The EU General Data Protection Regulation comes into force on 25 May 2018, with direct effect in the EC Member States. In its Article 40, it specifies that the Commission encourages “the drawing up of codes of conduct intended to contribute to the proper application of this Regulation, taking account of the specific features of the various processing sectors and the specific needs of micro, small and medium-sized enterprises.” The BBMRI-ERIC led Code of Conduct for Health Research initiative is committed to such a code, aiming at (a) contributing to the proper application of the regulation, (b) taking into account the specific features of processing personal data in the area of health, (c) clarifying and specifying certain rules of the GDPR for controllers who process personal data for purposes of scientific research in the area of health, (d) helping to demonstrate compliance by controllers and processors with the regulation, and (e) helping to foster transparency and trust in the use of personal data in the area of health research. The aim of the webinar is to present the initiative and give an update on current achievements. A first section of the code will be released soon for comments, a public consultation of the full code will expectantly start in late 2018.
CORBEL (http://www.corbel-project.eu) is an initiative of eleven new biological and medical research infrastructures (BMS RIs), which together will create a platform for harmonised user access to biological and medical technologies, biological samples and data services required by cutting-edge biomedical research. CORBEL will boost the efficiency, productivity and impact of European biomedical research.
This webinar took place on 5th June 2018 and is part of the CORBEL webinar series. A recording of the webinar is available through the CORBEL website:
http://www.corbel-project.eu/webinars/status-update-on-the-code-of-conduct-for-health-research-initiative.html
For previous and upcoming CORBEL webinars see:
http://www.corbel-project.eu/webinars
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
CORBEL Code of Conduct webinar slides
1. Status Update on the Code of Conduct for Health
Research Initiative
Presenter: MichaelaTh. Mayrhofer (BBMRI-ERIC)
Host:Vera Matser (EMBL-EBI)
05/06/2018footer 1
CORBELWebinar Series
4. BACKGROUND
4
Since 2015, thirteen ESFRI Research Infrastructures from the field
of BioMedical Science (BMS RI) joined their scientific capabilities
and services to transform the understanding of biological
mechanisms and accelerate its translation into medical care.
• biobanking & biomolecular
resources
• curated databases
• marine model organisms
• systems biology
• translational research
• functional genomics
• screening & medicinal
chemistry
• microorganisms
• clinical trials
• structural biology
• biological/medical imaging• plant phenotyping
• highly pathogenic
microorganisms
5. CORBEL MISSION
5
Modern biological and biomedical research involves complex
projects and a variety of different technologies.
Some of the most important discoveries are made at the
interface between different disciplines.
CORBEL will harmonise access and services for complex
research projects involving more than one RI that offer:
• biological and medical technologies
• biological samples and
• data services
6. TODAY’S PRESENTER
05/06/2018footer 6
MichaelaTh. Mayrhofer is a political scientist and
historian by training. She was educated inVienna,
Louvain-la-Neuve, Essex and Paris. In 2010, she has
earned her PhD from both the Ecole des Hautes Etudes
en Sciences Sociales and the University ofVienna, which
was shortlisted by the Austrian Society for Political
Science for 'best thesis 2010'.
Prior to her involvement in BBMRI-ERIC, she was investigator in several national
and international research projects focusing on the politics of biotechnology and
the life sciences, especially the governance of biobanks. Her academic career led
to various positions at the Centre de Recherche Médecine, Sciences, Santé et
Société, the University ofVienna, the Institute of Science,Technology and Society
Studies at Alpen-Adria-Universität Klagenfurt/Vienna/Graz, theTechnical
University ofVienna and the Medical University of Graz.Today, she serves as the
Chief Policy and Coordination Officer of BBMRI-ERIC and coordinates the Code of
Conduct for Health Research initiative.
7. TOWARDS A CODE OF CONDUCT FOR HEALTH RESEARCH
MICHAELA TH. MAYRHOFER
8. CODE OF CONDUCT
DEFINITION
A code of conduct is a set of rules outlining the social norms, responsibilities
of, and or proper practices for, an individual, party or organization.
In our field, typically:
1. Within an organisation (e.g., within a university)
2. Among partners (e.g., research consortium)
3. Across a sector (e.g., health research) <- according to GDPR Art. 40
6/5/18 M Th Mayrhofer / BBMRI-ERIC 2
9. CODE OF CONDUCT
ACCORDING TO GDPR ART. 40
1. The Member States, the supervisory authorities, the Board and
the Commission shall encourage the drawing up of codes of
conduct intended to contribute to the proper application of this
Regulation, taking account of the specific features of the various
processing sectors and the specific needs of micro, small and
medium-sized enterprises.
2. Associations and other bodies representing categories of
controllers or processors may prepare codes of conduct, or
amend or extend such codes, for the purpose of specifying the
application of this Regulation, such as with regard to:
*highlighs in bold by author
6/5/18 M Th Mayrhofer / BBMRI-ERIC 3
10. SPECIFYING THE GDPR
WITH REGARD TO
(a) fair and transparent processing;
(b) the legitimate interests pursued by controllers in specific contexts;
(c) the collection of personal data;
(d) the pseudonymisation of personal data;
(e) the information provided to the public and to data subjects;
(f) the exercise of the rights of data subjects;
(g) the information provided to, and the protection of, children, and the manner in which the consent of the
holders of parental responsibility over children is to be obtained;
(h) the measures and procedures referred to in Articles 24 and 25 and the measures to ensure security of
processing referred to in Article 32;
(i) the notification of personal data breaches to supervisory authorities and the communication of such
personal data breaches to data subjects;
(j) the transfer of personal data to third countries or international organisations; or
(k) out-of-court proceedings and other dispute resolution procedures for resolving disputes between controllers
and data subjects with regard to processing, without prejudice to the rights of data subjects pursuant to
Articles 77 and 79.
6/5/18 M Th Mayrhofer / BBMRI-ERIC 4
11. CODE OF CONDUCT
FOR HEALTH
RESEARCH
6/5/18
SECTOR SPECIFIC
M Th Mayrhofer / BBMRI-ERIC 15/36
12. AIMS
§ Tocontribute to the proper application of the GDPR, taking into
account the specific features of processing personal data in the area
of health;
§ Toclarify and specify certain rules of the GDPR for controllers who
process personal data for purposes of scientific research in the area of
health;
§ Tohelp demonstrate compliance by controllers and processors with
the regulation;
§ Tohelp foster transparency and trust in the use of personal data in
the area of health research.
6/5/18 M Th Mayrhofer / BBMRI-ERIC 6
13. WHAT HAPPENED SO FAR?
KEY ACTIVITIES
6/5/18 M Th Mayrhofer / BBMRI-ERIC 7
14. 2017
1 Feb 2017: SEMINAR: The Road to a Health and Life Sciences GDPR Code of Conduct
Presenting the idea to stakeholders for the first time.
19 April 2017: Webinar
Engaging with further stakeholders.
7 June 2017: 1st Code of Conduct Forum Meeting
Bringing stakeholders together (=Forum) & identifying key topics (e.g., pseudonymisation,
consent) & process (Forum & Drafting Group)
26-27 July 2017: 1st Drafting Group Meeting
Discussing focus & agreeing to assess IMI and RD-Connect Codes.
August/September 2017: Webinars of the Drafting Group
Comenting on IMI Code & discussing main issues
6/5/18 M Th Mayrhofer / BBMRI-ERIC 8
15. 2017-2018
22-23 November 2017: 2nd Drafting Group Meeting
First division of work
24 November 2017: Anonymisation/Pseudonymisation Workshop
Subgroup meeting of drafting group
22-23 January 2018: 3rd Drafting Group Meeting
Discussing first text & specifying further the focus of the subgroups
26 January 2018: CDPC Session
Presenting key issues & status.
Since February 2018: Subgroup Meetings
Anonymisation/Pseudonymisation, appropriate safeguards, responsibility of
controller/processor, legal basis, glossary
6/5/18 M Th Mayrhofer / BBMRI-ERIC 9
16. STATE OF WORK
6/5/18
Current Focus
§ Lawfulness of Processing (esp. Art 9.j -> 6, 89)
§ Responsibility of controller/processor and their
relationship (esp. Art 24, 28)
• ”burden of proof” with the controller
• guiding principle = accountability
§ Appropriate Safeguards (esp. pseudonymization)
§ Anonymization versus personal data
M Th Mayrhofer / BBMRI-ERIC 10
17. LEVELS OF INVOLVEMENT
Forum = stakeholders,
interested in the code
development.
To date, 100organisationsindicated interest &
signed up for thenewsletter 1. Inviting for
comments on
draft sections
(2018)
2. Opening the
Code of
Conduct for
Public
consultation
(date tbc)
6/5/18
SECTOR: HEALTH RESEARCH
*
* Members represent organiations/sectors from industry,
patient advocacy, research and BMS Research Infrastructures
M Th Mayrhofer / BBMRI-ERIC 111/36
18. KEY QUESTIONS
OR STRUCTURE OF THE CODE
§ Am I handling personal and sensitive data?
§ What am I doing with the data exactly?
§ What is then my role?
§ What are my duties?
§ What is my legal basis?
§ How do I anonymise, pseudonymise data?
§ What are the information obligations?
§ What do I have to do to enable research participants to exercise their rights?
§ What do I have to do in order to protect the privacy of the research participants?
§ How long can I retain the data?
§ Can I reuse the data?
§ Who owns thedata?
§ With whom can I share my data?
§ What about data security?
6/5/18
Ø Uses non-legalistic language
Ø Builds on the questions that
arise in the workflow for a
researcher/data controller
(FAQ style)
1.Question
1.1.Rule/Recommendation
1.2 Explanation
1.3 Example
M Th Mayrhofer / BBMRI-ERIC 12
19. PROCESS OF APPLYING SAFEGUARDS
DATA MINIMIZATION, PSEUDONYMIZATION, ANONYMIZATION
6/5/18 M Th Mayrhofer / BBMRI-ERIC 13
21. GOVERNANCE
§ How is the code implemented?
§ How is the code modified?
§ How is adherence to the code guaranteed?
Ø DETAILED PROCEDURE HOW TO SUBMIT THE CODE IS IN PROGRESS
Ø Started by WP29, continued by EDPD as of May 25 2018
* The European Data Protection Board) EDPB is the EU body in charge of the application of the General Data Protection Regulation (GDPR) as of 25
May 2018. It’s made up of the head of each national DPA and of the European Data Protection Supervisor (EDPS) or their representatives. The
European Commission takes part in the meetings of the EDPB without voting rights. The secretariat of the EDPB is provided by the EDPS.
6/5/18 M Th Mayrhofer / BBMRI-ERIC 15
22. NEXT STEPS
→ consolidating first draft sections (1Q 2018)
→ share drafts with experts for first comments (2Q 2018)
→ consolidating draft sections and releasing further (2-3Q 2018)
→ public consultation (earliest 4Q 2018)
→ submission to EC via national DPA (aim: 4Q 2018)
6/5/18 M Th Mayrhofer / BBMRI-ERIC 16
23. WHAT THE CODE IS(N‘T)
http://eclecticdad.com/2016/02/02/monty-python-and-the-holy-grail-review/
6/5/18 M Th Mayrhofer / BBMRI-ERIC 17
24. IN A NUTSHELL
Ø Understand the GDPR as spring cleaning!
6/5/18 M Th Mayrhofer / BBMRI-ERIC 18
25. CHECK YOUR PROCEDURES
• Quality Management
• Data Security
• Human Resources
• Communication
• Legal basis
• Consent procedures
6/5/18 M Th Mayrhofer / BBMRI-ERIC 19
27. SIGN UP TO THE FORUM NEWSLETTER AND LEARN MORE:
HTTP://CODE-OF-CONDUCT-FOR-HEALTH-RESEARCH.EU
6/5/18
INTERESTED?
M Th Mayrhofer / BBMRI-ERIC 21
28. THANK YOU!
In the name of the Drafting Group:
M. Th. Mayrhofer, I. Schlünder, F. Molnar-Gabor, D. Mascalzoni, M. Matei, A Negrouk, E-B van Veen, A. Kent, D.
Townend, A. Bahr, M. de la Paz, C. Becker
6/5/18 M Th Mayrhofer / BBMRI-ERIC 22
29. QUESTIONS? GET IN TOUCH!
contact@bbmri-eric.eu
www.bbmri-eric.eu
@BBMRIERIC
BBMRI-ERIC
Michaela Th. Mayrhofer | Chief Coordination & Policy Officer | michaela.th.mayrhofer@bbmri-eric.eu
@mtmayrhofer
6/5/18 M Th Mayrhofer / BBMRI-ERIC 23
30. Questions?
Status Update on the Code of Conduct for Health
Research Initiative
Presenter: MichaelaTh. Mayrhofer (BBMRI-ERIC)
05/06/2018footer 34
Please write your questions in the questions
window of the GoToWebinar application
31. NEXTWEBINAR
05/06/2018footer 9
Title:The BBMRI-ERIC ELSI Helpdesk – Personalising ELSI Support
Speaker: Jasjote Grewal (BBMRI-ERIC)
Date:Tue 10th July, 2018
Time: 15:30 CEST
Registration and details
http://www.corbel-project.eu/webinars