Data protection — coming to an organ near you

Jeremy Phillips

Also published online on the Official Journal of the European Union website this morning is the Opinion of the European Data Protection Supervisor on the Proposal for a Directive of the European Parliament and of the Council on standards of quality and safety of human organs intended for transplantation. The conclusion of the EDPS is as follows:

“45. The EDPS has noted the initiative to ensure high standards of quality and safety for human organs intended for transplantation, which can be seen as part of the overall EC approach towards setting common standards to promote cross-border availability of healthcare services across Europe.

46. The proposal has already considered the data protection needs arising for the donors and the recipients of organs, especially with regard to the requirement for keeping their identities confidential. The EDPS regrets however that some of these provisions are vague, ambiguous or general and, for this reason, he recommends a number of amendments to enhance the proposal’s data protection related content.

47. As a first point, the EDPS notes the existing contradiction between the concepts of traceability and anonymity used within the proposal. In this respect, he recommends specific changes of the language in certain parts of the proposal (namely in recital 15, Article 10 paragraph 2 and Article 17) in order to avoid ambiguity and to explicitly reflect the fact that the data are not anonymous but should be processed under strong confidentiality and security rules.

48. Moreover, he recommends laying more emphasis on the need to adopt strong security measures at national level. This could be done by adding a second paragraph in Article 16 describing the basic principles for ensuring security at the Member State level, and further specifying these principles as part of the implementing measures of Article 25(1). The proposed security principles include:

(a) adoption of an information security policy to ensure confidentiality, integrity, accountability and availability of the donors’ and recipients’ personal data;

(b) definition of a specific confidentiality and access control policy, together with data confidentiality guarantees for the persons involved in the processing;

(c) addressing security mechanisms in the national databases, based on the principle of ‘privacy by design’;

(d) establishing procedures to safeguard the data protection rights of the donors and recipients, especially the rights of access and rectification and the right to information, paying special attention to the cases of donors who wish to withdraw their consent or are not accepted as donors;

(e) provision of measures to guarantee integrity and uninterrupted availability of the data;

(f) ensuring regular monitoring and independent audits of the security policies in place.

49. With regard to the cross-border exchange of organs, the EDPS recommends that the need for harmonising information security policies among Member States is mentioned in Recital (17) of the proposal. In addition, special attention should be paid to the pseudonymisation possibilities to be used for the identification of donors and
recipients, and to maintaining interoperability with the tissue and cells identification system. The EDPS recommends that a specific reference on this item is made in Article 25(1)(b) of the proposal.

50. Concerning the exchange of organs with third countries, the EDPS recommends to mention in Article 21 or relevant Recital 15 of the proposal that the competent authority will consult with the national Data Protection Authority in order to develop the necessary framework for secure, but also fast and efficient transfer of organs’ data to and from the third countries.

51. Finally, the EDPS recommends that in all cases where implementing measures affecting data protection and security are considered, all relevant stakeholders are
consulted, including the EDPS and the Article 29 Working Party”.

Leave a Reply

Your email address will not be published. Required fields are marked *