Your search keyword '"Kathleen Liddell"' showing total 5 results

1. Patient data ownership: who owns your health?

Author

David Simon, Kathleen Liddell, Anneke Lucassen, Lucassen, Anneke [0000-0003-3324-4338], and Apollo - University of Cambridge Repository

Subjects

property, Property (philosophy), AcademicSubjects/SCI01050, media_common.quotation_subject, Perspective (graphical), Interoperability, digital health, Medicine (miscellaneous), ownership, ComputingMilieux_LEGALASPECTSOFCOMPUTING, health, Intellectual property, information and data, Biochemistry, Genetics and Molecular Biology (miscellaneous), Digital health, Property rights, Service (economics), AcademicSubjects/LAW00490, Original Article, consent, Business, Set (psychology), Law, Law and economics, media_common

Abstract

This article answers two questions from the perspective of United Kingdom law and policy: (i) is health information property? and (ii) should it be? We argue that special features of health information make it unsuitable for conferral of property rights without an extensive system of data-specific rules, like those that govern intellectual property. Additionally, we argue that even if an extensive set of rules were developed, the advantages of a property framework to govern health information would be slight: propertization is unlikely to enhance patient self-determination, increase market efficiency, provide patients a foothold in the data economy, clarify legal uses of information, or encourage data-driven innovation. The better approach is to rely less, not more, on property. We recommend a regulatory model with four signature features: (i) substantial protection for personal health data similar to the GDPR with transparent limits on how, when, and by whom patient data can be accessed, used, and transmitted; (ii) input from relevant stakeholders; (iii) interoperability; and (iv) greater research into a health-data service, rather than goods, model.

Published

2021

2. An empirical study of large, human biobanks: intellectual property policies and financial conditions for access

Author

John Liddicoat, Kathleen Liddell, Matthew R. Jordan, Liddicoat, John [0000-0001-7370-3936], and Apollo - University of Cambridge Repository

Subjects

licensing, march-in, reach-through, AcademicSubjects/SCI01050, business.industry, Internet privacy, Medicine (miscellaneous), Foundation (evidence), Face (sociological concept), ComputingMilieux_LEGALASPECTSOFCOMPUTING, Intellectual property, Business model, intellectual property, Biochemistry, Genetics and Molecular Biology (miscellaneous), Biobank, Variety (cybernetics), Empirical research, biobanks, AcademicSubjects/LAW00490, Original Article, Business, grant-back, Law, Bespoke

Abstract

Biobanks are repositories that collect, store and distribute large quantities of biological samples and associated data (collectively called biobank `material'). Although biobanks have different modes of operation, all face a variety of similar challenges. Some of these challenges, such as donor consent and privacy, have been rigorously debated, but comparatively less attention has been paid to biobanks' intellectual property (IP) practices. IP rights (particularly patents) are integral to the translation of research into clinically relevant outcomes and, therefore, are key features in the business models of many biobanks. As a foundation for such research, commentators have identified five IP clauses of interest: (i) non-obstruction clauses; (ii) march-in clauses; (iii) grant-back clauses; (iv) return-of-results clauses and (v) reach-through clauses (also commonly called `reach-through rights'). In the limited literature that discusses the five clauses, commentators have largely debated their advantages and disadvantages in the abstract. The IP terms that biobanks actually use have not been empirically examined, apart from some small case studies. In particular, no industry-wide evidence exists on three points of biobanks' IP practice: (i) if and how biobanks implement these five types of IP clauses, (ii) whether any norms or standards have emerged, and (iii) whether the norms and standards align with commentators' recommendations for using the five IP clauses. To address these three gaps, the authors conducted a systematic, global survey of the IP clauses used by large, human biobanks. The results indicate that biobanks draft bespoke policies to meet their own needs, and probably do so without knowledge of the gamut of IP terms available. This study also revealed that, in general, biobanks are using IP terms differently from the advice of the commentators. On reviewing the differences, we encourage the use of march-in and grant-back clauses, discourage biobanks from using redundant non-obstruction clauses, and call for more research on return-of-results clauses. We also encourage the use of reach-through clauses to claim royalties (not IP), but only in limited circumstances; for example, where user access fees do not cover a biobanks' operational costs.

Published

2020

3. Standard contractual clauses for cross-border transfers of health data after

Author

Laura, Bradford, Mateo, Aboy, and Kathleen, Liddell

Subjects

cross-border transfers, AcademicSubjects/SCI01050, EU-US Privacy Shield, standard contractual clauses, appropriate safeguards, health data, AcademicSubjects/LAW00490, Original Article, GDPR, medical research, privacy and data protection

Abstract

Standard contractual clauses (SCCs) have long been considered the most accessible method to transfer personal data legally across borders. In July 2020, the Court of Justice of the European Union (CJEU) in Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems (Schrems II) placed heavy conditions on their use. The Schrems II Court found that SCCs were valid as ‘appropriate safeguards’ for data transfers from EU entities to others outside the EU/EEA as long as unspecified ‘supplementary measures’ were in place to compensate for the lack of data protection in the third country. Data protection officers are under intense pressure to explain these measures and allow routine transfers to continue. Some authorities interpret the decision as preventing the use of SCCs to transfer personal data outside of the EU because private contracts cannot comprehensively redress gaps in national law. This article argues that these authorities are mistaken and that notwithstanding Schrems II SCCs can still be useful instruments for cross-border transfers. This is especially true in highly regulated contexts such as medical research. This paper traces the history of SCCs under the General Data Protection Regulation (GDPR) and shows how the CJEU in Schrems II misunderstood the purpose of SCCs and other Article 46 GDPR ‘appropriate safeguards’. The CJEU mistakenly approached Article 46 safeguards such as SCCs as being similar to country-specific adequacy rulings under Article 45 GDPR. But unlike Article 45 adequacy rulings, SCCs were not intended to provide a stand-alone mechanism for transfer reliant on the law of the importing country. Rather SCCs provide an alternative, multi-layered standard for data protection that encompasses law, technology and organizational commitments. Their purpose is to be used in situations where legislation alone is insufficient to protect data subject rights. The European Commission’s new draft SCCs support this analysis.

Published

2020

4. International transfers of health data between the EU and USA: a sector-specific approach for the USA to ensure an 'adequate' level of protection

Author

Laura R. Bradford, Mateo Aboy, Kathleen Liddell, Aboy, Mateo [0000-0002-5168-4321], and Apollo - University of Cambridge Repository

Subjects

cross-border transfers, HIPAA, AcademicSubjects/SCI01050, business.industry, Health Insurance Portability and Accountability Act, Medicine (miscellaneous), International health, Public administration, Biochemistry, Genetics and Molecular Biology (miscellaneous), Variety (cybernetics), General Data Protection Regulation, Data Protection Act 1998, media_common.cataloged_instance, AcademicSubjects/LAW00490, Original Article, Business, Privacy law, European union, GDPR, Law, EU–US privacy shield, Legitimacy, media_common, privacy and data protection

Abstract

International health research increasingly depends on collaboration and combination using medical data to advance treatment and drug discovery. The European Union (EU), through its General Data Protection Regulation, has tightened the rules for sharing data across borders to protect individual privacy. These new rules threaten cooperation between the EU and the USA, the two largest public funders of biomedical research. This article analyzes the primary pathway for sharing research data with the USA, the US–EU Privacy Shield††, and argues that the Shield is ill-suited to support complex health studies. Its legitimacy is in question under both EU and US law, and its terms are too restrictive for the variety of exchanges underlying research, treatment, and care. As an alternative, we propose that the USA seek an additional sector-based adequacy determination based on the existing US health privacy law, the Health Insurance Portability and Accountability Act. A sector-specific approach to adequacy for health would avoid many of the most contentious issues that divide the USA and EU on data protection. It could also serve as a model for other third-party jurisdictions and facilitate international harmonization of health research practices.

Published

2020

5. COVID-19 contact tracing apps: a stress test for privacy, the GDPR, and data protection regimes

Author

Kathleen Liddell, Laura R. Bradford, Mateo Aboy, and Apollo - University of Cambridge Repository

Subjects

020205 medical informatics, Computer science, Internet privacy, Medicine (miscellaneous), Fundamental rights, 02 engineering and technology, Biochemistry, Genetics and Molecular Biology (miscellaneous), law.invention, Bluetooth, 03 medical and health sciences, 0302 clinical medicine, law, Blueprint, 0202 electrical engineering, electronic engineering, information engineering, AcademicSubjects/LAW00490, Data Protection Act 1998, 030212 general & internal medicine, GDPR, Android (operating system), privacy and data protection, HIPAA, AcademicSubjects/SCI01050, business.industry, Health Insurance Portability and Accountability Act, COVID-19, CCPA, tracking app, General Data Protection Regulation, Consumer privacy, Original Article, business, Law, OECD privacy principles

Abstract

Digital surveillance has played a key role in containing the COVID-19 outbreak in China, Singapore, Israel, and South Korea. Google and Apple recently announced the intention to build interfaces to allow Bluetooth contact tracking using Android and iPhone devices. In this article, we look at the compatibility of the proposed Apple/Google Bluetooth exposure notification system with Western privacy and data protection regimes and principles, including the General Data Protection Regulation (GDPR). Somewhat counter-intuitively, the GDPR’s expansive scope is not a hindrance, but rather an advantage in conditions of uncertainty such as a pandemic. Its principle-based approach offers a functional blueprint for system design that is compatible with fundamental rights. By contrast, narrower, sector-specific rules such as the US Health Insurance Portability and Accountability Act (HIPAA), and even the new California Consumer Privacy Act (CCPA), leave gaps that may prove difficult to bridge in the middle of an emergency.

Published

2020