Douwe Korff

Using NHS Patient Data for Research Without Consent

This article analyses the legality of the use of electronic patient records in the NHS for research without explicit patient consent under UK and EU law, with particular reference to the adequacy of the information provided to patients and the increasing difficulties of achieving de-identification. In section II, we describe the main NHS databases used for medical research purposes in England and the transparency of this use, and the general problem of re-identification. In section III, we examine the English common law position of confidentiality in relation to the use of medical records for research. Section IV sets out the European data protection standards on such use of that data. In section V, we summarise our findings and assessments and set out our conclusions and recommendations.

Comments on Selected Topics in the Draft EU Data Protection Regulation - Summaries and Proposed Amendments Only

In January 2012, the European Commission published its proposals for a new EU data protection regime. Not surprisingly, this started extensive debates and lobbying, especially from big industry. The European Digital Rights Initiative, EDRi, hopes to provide comments from the civil society/human rights/digital rights perspective. These comments are being prepared in an EDRi data protection working group. I am am member of that group, and volunteered to provide comments on the topics addressed in this paper. For now, the general consultations and the work of EDRi and this working group is largely confined to issues relating to the centerpiece of the Commission proposals, the Draft EU Data Protection Regulation.This paper sets out my thinking on my chosen topics, with proposals for specific amendments to the text of the proposed new EU Data Protection Regulation. They are essentially for discussion within the EDRi dp working group, but can also be shared with others. However, I should stress that, for now, the contents of this paper only reflect my own thinking: they do not necessarily reflect the views of EDRi or any of its member organisations. If therefore I have at times (indeed quite often) used “we” in the text, this is merely in anticipation of the text possibly being used by EDRi etc. At other times, when I am clearly referring to my own ideas and work, I have used “I”. I hope this is not too confusing.Note: This Document Contains Only The Summaries of My Analyses and My Proposed Amendments to the Regulation - The Full Text Can Be Downloaded Separately From My SSRN Page. The original version of this paper can be found at: http://ssrn.com/abstract=2150145