Skip to main content
    • Aa
    • Aa

Towards Principles–Based Approaches to Governance of Health–Related Research Using Personal Data

  • Graeme Laurie (a1) and Nayha Sethi (a2)

Technological advances in the quality, availability and linkage potential of health data for research make the need to develop robust and effective information governance mechanisms more pressing than ever before; they also lead us to question the utility of governance devices used hitherto such as consent and anonymisation. This article assesses and advocates a principles–based approach, contrasting this with traditional rule–based approaches, and proposes a model of principled proportionate governance. It is suggested that the approach not only serves as the basis for good governance in contemporary data linkage but also that it provides a platform to assess legal reforms such as the draft Data Protection Regulation.

Hide All

1 See for example; Communication from the Commission for a Digital Agenda for Europe, COM(2010) 245 final/2, at p. 29; Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross–border healthcare (OJ L 88, 4.4.2011, p. 45) and Commission Decision 2008/49/EC of 12 December 2007 concerning the implementation of the Internal Market Information System as regards the protection of personal data, (OJ L 13, 16.1.2008, p. 18); Karl A. Stroetmann, Jörg Artmann, Veli N. Stroetmann et al, European Countries on their journey towards national eHealth infrastructures: Final European Progress Report,(2011); WilliamsJames and KuziemskyCraig, “Institutional Liability in the E–Health Era”, 9 Canadian Journal of Law and Technology (2011), pp. 185 et sqq., at p. 192.

2 LowranceWilliam, Privacy, confidentiality and health research, (Cambridge: Cambridge University Press 2012), LowranceWilliam, “Learning from experience : privacy and the secondary use of health data in research”, 8 J Health Serv Res Policy (2003), pp. 27; WillisonDon, “Privacy and the secondary use of data for health research : experience in Canada and suggested directions forward8 J Health Serv Res Policy (2003), pp. 1723; LawMargaret, “Reduce Reuse, Recycle : Issues in the Secondary Use of Research Data”, Spring IASSIST Quarterly (2005), pp. 5 et sqq., at p. 7; BrownJulia and SemradekJoyce, “Secondary Data on Health–Related Subjects: Major Sources, Uses and Limitations”, 9 Public Health Nursing (1992), p. 162; LelliotPaul, “Secondary Uses of Patient Information”, 9 Advances in Psychiatric Treatment ((2003), pp. 221 et sqq., p. 226.

3 ThomasRichard and WalportMark, Data Sharing Review Report, (2008); Academy of Medical Sciences, A new pathway for the regulation and governance of health research, (2011); FortinSabrina and KnoppersBartha, “Secondary uses of personal data for population research”, 5 Genomics, Society and Policy (2009), pp. 80;Organisation for Economic Co–operation and Development, Report on the cross–border enforcement of privacy laws, (2006); Organisation for Economic Co–operation and Development , The Evolving PrivacyLandscape; 30 Years After the OECD Privacy Guidelines, OECD Digital Economy Papers, No.176 (OECD Publishing: 2011); BloomrosenMeryl and DetmerDon, “Advancing the Framework: Use of Health Data – A Report of a Working Conference of the American Medical Informatics Association”, 15 Journal of the AmericanInformatics Association (2008), pp. 715722; LaurieGraeme and SethiNayha, Information Governance of Use of Health–RelatedData in Medical Research in Scotland: Current Practices and FutureScenarios, (University of Edinburgh School of Law Working Paper No 2011/26, 2011).

4 The House of Lords Report on Genomic Medicine offers an account of the regulatory hurdles which must be surpassed by researchers in order to gain approval. See House of Lords Science and Technology Committee, Genomic Medicine, Volume 1: Report, (HL Paper 17-I 2009).

5 For example, in contrast to the Privacy Advisory Committee for Scotland, which advises on health data linkages despite a lack of statutory authority, in England and Wales, by virtue of section 251 of the NHS Act 2006,the Ethics and Confidentiality Committee (under the auspices of the National Information Governance Board) enjoys the statutory authority to take such decisions. Additional decision makers charged with overseeing the appropriate sharing of health data include Caldicott Guardians and Research Ethics Committees. This is all in addition to the legal responsibilities to which Data Controllers are subject under the European Data Protection Directive.

6 The Academy of Medical Science, Personal data for public good: using health information in medical research, (2006), at p. 3.

7 For further discussion, Laurie and Sethi, Information Governance of Use of Health–Related Data, supra note 3

8 The Academy of Medical Sciences, Personal data for public good:supra note 6, at p. 29.

9 KernAlexander and MaoloneyNiamh, Law Reform and Financial Markets, (Cheltenham: Edward Elgar Publishing: 2011) at p. 8.

10 Julia Black, The Rise, Fall and Fate of Principles Based Regulation, (LSE Law Society and Economy Working Papers 17/2010 2010).

11 BlackJulia, HopperMartyn and BandChrista, “Making a success of Principles–based regulation”, 13 Law and Financial Markets Review (2007), at p. 191.

12 ArjoonSurendra, “Striking a Balance Between Rules and Principles–based Approaches for Effective Governance: A Risk-based Approach68 Journal of Business Ethics (2006), pp. 53 et sqq., at p. 65.

13 See for example KayeJane et al, “From patients to partners: participant–centric initiatives in biomedical research”, 13 Nature Review Genetics (2012), p. 371.

14 UK Data Protection Act 1998 (section 33).

15 The Academy of Medical Sciences, Personal data for public good:supra note 6, at p. 4.

16 We recognise the limitations of anonymisation. For further discussion, see in particular: OhmPaul, “Broken Promises of Privacy : Responding to the Surprising Failure of Anonymization57 UCLA Review (2010), p. 1701 and LowranceWilliam, Privacy, Confidentiality and Health Research, (Cambridge University Press 2012), p. 9399.

17 Arjoon, “Striking a Balance”, supra note 12, at p. 55.

18 See HonderichTed (ed.), The Oxford Companion to Philosophy, (Oxford: Oxford University Press, 1995) p. 719 .

19 BraithwaiteJohn, “Rules and Principles: A Theory of Legal Certainty”, 27 Australian Journal of Legal Philosophy (2002), pp. 47 et sqq., at p. 51

20 RazJoseph, “Legal Principles and the Limits of Law”, 81 Yale Law Journal (1972), pp. 823 et sqq.,, at p. 838.

21 Larry Alexander and Emily Sherwin, Demystifying Legal Reasoning, (Cambridge University Press: 2008), at p. 11.

22 On the guiding principles of good governance itself, see Independent Commission on Good Governance, The Good Governance Standard for Public Services, (2004), at p. 4.

23 BeauchampTom and ChildressJames, Principles of Biomedical Ethics, Fifth Edition, (Oxford University Press 2001) at p. 13.

24 For a worked example of principles in action and more commentary on ‘specification’, see GordonJohn–Stewart, RauprichOliver and VollmanJochen,”Applying the four–principle approach25 Bioethics (2011), pp. 293300; BeauchampTom, “Making Principlism practical: a commentary on Gordon, Rauprich and Vollman”, 25 Bioethics (2011), pp. 301303.

25 Julia Black, The Rise Fall and Fate, supra note 10, at p. 7 ; KorobkinRussell, “Behavioral Analysis and Legal Form: Rules vs. Standards Revisited79 Oregon Law Review (2000), pp. 23 et sqq., at p. 26.; Frederick Schauer, “The Convergence of Rules and Standards”, 79 New Zealand Law Review (2003), pp. 303 et sqq. at p. 305; MacCormickNeil, “Reconstruction after Deconstruction: A Response to CLS”, 10 Oxford J. Legal Stud. (1990), pp. 539 et sqq., at p. 545.

26 AlexyRobert, A Theory of Constitutional Rights, Translated by Julien Rivers, (Oxford 2002), p. 44

27 LyallCatherine, PapaioannouTheo and SmithJames (eds), The Limits to Governance: The Challenge of Policy–making for the New Life Sciences, (Ashgate, 2009), pp. 117.

28 Beauchamp and Childress, Principles in Biomedical Ethics, supra note 21, particularly at p. 15–19 ; RichardsonHenry, “Specifying, Balancing, and Interpreting Bioethical Principles”, 25 Journal of Medicine and Philosophy (2000), pp. 285 et sqq., at p. 287.

29 GertBernard, CulverCharles and ClouserDanner, Bioethics: A Return to Fundamentals, (Oxford: Oxford University Press 1997), p. 89.

30 DanielsNorman, “Accountability for Reasonableness”, 321 British Medical Journal (2000), p. 1300.

31 See House of Lords Science and Technology Committee, Genomic Medicine, supra note 4 and text above.

32 RawlsJohn, A Theory of Justice, (Clarendon Press:1971) and RawlsJohn, Political Liberalism, (New York: Columbia University Press:1993).

33 See further Daniels, “Accountability for Reasonableness”, supra note 28.

34 Beauchamp and Childress, Principles in Biomedical Ethics, supra note 21; ChambersTod, The Fiction of Bioethics: cases as literary texts, (York: Routledge 1999), p. 30.

35 SelgelidMichael, “Universal Norms and Conflicting Values”, 5 Developing World Bioethics (2005), pp. 267 et sqq., at p. 269.

36 See in particular – PulidoCarlos Bernal, “The Rationality of Balancing”, 92 Archiv für Rechts– und Sozial Philosophie (2006), p. 195 and Richardson, “Specifying, Balancing and Interpreting”, supra note 26.

37 Beauchamp and Childress, Principles of Biomedical Ethics, supra note 21.; AleinikoffThomas Alexander, “Constitutional Law in the Age of Balancing”, 96 Yale Law Journal (1987), p. 983.

38 HarrisJohn, “In praise of unprincipled ethics”, 29 J Med Ethics (2003), p. 303.

39 Pulido, “The Rationality of Balancing”, supra note 34.

40 Richardson, “Specifying, Balancing and Interpreting”, supra note 26, at p. 288. ; Dan Callahan, “Principlism and Communitarianism”, 29 J Med Ethics (2003), pp. 287 et sqq., at p. 289 ; CampbellAlistair, “The virtues (and vices) of the Four Principles”, 29 J Med Ethics (2003), pp. 292 et sqq., at p. 294.

41 Black notes that the rhetoric of PBR ‘invokes, not deregulation but a re–framing of the regulatory relationship from one of directing control to one based on responsibility, mutuality and trust’. She continues that the relationship between regulator and regulatee evolves; regulatees ‘adopt a self–reflective approach’ and regulators ‘apply principles’ predictably. See Julia Black, Forms and Paradoxes of principles–based regulation, (LSE Law Society and Economy Working PapersWorking Papers 13/2008 2008), pp. 1 et sqq., at p. 8.

42 SchwarczSteven, “The “Principles” Paradox”, 10 European Business Organization Law Review (2009), pp. 175 et sqq., at p. 176.

43 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, Nov. 23, 1995.

44 UK Data Protection Act Part 1 s4(4).

45 Section 55(A) Data Protection Act 1998.

46 UK Data Protection Act Schedule 1 – The Data Protection Principles.

47 Ministry of Justice, “Call for Evidence on EU Data Protection Proposals”, (2012), available on the Internet at <> (last accessed on 12 April 2012).; WongRebecca, “Assessing the Status of Medical Information in the light of the UK Data Protection Act 1998”, 5 Web Journal of Current Legal Issues (2008); Hazel Grant, “United Kingdom”, in Catrien Noorda and Stefan Hanloser (eds), E–Discovery and Data Privacy : A Practical Guide (The Netherlands: Kluwer Law International BV 2011), pp. 295 et sqq., at p. 297.

48 RynningElisabeth, “Processing of Personal Data in Swedish Health Care and Biomedical Research”, in Deryck Beyleveld, David Townend, Segolene Rouille–Mirza et al (eds), Implementation of the Data Protection Directive in Relation to Medical Research in Europe (England : Ashgate Publishing 2004), pp. 381 et sqq., at p. 402 .

49 LaurieGraeme, “Evidence of support for biobanking practices”, 337 British Medical Journal (2008): p. 337.

50 It is important to remember, and often forgotten, that consent is but one lawful basis for processing, even when data are sensitive and require both schedule 2 and schedule 3 of the Data Protection Act (1998) must be satisfied.

51 Proposal for a new Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) Brussels, 25.1.2012 COM(2012) 11 final.

52 Draft Recital 7, supra note 46.

53 In fact, proportionality is emerging as a key concept within the regulatory landscape and features in the proposal for a new EU Data Protection Regulation, supra note 46. Note mention of proportionality also appears in draft recitals 133 and 139 and also draft Article 22(4).

54 See draft Recitals 22, 53, 123, 125 and 126.

55 Pursuant to Article 290 TFEU.

56 The following publications offer examples of the research which SHIP has facilitated: LogueJennifer et al, “Do men develop type 2 diabetes at lower body mass indices than women?54 Diabetologia (2011), pp. 30033006; WalkerJeremy et al, “Effect of Socioeconomic Status on Mortality Among People with Type 2 Diabetes; A study from the Scottish Diabetes Research Network Epidemiology Group”, 34 Diabetes Care (2011), pp. 11271132.

57 SHIP, “A Blueprint for Health Records Research in Scotland”, December 2011, available on the Internet at: <> (last accessed on 04 January 2013).

58 Graeme Laurie and Nayha Sethi, ‘SHIP Working Paper 1: Information governance of use of health-related data in medical research in Scotland: current practices and future scenarios’, 26 U. of Edinburgh School of Law Working Paper (2011), available via SSRN at <> (last accessed on 04 January 2013). Graeme Laurie and Nayha Sethi, ‘SHIP Working Paper 2: Information governance of use of health-related data in medical research in Scotland: Towards a Good Governance Framework’, 13 Edinburgh School of Law Research Paper (2012), available via SSRN at <> (last accessed on 04 January 2013).

59 See all, supra note 42.

60 SHIP demonstrates how it complies with the Data Protection “Principles” in its Privacy Impact Assessment. See SHIP, “SHIP Privacy Impact Assessment”, January 2012, available on the Internet at : <> (last accessed on 04 January 2013).

61 SamaLinda and ShoafVictoria, “Reconciling Rules and Principles: An Ethics-Based Approach to Corporate Governance”, 58 Journal of Business Ethics (2005), pp. 1.

62 BeauchampTom, “The ‘Four Principles’ approach to health care ethics”, in Richard Ashcroft, Angus Dawson and Heather Draper (eds), Principles of health care ethics, 2nd ed. (Chichester: John Wiley and Sons 2007), at pp. 1. et sqq., at p. 8.

Recommend this journal

Email your librarian or administrator to recommend adding this journal to your organisation's collection.

European Journal of Risk Regulation
  • ISSN: 1867-299X
  • EISSN: 2190-8249
  • URL: /core/journals/european-journal-of-risk-regulation
Please enter your name
Please enter a valid email address
Who would you like to send this to? *


Altmetric attention score

Full text views

Total number of HTML views: 0
Total number of PDF views: 12 *
Loading metrics...

Abstract views

Total abstract views: 45 *
Loading metrics...

* Views captured on Cambridge Core between 20th January 2017 - 19th October 2017. This data will be updated every 24 hours.