Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CORBEL Code of Conduct webinar slides

87 views

Published on

The EU General Data Protection Regulation comes into force on 25 May 2018, with direct effect in the EC Member States. In its Article 40, it specifies that the Commission encourages “the drawing up of codes of conduct intended to contribute to the proper application of this Regulation, taking account of the specific features of the various processing sectors and the specific needs of micro, small and medium-sized enterprises.” The BBMRI-ERIC led Code of Conduct for Health Research initiative is committed to such a code, aiming at (a) contributing to the proper application of the regulation, (b) taking into account the specific features of processing personal data in the area of health, (c) clarifying and specifying certain rules of the GDPR for controllers who process personal data for purposes of scientific research in the area of health, (d) helping to demonstrate compliance by controllers and processors with the regulation, and (e) helping to foster transparency and trust in the use of personal data in the area of health research. The aim of the webinar is to present the initiative and give an update on current achievements. A first section of the code will be released soon for comments, a public consultation of the full code will expectantly start in late 2018.
CORBEL (http://www.corbel-project.eu) is an initiative of eleven new biological and medical research infrastructures (BMS RIs), which together will create a platform for harmonised user access to biological and medical technologies, biological samples and data services required by cutting-edge biomedical research. CORBEL will boost the efficiency, productivity and impact of European biomedical research.
This webinar took place on 5th June 2018 and is part of the CORBEL webinar series. A recording of the webinar is available through the CORBEL website:
http://www.corbel-project.eu/webinars/status-update-on-the-code-of-conduct-for-health-research-initiative.html

For previous and upcoming CORBEL webinars see:
http://www.corbel-project.eu/webinars

Published in: Science
  • Be the first to comment

CORBEL Code of Conduct webinar slides

  1. 1. Status Update on the Code of Conduct for Health Research Initiative Presenter: MichaelaTh. Mayrhofer (BBMRI-ERIC) Host:Vera Matser (EMBL-EBI) 05/06/2018footer 1 CORBELWebinar Series
  2. 2. 05/06/2018footer 2 This webinar is being recorded
  3. 3. AUDIENCE Q&A SESSION 05/06/2018footer 3 Please write your questions in the questions window of the GoToWebinar application
  4. 4. BACKGROUND 4 Since 2015, thirteen ESFRI Research Infrastructures from the field of BioMedical Science (BMS RI) joined their scientific capabilities and services to transform the understanding of biological mechanisms and accelerate its translation into medical care. • biobanking & biomolecular resources • curated databases • marine model organisms • systems biology • translational research • functional genomics • screening & medicinal chemistry • microorganisms • clinical trials • structural biology • biological/medical imaging• plant phenotyping • highly pathogenic microorganisms
  5. 5. CORBEL MISSION 5 Modern biological and biomedical research involves complex projects and a variety of different technologies. Some of the most important discoveries are made at the interface between different disciplines. CORBEL will harmonise access and services for complex research projects involving more than one RI that offer: • biological and medical technologies • biological samples and • data services
  6. 6. TODAY’S PRESENTER 05/06/2018footer 6 MichaelaTh. Mayrhofer is a political scientist and historian by training. She was educated inVienna, Louvain-la-Neuve, Essex and Paris. In 2010, she has earned her PhD from both the Ecole des Hautes Etudes en Sciences Sociales and the University ofVienna, which was shortlisted by the Austrian Society for Political Science for 'best thesis 2010'. Prior to her involvement in BBMRI-ERIC, she was investigator in several national and international research projects focusing on the politics of biotechnology and the life sciences, especially the governance of biobanks. Her academic career led to various positions at the Centre de Recherche Médecine, Sciences, Santé et Société, the University ofVienna, the Institute of Science,Technology and Society Studies at Alpen-Adria-Universität Klagenfurt/Vienna/Graz, theTechnical University ofVienna and the Medical University of Graz.Today, she serves as the Chief Policy and Coordination Officer of BBMRI-ERIC and coordinates the Code of Conduct for Health Research initiative.
  7. 7. TOWARDS A CODE OF CONDUCT FOR HEALTH RESEARCH MICHAELA TH. MAYRHOFER
  8. 8. CODE OF CONDUCT DEFINITION A code of conduct is a set of rules outlining the social norms, responsibilities of, and or proper practices for, an individual, party or organization. In our field, typically: 1. Within an organisation (e.g., within a university) 2. Among partners (e.g., research consortium) 3. Across a sector (e.g., health research) <- according to GDPR Art. 40 6/5/18 M Th Mayrhofer / BBMRI-ERIC 2
  9. 9. CODE OF CONDUCT ACCORDING TO GDPR ART. 40 1. The Member States, the supervisory authorities, the Board and the Commission shall encourage the drawing up of codes of conduct intended to contribute to the proper application of this Regulation, taking account of the specific features of the various processing sectors and the specific needs of micro, small and medium-sized enterprises. 2. Associations and other bodies representing categories of controllers or processors may prepare codes of conduct, or amend or extend such codes, for the purpose of specifying the application of this Regulation, such as with regard to: *highlighs in bold by author 6/5/18 M Th Mayrhofer / BBMRI-ERIC 3
  10. 10. SPECIFYING THE GDPR WITH REGARD TO (a) fair and transparent processing; (b) the legitimate interests pursued by controllers in specific contexts; (c) the collection of personal data; (d) the pseudonymisation of personal data; (e) the information provided to the public and to data subjects; (f) the exercise of the rights of data subjects; (g) the information provided to, and the protection of, children, and the manner in which the consent of the holders of parental responsibility over children is to be obtained; (h) the measures and procedures referred to in Articles 24 and 25 and the measures to ensure security of processing referred to in Article 32; (i) the notification of personal data breaches to supervisory authorities and the communication of such personal data breaches to data subjects; (j) the transfer of personal data to third countries or international organisations; or (k) out-of-court proceedings and other dispute resolution procedures for resolving disputes between controllers and data subjects with regard to processing, without prejudice to the rights of data subjects pursuant to Articles 77 and 79. 6/5/18 M Th Mayrhofer / BBMRI-ERIC 4
  11. 11. CODE OF CONDUCT FOR HEALTH RESEARCH 6/5/18 SECTOR SPECIFIC M Th Mayrhofer / BBMRI-ERIC 15/36
  12. 12. AIMS § Tocontribute to the proper application of the GDPR, taking into account the specific features of processing personal data in the area of health; § Toclarify and specify certain rules of the GDPR for controllers who process personal data for purposes of scientific research in the area of health; § Tohelp demonstrate compliance by controllers and processors with the regulation; § Tohelp foster transparency and trust in the use of personal data in the area of health research. 6/5/18 M Th Mayrhofer / BBMRI-ERIC 6
  13. 13. WHAT HAPPENED SO FAR? KEY ACTIVITIES 6/5/18 M Th Mayrhofer / BBMRI-ERIC 7
  14. 14. 2017 1 Feb 2017: SEMINAR: The Road to a Health and Life Sciences GDPR Code of Conduct Presenting the idea to stakeholders for the first time. 19 April 2017: Webinar Engaging with further stakeholders. 7 June 2017: 1st Code of Conduct Forum Meeting Bringing stakeholders together (=Forum) & identifying key topics (e.g., pseudonymisation, consent) & process (Forum & Drafting Group) 26-27 July 2017: 1st Drafting Group Meeting Discussing focus & agreeing to assess IMI and RD-Connect Codes. August/September 2017: Webinars of the Drafting Group Comenting on IMI Code & discussing main issues 6/5/18 M Th Mayrhofer / BBMRI-ERIC 8
  15. 15. 2017-2018 22-23 November 2017: 2nd Drafting Group Meeting First division of work 24 November 2017: Anonymisation/Pseudonymisation Workshop Subgroup meeting of drafting group 22-23 January 2018: 3rd Drafting Group Meeting Discussing first text & specifying further the focus of the subgroups 26 January 2018: CDPC Session Presenting key issues & status. Since February 2018: Subgroup Meetings Anonymisation/Pseudonymisation, appropriate safeguards, responsibility of controller/processor, legal basis, glossary 6/5/18 M Th Mayrhofer / BBMRI-ERIC 9
  16. 16. STATE OF WORK 6/5/18 Current Focus § Lawfulness of Processing (esp. Art 9.j -> 6, 89) § Responsibility of controller/processor and their relationship (esp. Art 24, 28) • ”burden of proof” with the controller • guiding principle = accountability § Appropriate Safeguards (esp. pseudonymization) § Anonymization versus personal data M Th Mayrhofer / BBMRI-ERIC 10
  17. 17. LEVELS OF INVOLVEMENT Forum = stakeholders, interested in the code development. To date, 100organisationsindicated interest & signed up for thenewsletter 1. Inviting for comments on draft sections (2018) 2. Opening the Code of Conduct for Public consultation (date tbc) 6/5/18 SECTOR: HEALTH RESEARCH * * Members represent organiations/sectors from industry, patient advocacy, research and BMS Research Infrastructures M Th Mayrhofer / BBMRI-ERIC 111/36
  18. 18. KEY QUESTIONS OR STRUCTURE OF THE CODE § Am I handling personal and sensitive data? § What am I doing with the data exactly? § What is then my role? § What are my duties? § What is my legal basis? § How do I anonymise, pseudonymise data? § What are the information obligations? § What do I have to do to enable research participants to exercise their rights? § What do I have to do in order to protect the privacy of the research participants? § How long can I retain the data? § Can I reuse the data? § Who owns thedata? § With whom can I share my data? § What about data security? 6/5/18 Ø Uses non-legalistic language Ø Builds on the questions that arise in the workflow for a researcher/data controller (FAQ style) 1.Question 1.1.Rule/Recommendation 1.2 Explanation 1.3 Example M Th Mayrhofer / BBMRI-ERIC 12
  19. 19. PROCESS OF APPLYING SAFEGUARDS DATA MINIMIZATION, PSEUDONYMIZATION, ANONYMIZATION 6/5/18 M Th Mayrhofer / BBMRI-ERIC 13
  20. 20. EXAMPLE FROM CODE 6/5/18 M Th Mayrhofer / BBMRI-ERIC 14
  21. 21. GOVERNANCE § How is the code implemented? § How is the code modified? § How is adherence to the code guaranteed? Ø DETAILED PROCEDURE HOW TO SUBMIT THE CODE IS IN PROGRESS Ø Started by WP29, continued by EDPD as of May 25 2018 * The European Data Protection Board) EDPB is the EU body in charge of the application of the General Data Protection Regulation (GDPR) as of 25 May 2018. It’s made up of the head of each national DPA and of the European Data Protection Supervisor (EDPS) or their representatives. The European Commission takes part in the meetings of the EDPB without voting rights. The secretariat of the EDPB is provided by the EDPS. 6/5/18 M Th Mayrhofer / BBMRI-ERIC 15
  22. 22. NEXT STEPS → consolidating first draft sections (1Q 2018) → share drafts with experts for first comments (2Q 2018) → consolidating draft sections and releasing further (2-3Q 2018) → public consultation (earliest 4Q 2018) → submission to EC via national DPA (aim: 4Q 2018) 6/5/18 M Th Mayrhofer / BBMRI-ERIC 16
  23. 23. WHAT THE CODE IS(N‘T) http://eclecticdad.com/2016/02/02/monty-python-and-the-holy-grail-review/ 6/5/18 M Th Mayrhofer / BBMRI-ERIC 17
  24. 24. IN A NUTSHELL Ø Understand the GDPR as spring cleaning! 6/5/18 M Th Mayrhofer / BBMRI-ERIC 18
  25. 25. CHECK YOUR PROCEDURES • Quality Management • Data Security • Human Resources • Communication • Legal basis • Consent procedures 6/5/18 M Th Mayrhofer / BBMRI-ERIC 19
  26. 26. TRAIN YOUR STAFF https://nakedsecurity.sophos.com/2018/01/18/yes-hawaii-emergency-management-stuck-a-password-on-a-sticky-note/ (23 May 2018) 6/5/18 M Th Mayrhofer / BBMRI-ERIC 20
  27. 27. SIGN UP TO THE FORUM NEWSLETTER AND LEARN MORE: HTTP://CODE-OF-CONDUCT-FOR-HEALTH-RESEARCH.EU 6/5/18 INTERESTED? M Th Mayrhofer / BBMRI-ERIC 21
  28. 28. THANK YOU! In the name of the Drafting Group: M. Th. Mayrhofer, I. Schlünder, F. Molnar-Gabor, D. Mascalzoni, M. Matei, A Negrouk, E-B van Veen, A. Kent, D. Townend, A. Bahr, M. de la Paz, C. Becker 6/5/18 M Th Mayrhofer / BBMRI-ERIC 22
  29. 29. QUESTIONS? GET IN TOUCH! contact@bbmri-eric.eu www.bbmri-eric.eu @BBMRIERIC BBMRI-ERIC Michaela Th. Mayrhofer | Chief Coordination & Policy Officer | michaela.th.mayrhofer@bbmri-eric.eu @mtmayrhofer 6/5/18 M Th Mayrhofer / BBMRI-ERIC 23
  30. 30. Questions? Status Update on the Code of Conduct for Health Research Initiative Presenter: MichaelaTh. Mayrhofer (BBMRI-ERIC) 05/06/2018footer 34 Please write your questions in the questions window of the GoToWebinar application
  31. 31. NEXTWEBINAR 05/06/2018footer 9 Title:The BBMRI-ERIC ELSI Helpdesk – Personalising ELSI Support Speaker: Jasjote Grewal (BBMRI-ERIC) Date:Tue 10th July, 2018 Time: 15:30 CEST Registration and details http://www.corbel-project.eu/webinars

×