Melbourne Law School - Research Publications

Permanent URI for this collection

http://hdl.handle.net/11343/382

Filters

2018 - 2019 7
Reset filters

Settings
Statistics
Citations
Author: Taylor, Mark × End date: 2019 × Start date: 2018 × Type: Journal Article ×

Search Results

Now showing 1 - 7 of 7
  • Item
    Thumbnail Image
    Consent for Data Processing under the General Data Protection Regulation: Could ‘Dynamic Consent’ be a Useful Tool for Researchers?
    Prictor, M ; Teare, H ; Bell, J ; Taylor, M ; Kaye, J (Henry Stewart Publishing, 2019)
    The General Data Protection Regulation (GDPR) sets the bar high for consent for the processing of personal data. In the UK, researchers have been directed to rely on legal bases other than consent for processing personal data for research purposes. Informed consent, nonetheless, and despite certain shortcomings, holds a central position in ethical research practice, as well as at common law, and in a range of other legislation dealing with research involving humans. This paper evaluates the place of informed consent in research following the GDPR’s implementation, arguing that a fresh approach to consent — specifically the concept known as ‘dynamic consent’ — could provide a way for researchers to meet the new European regulatory requirements for data processing while adhering to the highest ethical standards for research conduct. It analyses dynamic consent according to specific GDPR requirements and reflects on practical examples that could inform future implementation of the approach, while remaining aware of the need for further empirical research.
  • Item
    Thumbnail Image
    Insight or Intrusion? Correlating Routinely Collected Employee Data with Health Risk
    Taylor, M ; Prictor, M (MDPI AG, 2019)
    The volume, variety and velocity of data available to companies about their employees is already significant and likely to increase. Employers hold data about employees that could be used to explore the relationship between workplace practice in their organisation and risks to employee health. However, there is significant uncertainty about whether employers subject to English law are permitted to use this data for this purpose, and even whether they may be under a legal obligation to do so. In this article, the question of whether employers are legally permitted or legally obliged to use employee data to identify associations between workplace practice and risk to employee health is answered through an analysis of two spheres of English Law: data protection law, and health and safety law. The authors establish a hypothetical case study concerning a company that wishes to use employee data in this way, to illuminate a set of detailed legal issues. In particular, the question of whether a reasonable and prudent employer is under an obligation under health and safety law to use the data and analytic tools at his or her disposal to assess risk and inform his or her actions is considered. Also addressed is the question of whether such processing would satisfy the data protection law principles of “lawful, fair, and transparent” processing and that of “purpose limitation”. A complex picture emerges. The analysis reveals that data protection legislation may not support a trend towards the re-use of employee data to enhance workplace health and safety; nor is there currently a clear mandate that responsible employers use data in this way. The line between useful insight into workplace practices and intrusion into employees’ privacy remains blurred.
  • Item
    Thumbnail Image
    Reasonable Expectations of Privacy and Disclosure of Health Data
    Taylor, M ; Wilson, J (Oxford University Press (OUP), 2019)
    The law of confidence allows for a range of defined circumstances in which confidential patient information (CPI) can be disclosed without breach of confidence—including statutory gateway and overriding public interest. Outside such circumstances, current guidance to health professionals (the ‘standard account’) assumes that CPI can only be lawfully disclosed with patient consent. This article argues that the standard account has not yet caught up with judgments, post the Human Rights Act 1998 coming into force, which have reinterpreted the law of confidence in the light of Article 8 of the European Convention on Human Rights. In particular, the article explains the significance of the concept of a ‘reasonable expectation of privacy’ to an action for breach of confidence and thus to legal liability for disclosure of health data. It argues that conformity with a reasonable expectation of privacy provides an alternative account for the lawful disclosure of CPI, and may provide a more sustainable and authentic approach to meeting obligations under the law of confidence than the standard account. The article concludes with recommendations for an evolution of the standard account in a way that could allow restatement of associated concepts (such as consent) free from particular pressure to bend them out of shape. The evolution proposed continues to bring to the fore the patient perspective and allows protection of their ‘reasonable expectations’ regarding uses of data collected about them rather than those of the profession.
  • Item
    Thumbnail Image
    Big Data and Employee Wellbeing: Walking the Tightrope between Utopia and Dystopia
    Axtell, C ; Taylor, M ; Wessels, B (MDPI AG, 2019)
    This special issue was inspired by an Economic & Social Research Council funded seminar series that explored the possibilities for using Big Data and data analytics for assessing health and wellbeing risks within organisations. The aim of this special issue was to build on some of the themes developed in the seminar series and draw together and update some key insights from different disciplinary perspectives on the opportunities, challenges and lessons that could be applied in this area. This editorial, therefore, draws together the findings and themes from the submitted papers and interprets these in light of the findings from the seminar series.
  • Item
    Thumbnail Image
    Using and Disclosing Confidential Patient Information and the English Common Law: What are the Information Requirements of a Valid Consent?
    Chico, V ; Taylor, MJ (Oxford University Press (OUP), 2018)
    The National Health Service in England and Wales is dependent upon the flow of confidential patient data. In the context of consent to the use of patient health data, insistence on the requirements of an ‘informed’ consent that are difficult to achieve will drive reliance on alternatives to consent. Here we argue that one can obtain a valid consent to the disclosure of confidential patient data, such that this disclosure would not amount to a breach of the common law duty of confidentiality, having provided less information than would typically be associated with an ‘informed consent’. This position protects consent as a practicable legal basis for disclosure from debilitating uncertainty or impracticability and, perhaps counter-intuitively, promotes patient autonomy.
  • Item
    Thumbnail Image
    When Can the Child Speak for Herself? The Limits of Parental Consent in Data Protection Law for Health Research
    Taylor, M ; Dove, ES ; Laurie, G ; Townend, D (Oxford University Press (OUP), 2018)
    Draft regulatory guidance suggests that if the processing of a child’s personal data begins with the consent of a parent, then there is a need to find and defend an enduring consent through the child’s growing capacity and on to their maturity. We consider the implications for health research of the UK Information Commissioner’s Office’s (ICO) suggestion that the relevant test for maturity is the Gillick test, originally developed in the context of medical treatment. Noting the significance of the welfare principle to this test, we examine the implications for the responsibilities of a parent to act as proxy for their child. We argue, contrary to draft ICO guidance, that a data controller might legitimately continue to rely upon parental consent as a legal basis for processing after a child is old enough to provide her own consent. Nevertheless, we conclude that data controllers should develop strategies to seek fresh consent from children as soon as practicable after the data controller has reason to believe they are mature enough to consent independently. Techniques for effective communication, recommended to address challenges associated with Big Data analytics, might have a role here in addressing the dynamic relationship between data subject and processing. Ultimately, we suggest that fair and lawful processing of a child’s data will be dependent upon data controllers taking seriously the truism that con-sent is ongoing, rather than a one-time event: the core associated responsibility is to continue to communicate with a data subject regarding the processing of personal data.
  • Item
    Thumbnail Image
    United Kingdom: transfers of genomic data to third countries
    Taylor, MJ ; Wallace, SE ; Prictor, M (SPRINGER, 2018-08)
    In the United Kingdom (UK), transfer of genomic data to third countries is regulated by data protection legislation. This is a composite of domestic and European Union (EU) law, with EU law to be adopted as domestic law when Brexit takes place. In this paper we consider the content of data protection legislation and the likely impact of Brexit on transfers of genomic data from the UK to other countries. We examine the advice by regulators not to rely upon consent as a lawful basis for processing under data protection law, at least not when personal data are used for research purposes, and consider some of the other ways in which the research context can qualify an individual's ability to exercise control over processing operations. We explain how the process of pseudonymization is to be understood in the context of transfer of genomic data to third parties, as well as how adequacy of data protection in a third country is to be determined in general terms. We conclude with reflections on the future direction of UK data protection law post Brexit with the reclassification of the UK itself as a third country.