National Regulations: Stage Two

The strategic objective in this stage was to describe and compare Member State regulation of research using genetic data and bio-banks, with particular reference to data protection, and to evaluate the relationship between regulation (including associated strategies of compliance) and the ethical needs of privacy. To establish in what ways, and to what extent, data protection regulations may be either consistent or inconsistent with, or insufficient for, the protection of identified ethical interests in privacy.

This stage consisted of three sub-objectives:

  1. To describe the distribution of both formal and informal genetic databases and bio-banks across the EU and EEA and to utilise and build upon existing available resources to generate an online accessible database describing, and allowing comparison of, regulation of research using genetic data and bio-banks across the EU and EEA. Particular attention has been paid to description and comparison of the circumstances in which research using genetic data and bio-banks (including that originally gathered from third parties) involved the use of personal data within the meaning of 95/46/EC as implemented throughout the EU and EEA.
  2. To describe and compare differences in methodological approach adopted throughout the EU and EEA by bio-banks and other researchers using genetic data to comply with regulatory requirements, including use of (particular methods of) anonymisation, and of (particular methods of) obtaining consent, (including when particular methods of anonymisation and consent are considered unnecessary,) evidenced by published material (studies, reports, web-sites, etc.), and assessing the extent to which they may be consistent with particular conceptions of privacy. Special notice has been taken of terminological differences obscuring similarities or differences in approach.
  3. To identify, discuss and describe the extent to which particular conceptions of privacy are immanent within, or consistent with, divergent regulatory approaches. In particular, to establish the extent to which particular regulatory approaches may support particular conceptions of privacy and the extent to which particular regulatory approaches may be in conflict with particular conceptions of privacy (recognising that the same regulatory approach may be, at the same time, supportive of one conception of privacy and in conflict with another).