Treaty on the Functioning of the EU (TFEU), Article 168 requiring legislators to consider public health implications in its activities. Equally the Charter of Fundamental Rights of the EU requires that legislative activity is in line with the Union’s commitment to human rights.Google Scholar

Id., Art. 114.Google Scholar

Rather inconveniently, the key legislative institutions of the EU are the European Commission, the European Parliament, and the European Council and the Council of Ministers. These are separate from the Council of Europe.Google Scholar

The nature of the relationship between the two institutions is explained at <http://www.coe.int/t/der/EU_en.asp> (last visited February 16, 2016).+(last+visited+February+16,+2016).>Google Scholar

By its Treaties (Treaty on EU and Treaty on the Functioning of the EU), MS agree to pass elements of their sovereignty to the Union; the Union has “exclusive competence” over some elements of the MS’ activities (TFEU, Art. 3), “shared competence” with individual MS over other elements (TFEU, Art. 4), and authority to “support, coordinate and supplement” certain other activities of the MS (TFEU, Art. 5 and 6). Beyond these specific transfers of competence, MS retain their sovereignty. Consolidated versions of the Treaties are available at <http://eur-lex.europa.eu/collection/eu-law/treaties.html> (last visited February 16, 2016).+(last+visited+February+16,+2016).>Google Scholar

Treaty of Paris, 1951.Google Scholar

Which should be separated from the Council of Europe project concerning culture and justice (which has a more traditional international law organizational arrangement between its MS).Google Scholar

These have their origins in the Treaties of Maastricht and Rome respectively, but have subsequently been amended.Google Scholar

Citizens of MS are also citizens of the EU.Google Scholar

The two leading cases are Kohll v. Union des Caisses des Maladies Case C-158/96 (http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:61996CJ0158) and Decker v. Caisse de maladie des employés privés Case C-120/95 (http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:61995CJ0120) (last visited February 16, 2016).Google Scholar

Directive 96/9/EC Article 1(3).Google Scholar

Article 1(2).Google Scholar

Article 10. That is the case unless there is a substantial change to the database during that time which requires that the resulting database be seen as a new database in its own right, starting a new 15 year period — Article 10(3).Google Scholar

Concerns that this might unbalance the relationship in intellectual property between the granting of a time-limited monopoly in return for eventual public disclosure are here outweighed by the privacy interests of the citizens who are the subjects of the contents database. Further, the analogy between confidentiality (trade secrecy) and patent law could help: when an inventor is able to maintain confidentiality over the invention, a patent is not necessary at law, and the time-limit of the State guaranteed monopoly is not engaged — intellectual property does not always require a time — limited monopoly.Google Scholar

Directive 2004/23/EC, Article 8.Google Scholar

Article 13.Google Scholar

Article 1.Google Scholar

Convention for the Protection of Human Rights and Fundamental Freedoms, Council of Europe, Rome, 4 November 1950, as amended, available at <http://conventions.coe.int/Treaty/en/Treaties/Html/005.htm> (last visited February 16, 2016).+(last+visited+February+16,+2016).>Google Scholar

“There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”Google Scholar

2000/C 364/01, available at <http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12012P/TXT> (last visited February 16, 2016)+(last+visited+February+16,+2016)>Google Scholar

Convention for the Protection of Human Rights and Dignity of the Human Being with regard to the Application of Biology and Medicine: Convention on Human Rights and Biomedicine, Council of Europe, Oviedo, April 4, 1997, available at <http://conventions.coe.int/Treaty/en/Treaties/Html/164.htm> (last visited February 16, 2016).+(last+visited+February+16,+2016).>Google Scholar

See, for example, the fourfold typology of genetic privacy advanced by Professor Allen (information, decision, property, or physical privacies): Allen, A. L., “Genetic Privacy: Emerging Concepts and Values,” in Rothstein, M. A., ed., Genetic Secrets: Protecting Privacy and Confidentiality in the Genetic Era (Yale University Press 1997): at 31–60.Google Scholar

The Council of Europe’s website has a regularly up-dated table showing the States who have signed and ratified the Treaty: <http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=164&CM=8&DF=29/07/2015&CL=ENG> (last visited February 16, 2016).+(last+visited+February+16,+2016).>Google Scholar

Although, as will be discussed later in this article, this Directive is under review and has been for a considerable time. Ideally, one would want to speak of the forthcoming regime in this project, but despite the length of time taken in the revision process, as of October 2015, no consensus has emerged as to the new law.Google Scholar

Article 2(a).Google Scholar

Article 2(d).Google Scholar

Article 2(b) and Recital 26.Google Scholar

Article 6.Google Scholar

Id. Note, however, that in the case of processing for research purposes, MS can derogate from the rights where they ensure that there are adequate alternative safeguards. Thus, personal data can be retained for longer periods of time than is the case in other processing, where this derogation has been employed.Google Scholar

Articles 7 and 8, and 10 and 11 respectively.Google Scholar

Article 7(d).Google Scholar

Article 7(c).Google Scholar

Article 7(e).Google Scholar

Article 7(e).Google Scholar

Article 7(f).Google Scholar

Article 8(2)(a).Google Scholar

Article 8(2)(c). It is interesting that this caveat does not appear in Article 7.Google Scholar

Article 8(2)(d).Google Scholar

Article 8(2)(e).Google Scholar

Article 8(3), and where the MS allowing this basis for processing notifies the European Commission, as required by Article 8(6).Google Scholar

Article 8(6).Google Scholar

Under Article 13(2), MS can, where they create in legislation suitable alternative safeguards, remove the Article 12 rights to access to the data, but not to the Article 14 rights to object to processing. See also the Court of Justice of the EU decision in Google Spain SL and Google Inc. v. Agencia Española de Protección de Datos (AEPD) and Mario Costeja González. C–131/12, May 13, 2014, available at <http://curia.europa.eu/juris/liste.jsf?num=C-131/12> (last visited February 16, 2016). This created a right to be forgotten in relation to the internet. It remains to be seen how far this right will be extended, particularly in light of the limited nature of Article 12 and 14 rights. This could have implications for genomic databases and biobanks, but it does, once again, raise the question of how far a research participant can be removed from a research data-set with retroactive effect. Reading it alongside Article 14, one could expect that if such a right were extended to research, it would not be allowed to act retroactively if the processing was legitimate for the research. The right to be forgotten is a feature of the Commission’s proposed Regulation (although not applying to processing for research purposes), but whether it will remain in the final negotiated legislation remains to be seen.+(last+visited+February+16,+2016).+This+created+a+right+to+be+forgotten+in+relation+to+the+internet.+It+remains+to+be+seen+how+far+this+right+will+be+extended,+particularly+in+light+of+the+limited+nature+of+Article+12+and+14+rights.+This+could+have+implications+for+genomic+databases+and+biobanks,+but+it+does,+once+again,+raise+the+question+of+how+far+a+research+participant+can+be+removed+from+a+research+data-set+with+retroactive+effect.+Reading+it+alongside+Article+14,+one+could+expect+that+if+such+a+right+were+extended+to+research,+it+would+not+be+allowed+to+act+retroactively+if+the+processing+was+legitimate+for+the+research.+The+right+to+be+forgotten+is+a+feature+of+the+Commission’s+proposed+Regulation+(although+not+applying+to+processing+for+research+purposes),+but+whether+it+will+remain+in+the+final+negotiated+legislation+remains+to+be+seen.>Google Scholar

Article 10.Google Scholar

Articles 12, 14, and 13(2).Google Scholar

That is, where the data are not processed, for example in the public interest or otherwise where the data subject’s rights, effectively to opt out of the processing, are not available.Google Scholar

This is “provided for in Article 12.”Google Scholar

Note that under the proposed new Regulation, the definition of “scientific research” in Recital 126 includes “applied research,” which would alleviate this problem. See section II-D below.Google Scholar

This is a difficult point, as it could be that the good faith attempt to safeguard one form of the individual’s privacy right itself invades the privacy of an individual within his or her “social” family. This is an area that needs further debate, perhaps linked to the discussion of the “right not to know.”Google Scholar

Article 10(b).Google Scholar

Further support for the broad interpretation can be drawn from the Commission’s draft of the Regulation, discussed below. There, the two clauses were separated into proposed Articles 5 and 6, with the second clause having a much clearer wording: “Where the purpose of further processing is not compatible with the one for which the personal data have been collected, the processing must have [its own, independent] legal basis” – Commission–proposed Article 6(4). Note 56 infra.Google Scholar

Article 25.Google Scholar

Article 26(1).Google Scholar

Article 26(2).Google Scholar

Maximillian Scherms v. Data Protection Commissioner, Case C–362/14, October 6, 2015, available at <http://curia.europa.eu/juris/document/document.jsf?text=&docid=169195&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=152539> (last visited February 16, 2016).+(last+visited+February+16,+2016).>Google Scholar

For immediate press comment, see <http://www.nytimes.com/2015/10/07/technology/european-union-us-data-collection.html?_r=0;> (last visited February 16, 2016).+(last+visited+February+16,+2016).>Google Scholar

Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation), available at <http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf> (last visited February 16, 2016).+(last+visited+February+16,+2016).>Google Scholar

See, for example, the Commission’s introduction to their proposed Regulation published on January 25, 2012, available at <http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf> (last visited February 16, 2016). The popular publicity from the Commission stresses the new challenges for data protection in the internet age, but also the “uneven” implementation of the Directive - see, for example <http://ec.europa.eu/justice/data-protection/document/review2012/factsheets/1_en.pdf> (sites last visited February 16, 2016).+(last+visited+February+16,+2016).+The+popular+publicity+from+the+Commission+stresses+the+new+challenges+for+data+protection+in+the+internet+age,+but+also+the+“uneven”+implementation+of+the+Directive+-+see,+for+example++(sites+last+visited+February+16,+2016).>Google Scholar

European Parliament legislative resolution of 12 March 2014 on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD)), available at <http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+TA+P7-TA-2014-0212+0+DOC+XML+V0//EN> (last visited February 16, 2016).+(last+visited+February+16,+2016).>Google Scholar

Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) – Preparation of a general approach, available at <http://data.consilium.europa.eu/doc/document/ST-9565-2015-INIT/en/pdf> (last visited February 16, 2016).+(last+visited+February+16,+2016).>Google Scholar

This could, for example, include the development of codes of conduct. Indeed, the provision was included in Directive 95/46/EC; Article 27 provides that ‘codes of conduct’ should be encouraged for particular areas. However, this has, arguably, not been used with great enthusiasm. The concept is much more prominent in the Commission’s draft for the Regulation.Google Scholar

See, for example, proposed Article 83 of the new Regulation.Google Scholar

Article 28.Google Scholar

Article 18.Google Scholar

Article 20.Google Scholar

Although it is somewhat dated now, see the results of PRIVIREAL, (a European Commission Framework Programme 5 funded research project) on the implementation of the Directive 95/46/EC in MS: Beyleveld, D., Townend, D., Rouillé-Mirza, S. and Wright, J., eds., Implementation of the Data Protection Directive in Relation to Medical Research in Europe (Ashgate Publishing Ltd 2004).Google Scholar

[2008] ECHR 1581, available at <http://www.bailii.org/eu/cases/ECHR/2008/1581.html> (last visited February 16, 2016).+(last+visited+February+16,+2016).>Google Scholar

See the range of answers provided by the participants to Euro-barometer questions on the use of genetic information for commercial purposes, e.g., Gaskell, G., Stares, S. and Allansdottir, A., et al., Europeans and Biotechnology in 2010: Winds of Change? Brussels: European Commission DG Research (2010), available at <http://ec.europa.eu/public_opinion/archives/ebs/ebs_341_winds_en.pdf> (last visited February 16, 2016); G. Gaskell, S. Stares, A. Allansdottir, Allum, et al., Europeans and Biotechnology in 2005: Patterns and Trends (2006): Final Report on Eurobarometer 64.3, available at <http://ec.europa.eu/public_opinion/archives/ebs/ebs_244b_en.pdf> (last visited February 16, 2016).+(last+visited+February+16,+2016);+G.+Gaskell,+S.+Stares,+A.+Allansdottir,+Allum,+et+al.,+Europeans+and+Biotechnology+in+2005:+Patterns+and+Trends+(2006):+Final+Report+on+Eurobarometer+64.3,+available+at++(last+visited+February+16,+2016).>Google Scholar

This, of course, exposes something of an inconsistency: many who object to the commercialization still want the products of the research. There is a need for public debate around the question, on what terms and with what safeguards is the use of more collective scientific methods such as genomic databases and biobanks acceptable?Google Scholar

See, for example, the difficulties surrounding NHS England’s “care.data.” See also the answers in the Eurobarometers cited above.Google Scholar