QUEST Blog Beitrag: Open personal data – guidance on an apparent contradiction (in Englisch)

Beitrag von Dr. Ulf Tölch

Calls for open data abound. To make data available, online and for free, for everyone to reuse and redistribute, is an appeal commonly heard. National and international political bodies see open data as a prerequisite for a data-driven digital economy, as well as for transparency. This is particularly true for research data, which often originate from publicly funded projects, and which are necessary to assess and reproduce scientific findings. The importance of open research data is reflected by large infrastructure projects as the European Open Science Cloud, and is seconded by funders and journals with similar requirements.

Health research is one of the areas where open data are highly valuable. They can for example support transparency of pharma-funded trials, allow combination of small patient populations into larger cohorts, or can be reused for machine-learning algorithms to improve diagnosis. Clinical data are, however, personal data, and this is where a second motivation comes in, which has to be reconciled with the first: any personal data is sensitive, and needs to be protected, even more so for health-related patient data. Thus, any attempts of openness with personal data have to be carefully balanced with patient rights, as codified by laws and institutional review processes. The legal framework of course strongly differs between different countries and even at sub-national level. For the Charité, the European General Data Protection Regulation (GDPR) and the Berlin State Hospital Law (Landeskrankenhausgesetz) are the main frameworks. From these, one can deduce conditions under which data sharing is possible.

The BIH QUEST Center has – in collaboration with the data protection office of the Charité - compiled a guidance on these conditions and it received a positive vote from the Charité Institutional Review Board (Ethikkommission). This document is now freely available (only in German), and gives general information to researchers considering open sharing of personal data. The document is not legally binding, and for every specific case, the data protection office needs to give specific recommendations. That said, it is still a good start to the process, and helps those seeking guidance on questions as: What is open data? What is de facto anonymization, as the procedure typically taken to reconcile data sharing with data protection? What are the concrete steps to take and things to consider? Which alternatives are there to completely open data sharing? Which example clauses can I reuse in my patient consent form? But the guidance’s most important message is: despite complications, open data and personal data are not a contradiction. With good preparation and careful balance, it is possible to protect patient rights and still share data, thus allowing the creation of new knowledge and ultimately better medical care.