Léim ar aghaidh chuig an bpríomhábhar
Gnáthamharc

Health Research Board

Dáil Éireann Debate, Tuesday - 7 July 2020

Tuesday, 7 July 2020

Ceisteanna (840)

Róisín Shortall

Ceist:

840. Deputy Róisín Shortall asked the Minister for Health further to Parliamentary Question No. 515 of 23 June 2020, if he is considering amending the health research regulations for the processing of personal data in emergency care situations; if so, if a commercial company retains ownership of a person's personal data until such a time as the person concerned has the capacity to give or refuse such consent; and if regulations are in place to prevent private companies using or transmitting this personal data until consent is obtained in these circumstances [14413/20]

Amharc ar fhreagra

Freagraí scríofa

It is my intention to amend the Health Research Regulations with regard to emergency care intervention in line with the answer given by the previous Minister for Health to Parliamentary Question No. 515 of 23 June 2020. The amendment has been the subject of consultation with the Data Protection Commission and those working in the emergency care area.

Data protection law does not deal with ownership of personal data. The General Data Protection Regulation, the Data Protection Act 2018 and the Health Research Regulations are concerned with data controllers -including joint data controllers- who determines the purposes and means of the processing of personal data.

The Health Research Regulations apply with equal force to public bodies and private sector commercial entities. The intended amendment in emergency care situations is limited, qualified and specific. It will make clear that it applies only in exceptional circumstances, where the principal purpose of the processing or further processing of the personal data by a controller is necessary for the provision of health care to an individual and to protect the vital interests of the individual, and where the individual is, by reason of his or her physical or mental incapacity, incapable of giving consent at that time.

In that very defined situation, the personal data may also be processed by the controller for a related health research purpose, where that health research has been approved by a research ethics committee.

In those circumstances, the requirement for explicit consent under the Health Research Regulations is not removed or waived but deferred until such time as the individual concerned has the capacity to give or refuse such consent and the hospital will be explicitly required to inform the individual as soon as practicable that the personal data is being processed for research. I intend to also ensure that the amendment will require the individual to be told of any persons that the data controller has shared his or her personal data with.

This amendment brings emergency care research in Ireland in line with the prevailing ethical and regulatory practices internationally and will provide consistency and clarity for all involved.

It is important to note that under GDPR and data protection law generally that the same rules and principles apply to the private commercial companies as apply to public bodies. When it comes to health research, the reality is that much health research in the EU, including Ireland, is collaborative between hospitals, academic institutions and industry. That collaboration is important as each partner brings a distinct value added to the research. All of them must comply with all legal requirements including data protection requirements and where they do not meet their data protection obligations it is a matter for the Data Protection Commission.

Barr
Roinn