International data-sharing norms: from the OECD to the General Data Protection Regulation (GDPR)

The evolution of genomic research and its integration into clinical practice, as they become international—even global—endeavors, has brought us to a place where scientists and clinicians may now only ignore the rules governing international data sharing at their own peril. Open data policies, on the one hand, increasingly require custodians of others’ genomic data to make it as widely available as feasible, including to researchers in other countries. Data protection law, on the other, has become a significant hurdle to the sharing of personal data across jurisdictional borders. The space between these two competing duties is narrowing. In contrast with the other texts in this volume, which explore the present and future of data sharing and data protection, this article’s focus is on the past. It centres on the historical development of the data protection rules regarding the international transfer of personal data up to the present. The article’s aim is to bring into focus the underlying objectives that have influenced and that will continue to influence the way that data protection rules are applied to the fields of genomics and health, as well as future developments in data protection generally. The first part of this article describes the development of international data-sharing data protection rules since 1970. The second considers difficulties in applying general data protection rules to the specific context of genomics and health. The third and final part compares the options available to comply with the international transfer restrictions set out in the standard-setting EU General Data Protection Regulation from a genomics perspective.

[1]  J. Merrills International Law governing Communications and Information . By Edward W. Ploman. London: Frances Pinter Ltd., 1982. xvi + 367 pp. £25 , 1984 .

[2]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[3]  James P Evans,et al.  Genetic exceptionalism. Too much of a good thing? , 2008, Genetics in Medicine.

[4]  R. Bayer,et al.  The rise and fall of AIDS exceptionalism. , 2009, The virtual mentor : VM.

[5]  C. Kuner Transborder Data Flows and Data Privacy Law , 2013 .

[6]  Mark Phillips,et al.  Privacy Law, Data Sharing Policies, and Medical Data: A Comparative Perspective , 2015, Medical Data Privacy Handbook.

[7]  Salvador Trinxet,et al.  Personal Information Protection and Electronic Documents Act , 2015 .

[8]  Carl A. Gunter,et al.  Privacy in the Genomic Era , 2014, ACM Comput. Surv..

[9]  Christina M. Akrivopoulou Safe harbour not so safe anymore: the European Court of Justice Judgment C-362/14 (Maximillian Schrems versus Data Protection Commissioner) , 2016 .

[10]  Y. Joly,et al.  The European Union's Adequacy Approach to Privacy and International Data Sharing in Health Research , 2016, Journal of Law, Medicine & Ethics.

[11]  Jan-Eric Litton We must urgently clarify data-sharing rules , 2017, Nature.

[12]  M. Rothstein GINA at Ten and the Future of Genetic Nondiscrimination Law. , 2018, The Hastings Center report.

[13]  Giuseppe Testa,et al.  Scrutinizing the EU General Data Protection Regulation , 2018, Science.

[14]  Agustí Verde Parera,et al.  General data protection regulation , 2018 .