Melbourne Law School - Research Publications

Permanent URI for this collection

http://hdl.handle.net/11343/382

Filters

2018 - 2019 3
Reset filters

Settings
Statistics
Citations
Author: Prictor, Megan × Author: Taylor, Mark × End date: 2019 × Start date: 2018 × Type: Journal Article ×

Search Results

Now showing 1 - 3 of 3
  • Item
    Thumbnail Image
    Consent for Data Processing under the General Data Protection Regulation: Could ‘Dynamic Consent’ be a Useful Tool for Researchers?
    Prictor, M ; Teare, H ; Bell, J ; Taylor, M ; Kaye, J (Henry Stewart Publishing, 2019)
    The General Data Protection Regulation (GDPR) sets the bar high for consent for the processing of personal data. In the UK, researchers have been directed to rely on legal bases other than consent for processing personal data for research purposes. Informed consent, nonetheless, and despite certain shortcomings, holds a central position in ethical research practice, as well as at common law, and in a range of other legislation dealing with research involving humans. This paper evaluates the place of informed consent in research following the GDPR’s implementation, arguing that a fresh approach to consent — specifically the concept known as ‘dynamic consent’ — could provide a way for researchers to meet the new European regulatory requirements for data processing while adhering to the highest ethical standards for research conduct. It analyses dynamic consent according to specific GDPR requirements and reflects on practical examples that could inform future implementation of the approach, while remaining aware of the need for further empirical research.
  • Item
    Thumbnail Image
    Insight or Intrusion? Correlating Routinely Collected Employee Data with Health Risk
    Taylor, M ; Prictor, M (MDPI AG, 2019)
    The volume, variety and velocity of data available to companies about their employees is already significant and likely to increase. Employers hold data about employees that could be used to explore the relationship between workplace practice in their organisation and risks to employee health. However, there is significant uncertainty about whether employers subject to English law are permitted to use this data for this purpose, and even whether they may be under a legal obligation to do so. In this article, the question of whether employers are legally permitted or legally obliged to use employee data to identify associations between workplace practice and risk to employee health is answered through an analysis of two spheres of English Law: data protection law, and health and safety law. The authors establish a hypothetical case study concerning a company that wishes to use employee data in this way, to illuminate a set of detailed legal issues. In particular, the question of whether a reasonable and prudent employer is under an obligation under health and safety law to use the data and analytic tools at his or her disposal to assess risk and inform his or her actions is considered. Also addressed is the question of whether such processing would satisfy the data protection law principles of “lawful, fair, and transparent” processing and that of “purpose limitation”. A complex picture emerges. The analysis reveals that data protection legislation may not support a trend towards the re-use of employee data to enhance workplace health and safety; nor is there currently a clear mandate that responsible employers use data in this way. The line between useful insight into workplace practices and intrusion into employees’ privacy remains blurred.
  • Item
    Thumbnail Image
    United Kingdom: transfers of genomic data to third countries
    Taylor, MJ ; Wallace, SE ; Prictor, M (SPRINGER, 2018-08)
    In the United Kingdom (UK), transfer of genomic data to third countries is regulated by data protection legislation. This is a composite of domestic and European Union (EU) law, with EU law to be adopted as domestic law when Brexit takes place. In this paper we consider the content of data protection legislation and the likely impact of Brexit on transfers of genomic data from the UK to other countries. We examine the advice by regulators not to rely upon consent as a lawful basis for processing under data protection law, at least not when personal data are used for research purposes, and consider some of the other ways in which the research context can qualify an individual's ability to exercise control over processing operations. We explain how the process of pseudonymization is to be understood in the context of transfer of genomic data to third parties, as well as how adequacy of data protection in a third country is to be determined in general terms. We conclude with reflections on the future direction of UK data protection law post Brexit with the reclassification of the UK itself as a third country.