As the dust continues to settle, post the peak of global COVID-19 pandemic, ethics committees (ECs) and data protection officers (DPOs)/legal experts have now started unpacking the challenges and limitations of data sharing within clinical research under frameworks such as General Data Protection Regulation (GDPR). If there were any positive outcomes from the COVID-19 pandemic as it relates to data sharing one could say that it shone light on the challenges that emerged with data sharing during times of a global crisis. Logic would suggest that it’s at these times that data sharing and collaboration should be most required, especially within clinical, medical and pharmaceutical research. However, risks and liabilities related to the regulatory and privacy challenges around data governance and compliance have often seemed to be unsurmountable.
The COVID-19 pandemic brought chaos and disruption to healthcare, society, and economies all the world over, not to mention challenging the regulatory boundaries around data sharing in clinical research. In the EU for example, the legal and ethical framework for healthcare research is complex and furthermore can differ between each EU member country. Various challenges exist in relation to the cross-border data traffic and the interpretation of the inconsistent data governance policies, in particular, with respect to the compliance with the GDPR. A report released recently by the European Commission illustrated how the variations in the national level application of the GDPR have led to fragmentation, consequently making cross-border cooperation for research quite difficult.
“Data control”, simply put, is the oversight of information policies of an organization's data, which are at the centre of a continuous compliance framework for a given enterprise. This is a concept which sits at the core of GDPR is about and is frequently invoked in EU policy initiatives and legal documents.
Studies have empirically highlighted numerous challenges related to continuous compliance as it relates to GDPR, especially within the context of (cross-border) clinical research. All evidence suggests that there is a lack of interaction of the various EU legislative acts, also as in pertains to the national implementation of the GDPR.
Beyond the practical challenges of protecting patient data, more complex issues of inconsistent and conflicting cross-border regulatory guidelines prevented legally compliant data compliance strategies from being rolled out. Research showed that the pandemic highlighted the need for more advanced next generation Privacy Enhancing Technology, allowing organisations to maintain control of their data with strict adherence to a framework of continuous compliance within a complex regulatory landscape.