Using EHRs to design drug repositioning trials: A devolved approach to data protection

One area where the application of data protection law has proven complex is in relation to the secondary usage of health data in EHRs for medical research. Here the tension between the privacy interests of patients and the risk of harm if such sensitive data are compromised, and on the other side, the potential societal value of utilizing the data for the benefit of medical science, is especially striking. In this paper, we consider the applicable provisions of the EU Data Protection Directive, and outline a general approach to patient data handling for research, which we believe to be compatible with relevant legal and ethical requirements. We then illustrate and apply this by reference to a specific EU FP7 project, involving EHR data processing to select patients for clinical pharmaceutical trials. After introducing the project (PONTE), we explain the ‘devolved’ data protection architecture it employs and provide a legal evaluation.     

Exploring the non-absolute nature of the right to data protection

In two recent judgements, the Court of Justice of the European Union stated that ‘The right to the protection of personal data is not, however, an absolute right, but must be considered in relation to its function in society’ (Eifert, para 48). This paper considers the ‘non-absolute’ nature of the right to data protection. Being a relatively new right, the boundaries of this right in the Charter are still somewhat unexplored. This paper considers five aspects that can be seen as setting boundaries to the otherwise absolute nature of the right to data protection: (a) consideration of the function of the right to data protection in society; (b) positive delimitations of the right that come from the formulation of the right (Article 8) in the Charter; (c) limitations on the right provided for in Article 52 of the Charter; (d) close connections with Article 7 of the Charter and Article 8 ECHR; and (e) the detailed provisions in current data protection secondary legislation and the future data protection regulation framework. Based on the reflections on each of these boundary-setting aspects, the paper argues that in spite of occasional vagueness and conflicting approaches of each of the aspects, understanding of the right to data protection has evolved since its first formulation in the Charter. There is a subtle and gradual distancing from the initial understanding of the close relationship with the right to private and family life. This gradual distancing is a positive development as the two have different foundations, scope and purposes. Yet it is only when both are taken together that the shared common objective of providing effective protection to citizens' personal and family life can be achieved.     

The 2013 CLSR-LSPI seminar on electronic identity: The global challenge – Presented at the 8th International Conference on Legal,Security and Privacy issues in IT Law (LSPI) November 11–15, 2013, Tilleke & Gibbins International Ltd., Bangkok,Thailand

We are the middle of a global identity crisis. New notions of identity are made possible in the online world where people eagerly share their personal data and leave ‘digital footprints’. Multiple, partial identities emerge distributed across cyberspace divorced from the physical person. The representation of personal characteristics in data sets, together with developing technologies and systems for identity management, in turn change how we are identified. Trustworthy means of electronic identification is now a key issue for business, governments and individuals in the fight against online identity crime. Yet, along with the increasing economic value of digital identity, there are also risks of identity misuse by organisations that mine large data sets for commercial purposes and in some cases by governments. Data proliferation and the non-transparency of processing practices make it impossible for the individual to track and police their use. Potential risks encompass not only threats to our privacy, but also knowledge-engineering that can falsify digital profiles attributed to us with harmful consequences. This panel session will address some of the big challenges around identity in the digital age and what they mean for policy and law (its regulation and protection). Questions for discussion include: What does identity mean today? What types of legal solutions are fit for purpose to protect modern identity interests? What rights, obligations and responsibilities should be associated with our digital identities? Should identity management be regulated and who should be held liable and for what? What should be the role of private and public sectors in identity assurance schemes? What are the global drivers of identity policies? How can due process be ensured where automated technologies affect the rights and concerns of citizens? How can individuals be more empowered to control their identity data and give informed consent to its use? How are biometrics and location-tracking devices used in body surveillance changing the identity landscape?     

The future of crime data

Criminology lacks sufficient data for many types of crime that are of great concern to society. This lack of data poses significant problems for determining whether resources are adequate for responding to these crimes or whether programmatic, legislative, or target-hardening efforts to prevent or reduce their occurrence are effective. Inadequate data about crime also produces a selective and incomplete narrative about crime that makes it easier for political and vested interests to exploit public concerns about crime for their own ends. In this address, I discuss what is needed to resolve these gaps and the ways in which criminologists can support a significant expansion of the crime data infrastructure. Such work is necessary to help ensure the future relevance of criminological research.     

商业数据权:数字时代的新型工业产权--工业产权的归入与权属界定三原则

商业数据界权包括确定其权利的性质和权利的归属。个人信息保护和数据安全法律体系的建成,为数据界权提供了新的逻辑起点和法律前提。数据界权首先应基于个人信息与数据、商业数据与公共数据等基本范畴的厘清。基于商业数据的固有性质以及工业产权的历史逻辑和制度内涵,商业数据与信息保护类工业产权具有深度的契合性,有必要将商业数据纳入工业产权序列,作为数字时代具有标志意义的一种新型工业产权,并可以成为与商业秘密相对称的商业数据权。商业数据界权需要确定商业数据的适格性--可保护条件。商业数据的适格性包括受保护数据的合法性、集合性、管理性、可公开性和商业价值性,即以合法形成的规模性数据集合为客体,并采取管理措施的可公开性技术数据和经营数据等信息。商业数据具有单一性、复合性和动态性,商业数据权暗含着所涉权利的分层性,其权属界定应当透过现象看本质,将复杂或者貌似复杂的问题简单化,遵循投入原则、分层原则和责任原则等三原则。     

疫情防控中妨害公务罪的法教义学解析

为了个人自由而抗拒防疫管控,是对国家公务活动正常秩序的公然侵犯,具有法益侵害性。对于妨害公务罪之"暴力、威胁",应结合其侵害法益、实务经验予以合理界定。参与疫情管控的基层工作人员能否作为妨害公务罪之对象,需根据司法解释的规定,紧扣从事疫情防控职权之公务性质深入分析。以暴力、威胁方法抗拒不当防疫措施的,因防疫执法之合法性丧失,不构成妨害公务罪。行为人对防疫执法行为合法性的认识错误,属于对构成要件的事实认识错误,阻却犯罪故意的成立。     

论政府数据开放的收费定价及其法律规制

政府数据在法律性质上具有财产的属性,在实践中也具有可交易性的特点,是一种财产性权利。政府数据开放具有渐进性、开放性、价值性、时效性、周期性、非买断性和再利用性的特点,根据不同的标准可对其作相应的类型化区分。政府对于开放的数据进行收费定价有其合理基础,在数据开放定价模式上则有免费模式、按成本费用定价模式以及按“成本+利润”定价模式。我国政府数据开放的定价收费问题,应置于行政收费的法制框架下讨论,基于公平、效率和量能支付等行政收费的基本原则,确立向社会公众免费开放、向市场主体的商业化利用有限收费的制度。作为减损公民财产利益的负担行为,政府数据开放收费定价应受到法律的严格规制。在确立政府数据开放的基本定价模式基础上,由立法来创设数据的收费定价,完善收费程序,加强对收费定价行为的行政内部监督机制建设,从而推动政府数据有序、规范开放。     

我国个人信息匿名化的法律标准与规则重塑

大数据时代,匿名化规范既是个人信息保护中风险预防的手段,也是我国数据经济发展中数字流通的法律基础,但匿名化的法律标准在我国法律中还有待明确。欧盟已通过《一般数据保护条例》提出明确的匿名化标准,但该条例基于流程设置的标准适用于欧盟境内尚可,适用于我国或显得过于严苛,有碍数字经济的发展。我国个人信息匿名化法律标准与规则的重塑应当考虑环境、再识别风险,建议进行功能性匿名化。将比例原则应用到我国匿名化法律标准和规则的重塑之中,并将其引入到评估匿名信息接收者的风险等级,有助于降低个人信息被再识别的风险亦有利于匿名化的法律标准制定和规则构建。     

寻找商业目标与公司合规之间的最大公约数

作为现代城市治理的题中应有之义,商业合规变得日益重要。除了外在讨论商业合规的传统视角,从公司内部视角讨论"在什么条件下"商业合规更容易、更可能实现的内在驱动机制,是一个十分关键的问题。两个研究小组围绕商业合规进行了全面分析,同时结合国内外商业合规研究的最新动向,探讨了如何建立商业合规的"高效认知界面",提出了一种公司更愿意合规的认知行为界面偏好的方法,改变以往强调商业合规的"硬干预"、"强干预"的窠臼,走向更为符合商业合规选择偏好的"软干预"、"弱干预"的范式。在此基础上,寻找到让赢利与合规目标之间达成最大公约数的具体实现方案。     

Situational factors and police use of force across micro-time intervals: A video systematic social observation and panel regression analysis

The current study analyzes police use of force as a series of time-bound transactions between officers, civilians, and bystanders. The research begins with a systematic social observation of use-of-force events recorded on police body-worn cameras in Newark, New Jersey. Researchers measure the occurrence and time stamps for numerous participant physical and verbal behaviors. Data are converted into a longitudinal panel format measuring all observed behaviors in 5-second intervals. Panel logistic regression models estimate the effect of each behavior on use of force in immediate and subsequent temporal periods. Findings indicate certain variables influence use of force at a distinct point in time, whereas others exert influence on use of force across multiple time periods. The most influential variables relate to authority maintenance theoretical constructs. This finding supports prior perspectives arguing that police use of force largely results from officer attempts to maintain constant authority over civilians during face-to-face encounters. Nonetheless, a range of additional variables reflecting procedural justice, civilian resistance, and bystander presence significantly affect when police use force during civilian encounters. Results provide nuance to theoretical frameworks considering use of force as resulting from the interplay between officer and civilian actions and reactions.