The global COVID-19 pandemic has focused minds sharply on the valuable role to be played by data collection and analysis for advancing health research, especially how it may help in informing and developing policy responses.
Modern health research requires vast collections of data. Ensuring open access and wide sharing of these huge data sets that contain highly sensitive personal information within the international scientific community is also essential to the development of medical treatments and research breakthroughs. The importance of all of these factors drastically increases in times of emergency when rapid responses are urgently needed from the scientific community (such as the development of a vaccine). However, as the European Commission and academic commentators point out, any such measures must also be lawful and proportionate, comply with data protection law, and respect the fundamental rights of those who have shared their health data.1
Even in light of the unique challenges of the current crisis, various policymaking approaches have already been put forward on how best to ensure that the collection and sharing of health data for advancing research are compatible with the rule of law and data protection. Before the worldwide lockdown, the European Data Protection Supervisor had already published a preliminary opinion noting concerns of the General Data Protection Regulation (GDPR) potentially posing a barrier to health research and called for dialogue between the scientific research community and data protection authorities ‘to be intensified at EU level’.2
Given that the development of medical treatments and research breakthroughs crucial to overcoming COVID-19 depend on the transfer of data and knowledge through international cooperation, this important dialogue must go beyond the European Union (EU).3 Policymaking worldwide should also be informed by the sharing of data and expertise from other countries. This collaboration is essential to ensure that there is an informed global dialogue on how best to use and share this health data through measures that respect key data protection principles and safeguards (including purpose limitation and data minimization). Various countries across Africa have considerable expertise and experience in dealing with the impacts of data collection necessary for developing responses to urgent health crises, including the Ebola and HIV epidemics.4
Thus, valuable lessons may be drawn from the work of the researchers and policymakers involved in tackling the latter that could inform responses in other jurisdictions grappling with similar policymaking challenges. At the same time, in contrast to the well-established legal systems governing data protection in Europe, many countries in Africa are in the preliminary stages of developing comprehensive data protection frameworks in the area of health research. This means that researchers and policymakers in Africa also have much insight to gain from examining the various policymaking approaches taken to date in Europe to ensure the use of health data for advancing research and medical breakthroughs is data protection compliant.5
This timely symposium issue of International Data Privacy Law (IDPL) examines all of the above opportunities and challenges within the context of the regulatory frameworks governing health research and data protection in Africa. The diverse and rich topics covered by the articles in this issue build on papers presented at an interdisciplinary expert workshop hosted in Cape Town of academics, policymakers, and practitioners in the fields of law and ethics, medicine, and health research.6 The ongoing legal and policymaking challenges explored include: when the lawful basis of consent should apply when collecting data for health research; the institutions responsible for the oversight and enforcement of data protection in countries across Africa; and what challenges the legal standards of GDPR and Convention 108+ present for countries within Africa that seek to facilitate collaborative research and create sustainable health data transfer regimes with the EU and elsewhere.
This article has been reposted from International Data Privacy Law, Volume 10, Issue 2, May 2020, Pages 115–116, https://doi.org/10.1093/idpl/ipaa010.
1 Lilian Edwards and others, ‘The Coronavirus (Safeguards) Bill 2020: Proposed Protections for Digital Interventions and in Relation to Immunity Certificates’ (LawArXiv, 2020) <https://osf.io/preprints/lawarxiv/yc6xu> accessed 18 May 2020; European Commission, ‘Commission Recommendation on a Common Union Toolbox for the Use of Technology and Data to Combat and Exit from the COVID-19 Crisis, in Particular Concerning Mobile Applications and the Use of Anonymised Mobility Data’ Brussels, 8 April 2020.
2 EDPS, ‘A Preliminary Opinion on Data Protection and Scientific Research’ (6 January 2020) <https://edps.europa.eu/sites/edp/files/publication/20-01-06_opinion_research_en.pdf> accessed 18 May 2020.
3 Christopher Kuner, ‘Data Crossing Borders: Data Sharing and Protection in Times of Coronavirus’ <https://infolawcentre.blogs.sas.ac.uk/2020/04/27/data-crossing-borders-data-sharing-and-protection-in-times-of-coronavirus-christopher-kuner/> accessed 18 May 2020.
4 See, for instance, reports by the World Health Organization Regional Office for Africa: <https://www.afro.who.int/> accessed 18 May 2020.
5 Data protection laws adopted by various countries in Africa have already been significantly influenced by the legal framework of the EU GDPR in general. See Nóra Ni Loideain, ‘Cape Town as a Smart and Safe City: Implications for Governance and Data Privacy’ (2017) 7(4) International Data Privacy Law 314.
6 Ciara Staunton and others, ‘Ethical and Practical Issues to Consider in the Governance of Data Sharing for Genomic and Human Research Data in South Africa: A Meeting Report’ AAS Open Research 2019, 2:15.