishing in Aristotelian philosophy and self-determination theory. In: Waterman AS, editor. The Best within Us: Positive Psychology Perspectives on Eudaimonia. American Psychological Association; 2013. p. 57-75.
Peters D, Calvo RA, Ryan RM. Designing for motivation, engagement and wellbeing in digital experience. Frontiers in Psychology. 2018;9.
for Standardization IO. ISO/IEC 29184:2020; 2020. Available from: https://www.iso.org/standard/70331.html.
Pandit HJ, Krog GP. Comparison of notice requirements for consent between ISO/IEC 29184: 2020 and General Data Protection Regulation. Journal of Data Protection & Privacy. 2021;4(2):193-204.
Pandit HJ. Data Privacy Vocabulary ({{DPV)}}: Concepts for Legal Compliance; 2022.
Ryan P, Pandit HJ, Brennan R. In: A Common Semantic Model of the GDPR Register of Processing Activities; 2020. ArXiv:2102.00980 [cs]. Available from: http://arxiv.org/abs/2102.00980.
Debruyne C, Riggio J, De Troyer O, O’Sullivan D. An Ontology for Representing and Annotating Data Flows to Facilitate Compliance Verification. In: 2019 13th International Conference on Research Challenges in Information Science (RCIS). IEEE; 2019. p. 1-6.
Palmirani M, Martoni M, Rossi A, Bartolini C, Robaldo L. Legal ontology for modelling GDPR concepts and norms. In: Legal Knowledge and Information Systems. IOS Press; 2018. p. 91-100.
Pandit HJ, Esteves B. Enhancing Data Use Ontology (DUO) for Health-Data Sharing by Extending it with ODRL and DPV;. Preprint on webpage at https://www.semantic-web-journal.net/system/files/swj3127.pdf.
Lawson J, Cabili MN, Kerry G, Boughtwood T, Thorogood A, Alper P, et al. The Data Use Ontology to streamline responsible access to human biomedical datasets. Cell Genomics. 2021;1(2):100028.
Vajda J, Otte JN, Stansbury C, Manion FJ, Umberfield E, He Y, et al. Coordinated evolution of ontologies of informed consent. ICBO. 2018.
Dolin RH, Alschuler L, Beebe C, Biron PV, Boyer SL, Essin D, et al. The HL7 clinical document architecture. Journal of the American Medical Informatics Association. 2001;8(6):552-69.
Kalra D, Beale T, Heard S. The openEHR foundation. Studies in health technology and informatics. 2005;115:153-73.
Human S, Pandit HJ, Morel V, Santos C, Degeling M, Rossi A, et al. Data Protection and Consenting Communication Mechanisms: Current Open Proposals and Challenges. In: 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE; 2022. p. 231-9.
Schwartz A. Looking back at P3P: lessons for the future. Center for Democracy & Technology. 2009.
Liu B, Andersen MS, Schaub F, Almuhimedi H, Zhang S, Sadeh N, et al. Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions. In: Zurko ME, Consolvo S, Smith M, editors. Proceedings of the Twelfth Symposium on Usable Privacy and Security (SOUPS). Denver: USENIX; 2016. p. 27-41.
Das A, Degeling M, Smullen D, Sadeh N. Personalized privacy assistants for the internet of things: Providing users with notice and choice. IEEE Pervasive Computing. 2018;17(3):35-46.
Carter SE. A Value-Centered Exploration of Data Privacy and Personalized Privacy Assistants. Digital Society. 2022;1(27):1-24. Available from: https://doi.org/10.1007/s44206-022-00028-w.
Carter SE, Tiddi I, Spagnuelo D. A “Mock App Store” Interface for Virtual Privacy Assistants. In: Schlobach S, Pérez-Ortiz M, Tielman M, editors. HHAI2022: Augmenting Human Intellect: Proceedings of the First International Conference on Hybrid Human-Artificial Intelligence. IOS Press; 2022. p. 266-8. Available from: 978-1-64368-309-6.
Kaye J, Whitley EA, Lund D, Morrison M, Teare H, Melham K. Dynamic consent: a patient interface for twenty-first century research networks. European journal of human genetics. 2015;23(2):141-6.
Haas MA, Teare H, Prictor M, Ceregra G, Vidgen ME, Bunker D, et al. ‘CTRL’: an online, Dynamic Consent and participant engagement platform working towards solving the complexities of consent in genomic research. European Journal of Human Genetics. 2021;29(4):687-98.
Mascalzoni D, Melotti R, Pattaro C, Pramstaller PP, Gögele M, De Grandi A, et al. Ten years of dynamic consent in the CHRIS study: informed consent as a dynamic process. European Journal of Human Genetics. 2022;30(12):1391-7.
Prictor M, Huebner S, Teare HJ, Burchill L, Kaye J. Australian Aboriginal and Torres Strait Islander collections of genetic heritage: the legal, ethical and practical considerations of a dynamic consent approach to decision making. Journal of Law, Medicine & Ethics. 2020;48(1):205-17.
Doan XC, Selzer A, Rossi A, Botes WM, Lenzini G. Conciseness, interest, and unexpectedness: User attitudes towards infographic and comic consent mediums. In: Web Conference Companion Volume (ACM). ACM; 2022. .