Giovanni Cancemi - Fotolia
Neither the technology nor the medical research sectors have much enthusiasm for Brexit, but for genomics – an IT-dependent area of medical research recently threatened by European data protection rules – leaving might have a silver lining.
The European Union’s (EU’s) General Data Protection Regulation (GDPR), as amended in March 2014 by the European Parliament, could restrict the use of personal data in medical research without specific consent.
Given the size of genomic research projects such as the UK’s 100,000 Genomes project, asking every participant for permission for every data access would have been a weighty task.
The Wellcome Trust Sanger Institute in Cambridgeshire, which led the world in first mapping the human genome, said in October 2015 that the proposals would “pose a serious barrier to future genomic research and will hinder its use as valuable tool for healthcare”.
A group of organisations led by the Wellcome Trust, the multi-billion pound charity which funds much of the UK’s genomic research, pushed for a compromise – and this was adopted by the EU in December 2015.
But some politicians are talking about how Britain could go further after Brexit. “It means we will be able to write a UK regulatory playbook and environment,” George Freeman, member of Parliament and chair of the prime minister’s policy board, told The Economist’s War on Cancer conference in December 2016.
He told the event that he had campaigned for Britain to stay in the EU and agreed that Brexit will pose challenges for medical research, but added: “We’re liberated from some of the very restrictive – increasingly restrictive – regulations in Europe around data and trials and genetics.”
The UK will have to comply with GDPR before it leaves the EU, as the May 2018 deadline falls before the earliest possible date for Brexit.
On 1 February 2017, digital minister Matt Hancock told a House of Lords committee that the government will comply and that it wants to pursue unhindered data flows between the UK and the EU, including in medical research.
The government has not yet decided whether to make changes after leaving the EU, with a spokesperson only saying “post-Brexit, the government is committed to ensuring that the UK’s data protection regime will continue to provide necessary opportunities and safeguards”. But how could it do so and what would be the implications if it did?
Looser regulations could be ‘damaging’
The US could provide a model as even the amended version of GDPR looks tighter than the Health Insurance Portability and Accountability Act (Hippa) legislation. “One way the difference appears is in the way anonymous data is defined,” says Kristina Holt, a senior associate at legal firm Pinsent Masons.
“GDPR considers that data is only anonymous, and therefore outside the scope of privacy rules, when it can’t be identified by any means ‘reasonably likely to be used, either by a controller or by any other person’.
“So even if a researcher could not re-identify a data set, the data might still be considered personal data in the regulation if it could be reasonably identified by another with only reasonable effort. Hippa provides that data falls outside the scope of the regulation if certain specified identifiers are removed.”
If the UK government chose to introduce looser regulations post-Brexit, Holt says this could have implications for pan-European research, which the UK government’s recent whitepaper says it wants to continue.
“GDPR has extra-territorial effect so UK organisations that offer goods or services to EU-resident individuals, or whose processing activities are related to such offering, will be directly subject to the GDPR regardless of whether the regulation is in force in the UK,” she says.
“Looser regulations in the UK are not likely to be helpful where there is a pan-European research project. In fact, looser regulations could be damaging and prevent the free flow of data across borders.”
Read more about big data analytics in genomics
- How Cancer Research UK and government-funded Genomics England use DNA-sequenced big data analytics to develop personalised cancer treatment.
- Genomics is generating big data at such a scale that research institutes such as the Sanger in Cambridge are having to rediscover IT storage techniques from the past.
- Then Prime Minister David Cameron announces, in 2014, £300m government support for a big data human genome mapping project in England.
There could also be specific issues over where genomic data is stored. “The EU has a concept of awarding ‘adequacy’ to countries that have equivalent data privacy protections to allow free flow of data,” says Holt.
“There are a number of advocates for retaining the GDPR, or at least equivalent legislation, to ensure that the UK be granted an ‘adequacy decision’.”
Adequacy status could also be gained by a UK equivalent to the EU-US Privacy Shield, allowing organisations to opt-in, but Holt says this could be endangered by the UK’s intelligence agencies, given the activity of US agencies led to the end of its ‘Safe Harbor’ adequacy status.
“The present UK prime minister is a strong advocate for the UK intelligence agencies and there is unlikely to be any compromise in this area,” she says.
“There is certainly potential for a head to head collision with the EU on privacy and surveillance powers – and whether the UK goes for a full GDPR implementation, GDPR-light, or another model – it is this issue that may call into question UK adequacy after Brexit.”
Organisations involved in genomic research approached for the purpose of this article declined to comment.
Experts call for simpler immigration system for skilled workers
In January 2017, the heads of the Wellcome Trust and Cancer Research UK wrote an article for The Times arguing that Britain after Brexit needed a simple immigration system for scientific researchers and technicians. Under this system, those with a job offer from an accredited institution would not need to complete a visa application.
They noted that the Sanger Institute has seen the number of doctoral applications from non-British EU nationals drop by nearly 50%.
One high-profile figure in genomic research believes Britain should consider radical changes when it leaves the EU. “The UK has had extraordinarily dynamic research into human genetics and has, in many ways, taken a lead in that,” with government initiatives such as the 100,000 Genomes project playing a major role, says Kari Stefansson, founder and chief executive of Icelandic genomic research company deCode Genetics.
Stefansson’s firm, which attempted to build a database of all Icelanders’ medical and genomic data, before being blocked by Iceland’s Supreme Court in 2003, will be affected by GDPR.
Iceland is part of the European Economic Area, whose members adopt European rules although they are not EU members. The UK government’s focus on controlling immigration and removing the jurisdiction of the European Court of Justice effectively rules out membership of the EEA.
Although he does not believe the revised version of GDPR will seriously affect scientific research, Stefansson thinks European data protection rules can be excessively strict.
“Some of the EU regulations have been influenced by the way in which the Germans are dealing with the bad conscience of the Second World War,” he says.
“There is always an opportunity to improve on regulations. I think it’s extremely important to make sure that personal data gathered for biomedical research is not used against people, but it equally important to make sure that the potential that lies in this data can be used to improve healthcare.”
He has a proposal for post-Brexit Britain, to take full advantage of genomic research and help make the healthcare system more sustainable. “It’s somewhat in-keeping with opinions expressed by your former prime minister David Cameron: I think anyone who seeks help from the healthcare system should be looked on as a willing participant in biomedical research,” he says.
Healthcare is a human right, “but that right should come with obligations, allowing information about yourself to be used to make further discoveries. I think it should be your payment for this access, to allow this information to be used,” adds Stefansson.