Betrayal of confidence in the Court of Appeal

In overturning Latham J's judgment in R v Department of Health, Ex Parte Source Informatics Ltd. that anonymisation does not obviate breaching a personal confidence, the Court of Appeal holds that where the duty of confidence arises in equity it does not prohibit the confidant using the confided information without the consent of the confider if this does not treat the confider unfairly (relative to the Court's view of the confider's legitimate interests). We argue that this principle--by bringing fairness to bear on the scope of the duty of confidence rather than on whether a breach of it may be lawful--has no authority in usable precedents; that the Court's interpretation of fairness in applying this principle is, in any event, incompatible with the Data Protection Act 1998 (in part because the Court has too narrow a conception of privacy); that the Court errs in holding that neither anonymisation of personal data nor use of anonymous data falls under the Data Protection Act; and that the Court's insensitivity to the vulnerability that leads patients to disclose information about themselves to health professionals for their treatment, leads it to misidentify the basis of the duty of confidence in such disclosures. The Court of Appeal's reasoning does not clarify the duty of confidence, but virtually abolishes it in the face of competing commercial and research interests.     

知情同意原则下医疗过失损害赔偿责任的几个问题--从一起患者知情同意纠纷案说起

知情同意原则所保护的客体是自我决定权.知情同意原则下的损害赔偿责任不同于医疗事故损害赔偿责任.二者不能互相否认.医方违反知情同意原则的责任是一种侵权损害赔偿责任.该责任的构成要件可包括(1)医师存在法定的告知义务;(2)医师未能将对患者的决定产生实质性影响的风险/信息告知患者;(3)在告知不充分的情况下,患者由于选择了当前的治疗方案而受到伤害;(4)医师的义务违反与患者的伤害之间存在因果关系.其中,告知义务是否充分的判断应以处于同样情境的一个理性患者所需作为主要的标准;对信息"实质性"的判定应看一个与患者处于同一位置的合理审慎之人在决定是否对所建议的治疗做出同意时会对某一事实赋加重要性或将该事实作为一"决定性"影响因素加以考虑;在因果关系存无的认定上,则要考虑若患者被充分告知实情他是否会做出不同的选择决定.     

我国侵权责任法知情同意条款评析

我国《侵权责任法》知情同意条款存在许多可资称道之处,比如,它明确了违反告知义务将导致侵权损害赔偿责任,坚持了“信息告知”与“诊断治疗”两种情境的区分,就医务人员的告知义务和例外做出了原则规定,没有赋予“法律、行政法规、规章以及其他有关诊疗规范的规定”以终局性。但是,它也有许多值得进一步完善之处,它需要进一步凸显知情同意规则的特质、明确信息披露的标准、启用“实质性信息”概念、紧缩“医疗特权”的适用范围。     

The Data Protection (Amendment) Act, 2003: the Data Protection Directive and its implications for medical research in Ireland

Directive 95/46/EC on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of Such Data has been transposed into national law and is now the Data Protection (Amendment) Act, 2003. The Directive and the transposing Act provide for new obligations to those processing data. The new obligation of primary concern is the necessity to obtain consent prior to the processing of data (Article 7, Directive 95/46/EC). This has caused much concern especially in relation to 'secondary data' or 'archived data'. There exist, what seem to be in the minds of the medical research community, two competing interests: (i) that of the need to obtain consent prior to processing data and (ii) the need to protect and foster medical research. At the same time as the introduction of the Act, other prior legislation, i.e. the Freedom of Information Act, 1997-2003, has encouraged candour within the doctor-patient relationship and the High Court in Ireland, in the case of Geoghegan v. Harris, has promulgated the 'reasonable-patient test' as being the correct law in relation to the disclosure of risks to patients. The court stated that doctors have a duty to disclose all material risks to patients. The case demonstrates an example of a move toward a more open medical relationship. An example of this rationale was also recently seen in the United Kingdom in the House of Lords decision in Chester v. Afshar. Within the medical research community in Ireland, the need to respect the autonomy of patients and research participants by providing information to such parties has also been observed (Sheikh A. A., 2000 and Irish Council for Bioethics, 2005). Disquiet has been expressed in Ireland and other jurisdictions by the medical research communities in relation to the exact working and meaning of the Directive and therefore the transposing Acts (Strobl et al). This may be due to the fact that, as observed by Beyleveld "The Directive makes no specific mention of medical research and, consequently, it contains no provisions for medical research as an explicitly delineated category." (Beyleveld D., 2004) This paper examines the Irish Act and discusses whether the concerns expressed are well-founded and if the Act is open to interpretation such that it would not hamper medical research and public health work.     

突破与超越:《侵权责任法》产品后续观察义务之解读

《侵权责任法》第46条确立了我国产品的后续观察义务。这一制度的确立符合社会安全和公平正义的理念。然而,由于缺乏相关的解释,该条在适用中将与产品质量法中的发展缺陷免责条款存在冲突,第46条可以认为是对发展缺陷免责条款的修正。另外,违背后续观察义务所产生之产品责任应遵循无过错责任原则,侵权责任范围不应包括惩罚性赔偿。     

行政法规范之违反与过失实行行为之认定——基于新过失论的阐释

讨论行政法规范之违反与过失实行行为之认定的关系,对于我国过失犯罪,特别是业务过失犯罪的认定,有重大意义。对此,应当从不同的过失犯构造理论出发,做体系性思考。立足于行为无价值的新过失论,将过失实行行为定义为违反结果回避义务,不仅能合理限制过失不法的范围,理论立场上也更为首尾一贯;而且通过注意义务的类型化,更能贯彻刑法的自由保障功能和法益保护功能。在新过失论的框架下,行政法规范上的义务和刑法上的注意义务在范围、性质上均有不同,但也存在相同之处:前者的危险防止义务是以定型的危险为前提而课予一般人的义务,后者则是以个案事态为前提而课予(处于行为人地位的)一般人的义务。违反不以避免构成要件结果为指向的行政法规范上的义务,并不构成对刑法上注意义务的违反。而违反以避免构成要件结果为指向的行政法规范上的义务,如果该义务对于个案中的结果回避是必要的或不足的,则构成对刑法上注意义务的违反;如果该义务对于个案中的结果回避是不必要的、可替代的,或者会起消极作用,则不违反刑法上的注意义务。     

医疗过失鉴定需遵循的原则

医疗纠纷解决中的核心问题是医疗过失的技术鉴定问题,在鉴定实务中,确立判定医疗过失的原则,则是此核心中的核心。本文旨在探讨＂医疗过失评判的基本原则＂,以期规范和指导相关鉴定工作。作者认为,这些原则应包括：（1）遵循＂专业性判断＂的原则;（2）以＂注意义务作为医疗过失判断基准＂的原则;（3）以＂是否尽到与当时的医疗水平相应的诊疗义务＂为审查原则;（4）对＂医疗紧急处置行为的宽泛性＂原则;（5）＂告知-知情-同意＂的原则;（6）＂并发症的审查＂原则;（7）＂医疗意外的免责＂原则等。     

Protecting your confidential information

DATA PROTECTION There are two sides to the issue of Data Protection namely:

• •⊎ Protection of Company Information; and
• •⊎ Protection of Personal Information.

The proliferation of computers within government, business and the public generally has provided certain individuals with enormous potential power over the people and the information gathered in the many databases in existence throughout the world. The cross matching capabilities of these systems at terrific speeds has given rise to genuine concerns as to the purposes to which this information will be put and the possible abuses.In Australia (unlike the US) there is not constitutional protection of privacy and the only remedy available to either companies or individuals is via the common law for breach of confidence or the unauthorised disclosure of a trade secret.In this article I intend to raise some of the issues faced by both the corporation attempting to restrict access and abuse of confidential information together with the protection of individual privacy in the face of increased central data collection.     

论医疗民事责任的判定--医方承担医疗民事责任的范畴及认定标准

本文指出医方承担医疗民事责任的范围不应仅仅局限于医疗事故,还应包括其他一些因医方医疗行为所导致患者合法权益受损害的民事赔偿责任.从承担医疗违约责任和医疗侵权责任两个方面来讨论医疗民事责任,主张引进"善良注意义务"的医疗判断标准;将医方的告知义务区分为必须的告知义务与一般的告知义务,认为医方只对违反了必须的告知义务才承担相应的民事责任.     

The conflict of understanding the genetic make-up of man and his knowledge of it

The rapid development within the research of the human genome offers a great potential with regard to the diagnosis of genetic diseases but it also bears dangers of misuse. The starting point for avoiding these dangers is the autonomy of the individual, i.e. that the information about his genetic constitution should only be ascertained with his explicit consent. It is the duty of law to protect the individual and his relatives - who might also be concerned - without undermining the right to self-determination. Furthermore, it is discussed whether genetic tests should be limited to "health purposes" only. The problem of this limitation, however, is to define the term "health purposes" particularly when the criterion of "quality of life" is also taken into consideration. In order to assure a responsible handling of the genetic data, genetic analysis and especially the counselling of the subject should be reserved to the medical profession, since only a real understanding of the individual's genetic constitution with all risks and chances will enable him to make an informed and self-determined decision.     

Data protection in Europe – Some thoughts on reading the academic manifesto

The commentary by academics on the proposed European General Data Protection Regulation in [2013] 29 CLSR 180 has provoked thoughts in response. The responder strongly agrees with the doubts expressed about the definition of personal data, anonymisation and the identifiability of individuals. On the other hand, he disagrees with the views on consent and legitimacy and proposes support for a risk-based approach to data protection. He suggests that data protection does not need to be defended from the attack that it stifles business, but is justifiable for its assertion of fundamental rights. In conclusion, he shares the criticism of the European Commission's delegated and implementing powers and is concerned that the Regulation will be rushed to a conclusion for reasons of political ambition.     

Tort Law for Cynics

Tort scholars have in recent years defended a ‘traditional’ or ‘idealist’ view of tort law. In the context of negligence this implies that the holder of a duty of care must make an effort not to violate that duty. Idealists contrast this with a ‘cynical’ view that having a duty of care implies a legal requirement to pay damages for breach of that duty. This article defends the cynical view, arguing that it easily explains doctrines supposedly only explicable from an idealist perspective, and that many aspects of tort law are hard to reconcile with idealism. Empirical constraints often make idealism, even if it were desirable, unattainable, and cynicism is therefore the more honest view. The article argues that idealism is often undesirable, having costs, both pecuniary and non‐pecuniary, which are often ignored, and that therefore it is sometimes better if certain torts take place (and are compensated) than if they do not happen.     

Encryption safe harbours and data breach notification laws

Data breach notification laws require organisations to notify affected persons or regulatory authorities when an unauthorised acquisition of personal data occurs. Most laws provide a safe harbour to this obligation if acquired data has been encrypted. There are three types of safe harbour: an exemption; a rebuttable presumption and factor-based analysis. We demonstrate, using three condition-based scenarios, that the broad formulation of most encryption safe harbours is based on the flawed assumption that encryption is the silver bullet for personal information protection. We then contend that reliance upon an encryption safe harbour should be dependent upon a rigorous and competent risk-based review that is required on a case-by-case basis. Finally, we recommend the use of both an encryption safe harbour and a notification trigger as our preferred choice for a data breach notification regulatory framework.     

韩国的医师说明义务与患者知情同意权

医师的说明义务与患者的知情同意权是医疗关系的核心内容,并成为医疗责任认定的主要依据。韩国对于这一对权利义务关系的认识经历了从传统医疗模式向人道模式的转变,使得患者从医疗关系的客体转变为主体。这一转变不仅改变了患者的地位,更体现出法律的进步。然而,单纯强调患者的知情同意权将会导致医师实施保守治疗,因此,平衡医师的说明义务与患者知情同意权之间的关系显得尤为重要。     

Giving the reasonable patient a voice: information disclosure and the relevance of empirical evidence

In England the standard of risk disclosure required of doctors to avoid liability in negligence is governed by the Bolam test. The test is determined by what would be accepted as reasonable by the responsible doctor. Although able to lay down an independent standard, the courts have usually been guided by the medical expert's evidence. The judge's duty to scrutinise expert evidence was reaffirmed by the recent House of Lords ruling in Bolitho v City and Hackney HA. In Pearce v United Bristol Healthcare NHS Trust, Lord Woolf MR confirmed that this also applied to risk disclosure. Brazier & Miola argue that Pearce effectively introduces the prudent patient standard into English law. This paper examines that claim and considers whether it is justified by the Pearce judgment. The implications of Pearce are explored and, given the appeal to the concept of a material risk, I discuss the relevance of empirical research to determining the standard of disclosure. Finally, a small piece of empirical work is presented as an illustration of the pros and cons of such an approach and as a possible springboard for future research.     

The right not to know and coronary angiography: is the common law of Australia consistent with patients' wishes?

In "The Right Not to Know: Patient Autonomy or Medical Paternalism?" (2000) 7 JLM 286 Judy Gutman qualitatively examined the direction of the law relating to the duty of medical practitioners to disclose information to their patients about risks associated with medical treatment. Prompted by theoretical issues raised in that article, a quantitative study was performed. The study focused on the wishes of patients referred for coronary angiography regarding information about the risks inherent in that procedure. The results of the study contribute to the ongoing academic discussion about risk disclosure and consent to medical treatment and demonstrate a need for further empirical research in the area. The study also highlights the desirability of clinical medical practice conforming to the tenets of the common law and vice versa.     

利用未公开信息交易罪的认定

利用未公开信息交易罪具备自己独立的构成特征,与内幕交易、泄露内幕信息及背信等犯罪相似,但并不完全相同。利用未公开信息交易罪与职务侵占罪和非法经营同类营业罪及操纵证券、期货市场罪也有根本区别,其实质是一种基金工作人员利用职务上的便利知悉即将用客户资金投资购买证券的商业秘密而从事的违法交易行为。     

The European Union's approach to online behavioural advertising: Protecting individuals or restricting business?

The European Union (EU) has firmly set its stall out to protect individuals' data and privacy and has demonstrated this through the rejection of the old opt-out regime and the introduction of the new opt-in rules. These require businesses to obtain individual's prior and informed consent before their data are collected, stored and used for the purposes of online behavioural advertising (OBA). Individuals in the EU are afforded protection from the apparent dangers relating to data privacy and misuse that is associated with OBA, which is beyond the expectation of most Internet users. However, there are some criticisms levelled at the law that the EU has produced. Is simply gaining informed consent sufficient for protecting all types of information? Do certain types of information require a higher level of consent than others? Does the law fulfil its aim of protecting data subject's privacy and data? Is the current law restrictive to business? Do individuals know or care that their information is being collected for the purposes of targeted advertising and is there a better way to ensure that they do? Finally, will proposed new law to be found in the EU Data Protection Regulation solve any of these problems? This article will assess whether, as a policy decision, the EU's current approach has been too cautious in its attempts to protect individuals or restrict business.     

Big genetic data and its big data protection challenges

The use of various forms of big data have revolutionised scientific research. This includes research in the field of genetics in areas ranging from medical research to anthropology. Developments in this area have inter alia been characterised by the ability to sequence genome wide sequences (GWS) cheaply, the ability to share and combine with other forms of complimentary data and ever more powerful processing techniques that have become possible given tremendous increases in computing power. Given that many if not most of these techniques will make use of personal data it is necessary to take into account data protection law. This article looks at challenges for researchers that will be presented by the EU's General Data Protection Regulation, which will be in effect from May 2018. The very nature of research with big data in general and genetic data in particular means that in many instances compliance will be onerous, whilst in others it may even be difficult to envisage how compliance may be possible. Compliance concerns include issues relating to ‘purpose limitation’, ‘data minimisation’ and ‘storage limitation’. Other requirements, including the need to facilitate data subject rights and potentially conduct a Data Protection Impact Assessment (DPIA) may provide further complications for researchers. Further critical issues to consider include the choice of legal base: whether to opt for what is often seen as the ‘default option’ (i.e. consent) or to process under the so called ‘scientific research exception’. Each presents its own challenges (including the likely need to gain ethical approval) and opportunities that will have to be considered according to the particular context in question.     

《合同法》预期违约阻却机制之建构评析

预期违约成立后,可因法定事由而发生违约属性的消解,从而构成预期违约的违约阻却。我国《合同法》在经由不安抗辩权机制发生的特殊预期违约制度中设定了预期违约阻却机制,其机制设定模式缺乏严谨,体系亦欠完备,有待补充与完善。