Next week, I will be presenting a talk to a fairly large group of people who are involved in performing clinical trials to advance our health care. When I was invited to speak, I was excited about it for several reasons.
First, I think the professionals that do ethical research using health-related data have, maybe unknowingly, plowed a path for us privacy professionals. I distinctly see a trend in privacy where the question to ask is not “can we,” but instead, “should we?”
The world of ethical research using health data has long been a proponent of vetting research plans through an ethical review board. The idea is that you are not always going to have consent — though consent is still an important factor in many situations — but that you ought to be able to advance legitimate interests if it is ethical to do so. If you can prove accountability and the good that will result from processing data, then it is permitted.
In Europe, they have borrowed from this concept in their newest generation of data protection law. Sure, consent still plays an important role, but it’s not the answer to each and every situation. Sometimes, doing the right thing, the ethical thing, means the processing of personal information, even without consent.
I’m looking forward to the event next week because I think the audience will teach me about ethical uses of data as much as I will teach them about how privacy in research can be an enabler, not a barrier, if done properly.
If you want to comment on this post, you need to login.