Consent to Data Processing in Biobanking: Regulatory Challenges of Data Processing in Biobanking, Using the Estonian Example

Consent to Data Processing in Biobanking: Regulatory Challenges of Data Processing in Biobanking, Using the Estonian Example
Book Chapter
Kärt Pormeister
Privacy, Data Protection and Data-driven Technologies, 2024 [Taylor&Francis]
Abstract
Under European Union (EU) data protection law, consent can generally only be relied upon as a legal basis for processing personal data if the consent has been given for one or more specified purposes. The fact is that in the world of scientific research, this is not always possible or feasible, is recognized in the recitals of the General Data Protection Regulation. Unfortunately, the European Data Protection Board has rendered this recognition in the recitals effectively moot by maintaining that even in research, a broader consent to data processing could only go as far as to cover multiple pre-defined projects, but not undefined future projects. This ‘one-size-fits-all’ stance on consent to data processing is a problem for biobanks, the existence and data processing purposes of which cannot be confined to pre-defined research projects. In the first part of this chapter, the author explores the evolution of consent to data processing for research purposes in EU data protection law and the interpretations given to it by a number of data protection institutions, and contrasts these to other emerging regulatory regimes within the EU concerning the (secondary) research use of personal data. In the second half of the chapter, the author exemplifies the previously explored theoretical problems using the Estonian Biobank as a practical example.