Melbourne Law School - Research Publications

Permanent URI for this collection

http://hdl.handle.net/11343/382

Filters

2014 - 2019 9 2020 - 2023 8
Reset filters

Settings
Statistics
Citations
Author: Taylor, Mark × Start date: 2000 × Type: Journal Article ×

Search Results

Now showing 1 - 10 of 17
  • Item
    Thumbnail Image
    Protection of genomic data and the Australian Privacy Act: when are genomic data 'personal information'?
    Paltiel, M ; Taylor, M ; Newson, A (Oxford University Press, 2023-02-01)
    Key Points • Personal information’, protected under the Australian Privacy Act 1988 (Cth), is ‘about an identified individual or an individual who is reasonably identifiable’ (S.6), so the legal assessment of ‘identifiability’ shapes the protection of genomic data under the Privacy Act. • Not all genomic data are captured by the statutory definitions of ‘genetic information’ in the Privacy Act; however, genomic data that do not fit the definition may still be protected if they are about an identifiable individual. • In applying the legal test of identifiability to genomic data, the interaction between the data and the data environment must be examined. Overemphasis on particular features of genomic data, such as ‘rareness’ or ‘uniqueness’, may lead to a misapplication of the Privacy Act. • Whether genomic data are personal information is primarily a matter of the opportunities and likelihood of linking the genomic data in question with other data available in the data environment.
  • Item
    Thumbnail Image
    Protecting Privacy in India: The Roles of Consent and Fairness in Data Protection
    Paterson, J ; Taylor, MJ (National Law School of India University, 2020)
    The Indian Personal Data Protection Bill 2019 provides a unique approach to balancing the elements of individual consent and fairness-based limitations that are used in data protection regimes in other parts of the world. Drawing on the fundamental values and interests recognised in KS Puttaswamy v. Union of India (2017) and the report of the Committee of Experts, the Bill requires consent of the data subject to data processing, and puts in place standards that consent must meet to be more than a forced formality. Its novelty lies in also proposing substantive obligations of fair and reasonable data processing, and by making organisations responsible, as statutory ‘data fiduciaries’, for complying with obligations protecting the interests of the data subject. The requirement that processing be fair, also written into European data protection law, is an opportunity to put data controllers under an obligation to protect the interests of data subjects. Data processing ought not to have a negative impact upon an individual’s interests, values and freedoms disproportionate to their positive gains. If robustly interpreted and applied, this could be an effective protection against the shortcomings of consent as a safeguard for protecting individual interests. European data protection law has yet to fully embrace this opportunity. If it did, then there would be less pressure to ensure a data subject’s consent meets ideal standards of ‘free and informed’, which is increasingly unrealistic in a modern information society. Considering the merits of these different approaches, with different degrees of relative emphasis upon individual consent and objective tests of fairness, prompts reflection upon the proper function of privacy and data protection legislation within society. Is it purely to enable individual expressions of informational self-determination — irrespective of whether the deal done is a good one? Or does data protection law also have a role in expressing community expectations by promoting norms and standards of fair dealing that are conducive to individual well-being and to civil society as a whole?
  • Item
    Thumbnail Image
    SIGNALLING STANDARDS FOR PROGRESS: BRIDGING THE DIVIDE BETWEEN A VALID CONSENT TO USE PATIENT DATA UNDER DATA PROTECTION LAW AND THE COMMON LAW DUTY OF CONFIDENTIALITY
    Dove, ES ; Taylor, MJ (OXFORD UNIV PRESS, 2021-10-08)
    In this article, we analyse the legal components of disclosing confidential patient information under the UK's common law duty of confidentiality (CLDoC) and processing personal (health) data under the UK's General Data Protection Regulation (GDPR) and Data Protection Act 2018. We describe the ostensible divide between the CLDoC and data protection law when it comes to the requirements of a valid signal of consent by a patient to use and disclose patient information, obtained by a health professional in the context of direct care, for health care and health research purposes. Ultimately, our analysis suggests that we are saddled, at least in the medium term, with two regimes operating with different standards of a valid consent-while putatively protecting similar interests. There is, however, opportunity for progress. It is possible to improve professional guidance on the interaction between the regimes and to achieve significant normative alignment without aligning the signalling standard for consent; this would promote consistent protection of reasonable expectations of patients across both regimes. Further coherence would require aligning not only the standard, but also the role played by consent under each regime. Here we argue that, in relation to direct care, any such shift should be away from consent as the normal justification. In relation to health research, on the contrary, it should be toward consent as the normal justification for use and disclosure of patient information under both the CLDoC and data protection law.
  • Item
    Thumbnail Image
    Consent for Data Processing under the General Data Protection Regulation: Could ‘Dynamic Consent’ be a Useful Tool for Researchers?
    Prictor, M ; Teare, H ; Bell, J ; Taylor, M ; Kaye, J (Henry Stewart Publishing, 2019)
    The General Data Protection Regulation (GDPR) sets the bar high for consent for the processing of personal data. In the UK, researchers have been directed to rely on legal bases other than consent for processing personal data for research purposes. Informed consent, nonetheless, and despite certain shortcomings, holds a central position in ethical research practice, as well as at common law, and in a range of other legislation dealing with research involving humans. This paper evaluates the place of informed consent in research following the GDPR’s implementation, arguing that a fresh approach to consent — specifically the concept known as ‘dynamic consent’ — could provide a way for researchers to meet the new European regulatory requirements for data processing while adhering to the highest ethical standards for research conduct. It analyses dynamic consent according to specific GDPR requirements and reflects on practical examples that could inform future implementation of the approach, while remaining aware of the need for further empirical research.
  • Item
    Thumbnail Image
    Clinical Decision Support Systems and Medico-Legal Liability in Recall and Treatment: A Fresh Examination
    Prictor, M ; Taylor, M ; Kaye, J ; Emery, J ; Nelson, C ; Manski-Nankervis, J (Thomson Reuters, 2020)
    Clinical decision support systems (CDSSs) provide a valuable tool for clinicians to aid in the care of patients with chronic disease. Various questions have emerged about their implications for the doctor’s legal duty of care to their patients, in terms of recognition of risk, recall, testing and treatment. In this article, through an analysis of Australian legislation and international case law, we address these questions, considering the potential impact of CDSSs on doctors’ liability in negligence. We conclude that the appropriate use of a well-designed CDSS should minimise, rather than heighten, doctor’s potential liability. It should support optimal patient care without diminishing the capacity of the doctor to make individualised decisions about recall, testing and treatment for each patient. We foreshadow that in the future doctors in Australia may have a duty to use available well-established software systems in patient care.
  • Item
    Thumbnail Image
    Pulling Together or Pulling Apart: Opportunities for Privacy in a Pandemic?
    Taylor, M ; Richardson, M ; Steele, S (QUEENSLAND UNIV TECHNOLOGY, 2021)
    This set of articles in this special issue illustrate a number of ways that the realities of a global pandemic may challenge different perspectives on privacy protection and the appropriate relationship with other rights and responsibilities. They arose from a virtual roundtable, held on 15 June 2020 at Melbourne Law School, under the aegis of the Privacy and Pandemics Information Network. The network was formed as a rapid response to the overwhelming number of privacy issues being raised almost simultaneously by, or as a result of, the various government and private actor attempts to deal with COVID-19 in Australia and around the world.       
  • Item
    Thumbnail Image
    Towards optimising chronic kidney disease detection and management in primary care: Underlying theory and protocol for technology development using an Integrated Knowledge Translation approach
    Manski-Nankervis, J-A ; Alexander, K ; Biezen, R ; Jones, J ; Hunter, B ; Emery, J ; Lumsden, N ; Boyle, D ; Gunn, J ; McMorrow, R ; Prictor, M ; Taylor, M ; Hallinan, C ; Chondros, P ; Janus, E ; McIntosh, J ; Nelson, C (SAGE PUBLICATIONS INC, 2021)
    Worldwide, Chronic Kidney Disease (CKD), directly or indirectly, causes more than 2.4 million deaths annually with symptoms generally presenting late in the disease course. Clinical guidelines support the early identification and treatment of CKD to delay progression and improve clinical outcomes. This paper reports the protocol for the codesign, implementation and evaluation of a technological platform called Future Health Today (FHT), a software program that aims to optimise early detection and management of CKD in general practice. FHT aims to optimise clinical decision making and reduce practice variation by translating evidence into practice in real time and as a part of quality improvement activities. This protocol describes the co-design and plans for implementation and evaluation of FHT in two general practices invited to test the prototype over 12 months. Service design thinking has informed the design phase and mixed methods will evaluate outcomes following implementation of FHT. Through systematic application of co-design with service users, clinicians and digital technologists, FHT attempts to avoid the pitfalls of past studies that have failed to accommodate the complex requirements and dynamics that can arise between researchers and service users and improve chronic disease management through use of health information technology.
  • Item
    Thumbnail Image
    Insight or Intrusion? Correlating Routinely Collected Employee Data with Health Risk
    Taylor, M ; Prictor, M (MDPI AG, 2019)
    The volume, variety and velocity of data available to companies about their employees is already significant and likely to increase. Employers hold data about employees that could be used to explore the relationship between workplace practice in their organisation and risks to employee health. However, there is significant uncertainty about whether employers subject to English law are permitted to use this data for this purpose, and even whether they may be under a legal obligation to do so. In this article, the question of whether employers are legally permitted or legally obliged to use employee data to identify associations between workplace practice and risk to employee health is answered through an analysis of two spheres of English Law: data protection law, and health and safety law. The authors establish a hypothetical case study concerning a company that wishes to use employee data in this way, to illuminate a set of detailed legal issues. In particular, the question of whether a reasonable and prudent employer is under an obligation under health and safety law to use the data and analytic tools at his or her disposal to assess risk and inform his or her actions is considered. Also addressed is the question of whether such processing would satisfy the data protection law principles of “lawful, fair, and transparent” processing and that of “purpose limitation”. A complex picture emerges. The analysis reveals that data protection legislation may not support a trend towards the re-use of employee data to enhance workplace health and safety; nor is there currently a clear mandate that responsible employers use data in this way. The line between useful insight into workplace practices and intrusion into employees’ privacy remains blurred.
  • Item
    No Preview Available
    Health research access to personal confidential data in England and Wales: assessing any gap in public attitude between preferable and acceptable models of consent.
    Taylor, MJ ; Taylor, N (Springer Science and Business Media LLC, 2014-12)
    England and Wales are moving toward a model of 'opt out' for use of personal confidential data in health research. Existing research does not make clear how acceptable this move is to the public. While people are typically supportive of health research, when asked to describe the ideal level of control there is a marked lack of consensus over the preferred model of consent (e.g. explicit consent, opt out etc.). This study sought to investigate a relatively unexplored difference between the consent model that people prefer and that which they are willing to accept. It also sought to explore any reasons for such acceptance.A mixed methods approach was used to gather data, incorporating a structured questionnaire and in-depth focus group discussions led by an external facilitator. The sampling strategy was designed to recruit people with different involvement in the NHS but typically with experience of NHS services. Three separate focus groups were carried out over three consecutive days.The central finding is that people are typically willing to accept models of consent other than that which they would prefer. Such acceptance is typically conditional upon a number of factors, including: security and confidentiality, no inappropriate commercialisation or detrimental use, transparency, independent overview, the ability to object to any processing considered to be inappropriate or particularly sensitive.This study suggests that most people would find research use without the possibility of objection to be unacceptable. However, the study also suggests that people who would prefer to be asked explicitly before data were used for purposes beyond direct care may be willing to accept an opt out model of consent if the reasons for not seeking explicit consent are accessible to them and they trust that data is only going to be used under conditions, and with safeguards, that they would consider to be acceptable even if not preferable.
  • Item
    Thumbnail Image
    Public Interest, Health Research and Data Protection Law: Establishing a Legitimate Trade-Off between Individual Control and Research Access to Health Data
    Taylor, M ; Whitton, T (MDPI AG, 2020)
    The United Kingdom’s Data Protection Act 2018 introduces a new public interest test applicable to the research processing of personal health data. The need for interpretation and application of this new safeguard creates a further opportunity to craft a health data governance landscape deserving of public trust and confidence. At the minimum, to constitute a positive contribution, the new test must be capable of distinguishing between instances of health research that are in the public interest, from those that are not, in a meaningful, predictable and reproducible manner. In this article, we derive from the literature on theories of public interest a concept of public interest capable of supporting such a test. Its application can defend the position under data protection law that allows a legal route through to processing personal health data for research purposes that does not require individual consent. However, its adoption would also entail that the public interest test in the 2018 Act could only be met if all practicable steps are taken to maximise preservation of individual control over the use of personal health data for research purposes. This would require that consent is sought where practicable and objection respected in almost all circumstances. Importantly, we suggest that an advantage of relying upon this concept of the public interest, to ground the test introduced by the 2018 Act, is that it may work to promote the social legitimacy of data protection legislation and the research processing that it authorises without individual consent (and occasionally in the face of explicit objection).