In accordance with long established standards (ICH Guideline etc.) data from participants in clinical studies are pseudonymized at the clinical study sites. The sponsor of the clinical study receives the study data only in pseudonymized form whereas the coding list remains at the study site. Although the pseudonymization approach is one of the safeguards explicitly referred to in Article 89(1) GDPR, pseudonymized data still are considered to be information on an identifiable natural person, Recital 26 GDPR. Behind this legal background, sharing of clinical trial data is challenging. This runs contradictory to the global trend of transparency and big data. Sharing of data can foster innovation and maximize scientific benefit. One Example: In the Innovative Medicines Initiative (IMI), the world’s biggest public-private partnership (between the European Union and the European Pharmaceutical Industry) open collaboration is key. One of the major IMI programs is “Big Data for Better Outcomes” (BD4BO): Institutions across Europe host large databases with detailed personal and biological information. If linked, this ‘big data’ has the potential to provide insights and health outcomes, generating knowledge, data and methodologies. The program focuses on a number of key therapeutic areas, namely Alzheimer’s disease, heart disease, and certain cancers.
How can clinical trial data be shared in a framework compliant with GDPR? One approach relies on an anonymization concept. From a legal perspective, anonymization does not require data to be “fully anonymized” in a way that identification of the affected individual would be absolutely impossible, independent of technical and legal efforts as well as additional knowledge. It seems rather reasonable to refer to a “de-facto anonymization”, providing sufficient safeguards where a re-identification would require an unreasonable effort in terms of time, cost and manpower. In one of the IMI projects, the IMI HARMONY project, a concept has been developed in order to render clinical trial datasets anonymous (de-facto anonymous) in that sense.
In the context of the IMI HARMONY project, a separate technical platform is set up, hosted by one data controller. Any data sets will undergo a specific treatment before being transferred to this platform, meaning that all direct personally identifiable data elements will be removed and certain numbers will be replaced. Following the transfer the data are harmonized in order to allow the scientific evaluation. The appropriate anonymization measures are defined on the basis of the specific factors relevant for the specific use case; the characteristics of the data set, the motives and capabilities for re-identification. Looking at re-identification capabilities, the availability of complimentary data, the access to supplementary data as well as data replicability and distinguishability are relevant. As to possible re-identification motives, the business value and the amount of data play an important role. When it comes to additional safeguards, technical and organizational measures have to be implemented. Technical measures include suppression, generalization and perturbation whereas organizational measures relate to data access restrictions, policies, processes and contracts.
I joined the pharmaceutical industry in 2006, as a lawyer, advising global functions (Regulatory, Clinical Development, Marketing and Medical Affairs) on pharmaceutical law, compliance as well as data privacy topics. 2000 – 2006 I worked as legal advisor and manager of the Ethics Committee at the University of Goettingen. Between 1993 – 1999 I was working as a judge in Lower Saxony.