Centre for Research Ethics & Bioethics (CRB)

Managing data protection in practice – Swedish perspectives

2016-09-26

The legislative process regarding the General Data Protection Regulation (GDPR) is closed within the European Union as the Regulation was decided in April this year. The activity at the Government Offices of Sweden has, however, not ceased. Here, Anna-Sara Lind gives us her view on the consequences for Sweden.

Anna-Sara Lind, Associate Professor of Public LawProcessing of personal data in research will, as we have seen earlier in this Newsletter, continue to be allowed. But to what extent and under what circumstances? What new limitations can arise?

The Swedish Government is determined to investigate the boundaries of data protection and has appointed several commissions of inquiry. Until the end of 2017, at least five extensive inquiries have been asked to do thorough analysis, and their reports will have great impact on research and health care. The Data Protection Inquiry will suggest the general framework needed for Swedish law to comply with the GDPR. As this inquiry has a broad and general mission, there are also other inquires appointed. One has been tasked with suggesting complementary rules on processing of personal data for research purposes. This mission is highly relevant as the GDPR to some extent leaves some leeway for national legislation. Research as a practice is also the center of attention in another inquiry that studies the rules relating to research, ethics and clinical research and health care.  As the GDPR is broadly construed and has effects for research, also this inquiry needs to take it into account.

The instructions to the inquiry regarding human tissues and biobank rules highlight the need to investigate what the consequences will be when the GDPR enters into force. This must be taken into account when writing a new Biobank Act. In addition, there is another special inquiry analyzing how processing of personal data should be carried out, and how to adapt the rules relating to the field of the Ministry of Health and Social Affairs.
To conclude, the Chancellor of Justice has been given the task to suggest how the protection of personal integrity can be strengthened in Sweden. One question that she is investigating (at the time of writing) is how to best task a new agency with supervising some or all processing of personal data. The GDPR puts higher demands on such an authority and Sweden needs to be prepared in order to comply with the Regulation. The report will be presented when this Newsletter goes to print.

The Government has clearly shown its commitment to solving several of the questions that are vaguely or poorly addressed in Swedish law today. We will of course continue to follow how the legal settings of health and biobank research. evolve in the next phase.

By Anna-Sara Lind

More news from CRB