Melbourne Law School - Research Publications
Permanent URI for this collection
Search Results
1 - 7 of 7
-
ItemProtecting Privacy in India: The Roles of Consent and Fairness in Data Protection(National Law School of India University, 2020)The Indian Personal Data Protection Bill 2019 provides a unique approach to balancing the elements of individual consent and fairness-based limitations that are used in data protection regimes in other parts of the world. Drawing on the fundamental values and interests recognised in KS Puttaswamy v. Union of India (2017) and the report of the Committee of Experts, the Bill requires consent of the data subject to data processing, and puts in place standards that consent must meet to be more than a forced formality. Its novelty lies in also proposing substantive obligations of fair and reasonable data processing, and by making organisations responsible, as statutory ‘data fiduciaries’, for complying with obligations protecting the interests of the data subject. The requirement that processing be fair, also written into European data protection law, is an opportunity to put data controllers under an obligation to protect the interests of data subjects. Data processing ought not to have a negative impact upon an individual’s interests, values and freedoms disproportionate to their positive gains. If robustly interpreted and applied, this could be an effective protection against the shortcomings of consent as a safeguard for protecting individual interests. European data protection law has yet to fully embrace this opportunity. If it did, then there would be less pressure to ensure a data subject’s consent meets ideal standards of ‘free and informed’, which is increasingly unrealistic in a modern information society. Considering the merits of these different approaches, with different degrees of relative emphasis upon individual consent and objective tests of fairness, prompts reflection upon the proper function of privacy and data protection legislation within society. Is it purely to enable individual expressions of informational self-determination — irrespective of whether the deal done is a good one? Or does data protection law also have a role in expressing community expectations by promoting norms and standards of fair dealing that are conducive to individual well-being and to civil society as a whole?
-
ItemSIGNALLING STANDARDS FOR PROGRESS: BRIDGING THE DIVIDE BETWEEN A VALID CONSENT TO USE PATIENT DATA UNDER DATA PROTECTION LAW AND THE COMMON LAW DUTY OF CONFIDENTIALITY(OXFORD UNIV PRESS, 2021-10-08)In this article, we analyse the legal components of disclosing confidential patient information under the UK's common law duty of confidentiality (CLDoC) and processing personal (health) data under the UK's General Data Protection Regulation (GDPR) and Data Protection Act 2018. We describe the ostensible divide between the CLDoC and data protection law when it comes to the requirements of a valid signal of consent by a patient to use and disclose patient information, obtained by a health professional in the context of direct care, for health care and health research purposes. Ultimately, our analysis suggests that we are saddled, at least in the medium term, with two regimes operating with different standards of a valid consent-while putatively protecting similar interests. There is, however, opportunity for progress. It is possible to improve professional guidance on the interaction between the regimes and to achieve significant normative alignment without aligning the signalling standard for consent; this would promote consistent protection of reasonable expectations of patients across both regimes. Further coherence would require aligning not only the standard, but also the role played by consent under each regime. Here we argue that, in relation to direct care, any such shift should be away from consent as the normal justification. In relation to health research, on the contrary, it should be toward consent as the normal justification for use and disclosure of patient information under both the CLDoC and data protection law.
-
ItemClinical Decision Support Systems and Medico-Legal Liability in Recall and Treatment: A Fresh Examination(Thomson Reuters, 2020)Clinical decision support systems (CDSSs) provide a valuable tool for clinicians to aid in the care of patients with chronic disease. Various questions have emerged about their implications for the doctor’s legal duty of care to their patients, in terms of recognition of risk, recall, testing and treatment. In this article, through an analysis of Australian legislation and international case law, we address these questions, considering the potential impact of CDSSs on doctors’ liability in negligence. We conclude that the appropriate use of a well-designed CDSS should minimise, rather than heighten, doctor’s potential liability. It should support optimal patient care without diminishing the capacity of the doctor to make individualised decisions about recall, testing and treatment for each patient. We foreshadow that in the future doctors in Australia may have a duty to use available well-established software systems in patient care.
-
ItemPulling Together or Pulling Apart: Opportunities for Privacy in a Pandemic?(QUEENSLAND UNIV TECHNOLOGY, 2021)This set of articles in this special issue illustrate a number of ways that the realities of a global pandemic may challenge different perspectives on privacy protection and the appropriate relationship with other rights and responsibilities. They arose from a virtual roundtable, held on 15 June 2020 at Melbourne Law School, under the aegis of the Privacy and Pandemics Information Network. The network was formed as a rapid response to the overwhelming number of privacy issues being raised almost simultaneously by, or as a result of, the various government and private actor attempts to deal with COVID-19 in Australia and around the world.
-
ItemTowards optimising chronic kidney disease detection and management in primary care: Underlying theory and protocol for technology development using an Integrated Knowledge Translation approach(SAGE PUBLICATIONS INC, 2021)Worldwide, Chronic Kidney Disease (CKD), directly or indirectly, causes more than 2.4 million deaths annually with symptoms generally presenting late in the disease course. Clinical guidelines support the early identification and treatment of CKD to delay progression and improve clinical outcomes. This paper reports the protocol for the codesign, implementation and evaluation of a technological platform called Future Health Today (FHT), a software program that aims to optimise early detection and management of CKD in general practice. FHT aims to optimise clinical decision making and reduce practice variation by translating evidence into practice in real time and as a part of quality improvement activities. This protocol describes the co-design and plans for implementation and evaluation of FHT in two general practices invited to test the prototype over 12 months. Service design thinking has informed the design phase and mixed methods will evaluate outcomes following implementation of FHT. Through systematic application of co-design with service users, clinicians and digital technologists, FHT attempts to avoid the pitfalls of past studies that have failed to accommodate the complex requirements and dynamics that can arise between researchers and service users and improve chronic disease management through use of health information technology.
-
ItemPublic Interest, Health Research and Data Protection Law: Establishing a Legitimate Trade-Off between Individual Control and Research Access to Health Data(MDPI AG, 2020)The United Kingdom’s Data Protection Act 2018 introduces a new public interest test applicable to the research processing of personal health data. The need for interpretation and application of this new safeguard creates a further opportunity to craft a health data governance landscape deserving of public trust and confidence. At the minimum, to constitute a positive contribution, the new test must be capable of distinguishing between instances of health research that are in the public interest, from those that are not, in a meaningful, predictable and reproducible manner. In this article, we derive from the literature on theories of public interest a concept of public interest capable of supporting such a test. Its application can defend the position under data protection law that allows a legal route through to processing personal health data for research purposes that does not require individual consent. However, its adoption would also entail that the public interest test in the 2018 Act could only be met if all practicable steps are taken to maximise preservation of individual control over the use of personal health data for research purposes. This would require that consent is sought where practicable and objection respected in almost all circumstances. Importantly, we suggest that an advantage of relying upon this concept of the public interest, to ground the test introduced by the 2018 Act, is that it may work to promote the social legitimacy of data protection legislation and the research processing that it authorises without individual consent (and occasionally in the face of explicit objection).
-
ItemReasonable Expectations of Privacy and Disclosure of Health Data(Oxford University Press (OUP), 2020)In one prominent case, Royal Free London NHS Foundation Trust shared the records of 1.6 million NHS patients with DeepMind for the development and testing of an App for detecting acute kidney injury, it argued, on the basis of implied consent for direct care. This was despite the fact that at the time that the data was shared, no steps were taken to make patients aware of this fact, and that only a small percentage of the 1.6 million patients would ever develop an acute kidney injury.