Toward an architecture to improve privacy and informational self-determination through informed consent
Mohamad Gharib
Information and Computer Security, 23 February 2022
Abstract
Purpose
Most developed countries have enacted privacy laws to govern the collection and use of personal information (PI) as a response to the increased misuse of PI. Yet, these laws rely heavily on the concept of informational self-determination through the “notice” and “consent” models, which is deeply flawed. This study aims at tackling these flaws achieve the full potential of these privacy laws.
Design/methodology/approach
The author critically reviews the concept of informational self-determination through the “notice” and “consent” model identifying its main flaws and how they can be tackled.
Findings
Existing approaches present interesting ideas and useful techniques that focus on tackling some specific problems of informational self-determination but fall short in proposing a comprehensive solution that tackles the essence of the overall problem.
Originality/value
This study introduces a model for informed consent, a proposed architecture that aims at empowering individuals (data subjects) to take an active role in the protection of their PI by simplifying the informed consent transaction without reducing its effectiveness, and an ontology that can partially realize the proposed architecture.

Sovereign Digital Consent through Privacy Impact Quantification and Dynamic Consent
Article
Arno Appenzeller, Marina Hornung, Thomas Kadow, Erik Krempel, Jürgen Beyerer
Technologies, 21 February 2022; 10(35)
Open Access
Abstract
Digitization is becoming more and more important in the medical sector. Through electronic health records and the growing amount of digital data of patients available, big data research finds an increasing amount of use cases. The rising amount of data and the imposing privacy risks can be overwhelming for patients, so they can have the feeling of being out of control of their data. Several previous studies on digital consent have tried to solve this problem and empower the patient. However, there are no complete solution for the arising questions yet. This paper presents the concept of Sovereign Digital Consent by the combination of a consent privacy impact quantification and a technology for proactive sovereign consent. The privacy impact quantification supports the patient to comprehend the potential risk when sharing the data and considers the personal preferences regarding acceptance for a research project. The proactive dynamic consent implementation provides an implementation for fine granular digital consent, using medical data categorization terminology. This gives patients the ability to control their consent decisions dynamically and is research friendly through the automatic enforcement of the patients’ consent decision. Both technologies are evaluated and implemented in a prototypical application. With the combination of those technologies, a promising step towards patient empowerment through Sovereign Digital Consent can be made.

How Informed is Consent? A Field Experiment
Discussion Paper
Alexandra Avdeenko, Matthias Stelter
Centre for Economic Policy Research, 1 February 2022
Abstract
In an increasingly data-driven world, data protection and the requirement of obtaining informed consent rapidly gain relevance. The intention is to protect data holders. Yet, is consent provided by data holders truly informed? In the context of empirical research, the requirement for informed consent can affect external validity and data quality of the evidence generated. Conducting a survey with 7,752 potential participants in rural Pakistan, we find that respondents are insufficiently informed about important aspects related to their consent. Experimentally changing the consent process, we find that showing an animated video has a negative impact on respondent’s understanding, but additionally engaging them in an interactive dialogue about the informational text significantly improves understanding. Even though we find effects on levels of understanding, we do not find meaningful changes in consent rates and non-response behavior indicating no adverse effects on the quality of the survey.

Editor’s note: The Centre for Economic Policy Research’s network of Research Fellows and Affiliates includes economists conducting research on issues affecting the European economy.

Health data: when children reach the age of consen
World View
Jillian Hastings Ward
Nature Medicine, 6 January 2022
Open Access
Excerpt
Parents give consent for their children’s health data to be used in research, but what happens when the children reach adulthood, and how can researchers keep families involved in the meantime? COVID-19 vaccinations for teenagers have been in the news, which raises questions about parental influence over the decision of children to get vaccinated — or not. In some countries, including the UK, children under the age of 16 can give consent for medical treatment once they are deemed able to fully appreciate what is involved (sometimes known as ‘Gillick competence’). This is of growing importance for children whose parents have signed them up for genetic research and other studies that use their health data. When and how do children get a say in what happens to their health data?..

CrowdMed-II: a blockchain-based framework for efficient consent management in health data sharing
Chaochen Hu, Chao Li, Guigang Zhang, Zhiwei Lei, Mira Shah, Yong Zhang, Chunxiao Xing, Jinpeng Jiang, Renyi Bao
World Wide Web, 1 January 2022
Open Access
Abstract
The healthcare industry faces serious problems with health data. Firstly, health data is fragmented and its quality needs to be improved. Data fragmentation means that it is difficult to integrate the patient data stored by multiple health service providers. The quality of these heterogeneous data also needs to be improved for better utilization. Secondly, data sharing among patients, healthcare service providers and medical researchers is inadequate. Thirdly, while sharing health data, patients’ right to privacy must be protected, and patients should have authority over who can access their data. In traditional health data sharing system, because of centralized management, data can easily be stolen, manipulated. These systems also ignore patient’s authority and privacy. Researchers have proposed some blockchain-based health data sharing solutions where blockchain is used for consensus management. Blockchain enables multiple parties who do not fully trust each other to exchange their data. However, the practice of smart contracts supporting these solutions has not been studied in detail. We propose CrowdMed-II, a health data management framework based on blockchain, which could address the above-mentioned problems of health data. We study the design of major smart contracts in our framework and propose two smart contract structures. We also introduce a novel search contract for searching patients in the framework. We evaluate their efficiency based on the execution costs on Ethereum. Our design improves on those previously proposed, lowering the computational costs of the framework. This allows the framework to operate at scale and is more feasible for widespread adoption.

Informed Consent in Digital Data Management [BOOK CHAPTER]
Elisabeth Hildt, Kelly Laas
Codes of Ethics and Ethical Guidelines, 1 January 2022; pp 55-81 [Springer]
Abstract
This article discusses the role of informed consent, a well-known concept and standard established in the field of medicine, in ethics codes relating to digital data management. It analyzes the significance allotted to informed consent and informed consent-related principles in ethics codes, policies, and guidelines by presenting the results of a study focused on 31 ethics codes, policies, and guidelines held as part of the Ethics Codes Collection. The analysis reveals that up to now, there is a limited number of codes of ethics, policies, and guidelines on digital data management. Informed consent often is a central component in these codes and guidelines. While there undoubtedly are significant similarities between informed consent in medicine and digital data management, in ethics codes and guidelines, informed consent-related standards in some fields such as marketing are weaker and less strict. The article concludes that informed consent is an essential standard in digital data management that can help effectively shape future practices in the field. However, a more detailed reflection on the specific content and role of informed consent and informed consent-related standards in the various areas of digital data management is needed to avoid the weakening and dilution of standards in contexts where there are no clear legal regulations.

Dynamic Consent for Sensor-Driven Research
Hyunsoo Lee
Graduate School of Knowledge Service Engineering [Daejeon, South Korea], 2021
Open Access
Abstract
Dynamic consent is a term initially emerged in biomedical research that involves a large-scale, long-term participant engagement for continuous data collection (e.g., biosamples, health records). Dynamic consent is a wider concept of informed consent that enables granular consent in dealing with personal data. Dynamic consent is typically incorporated into a personalized digital platform that allows participants to tailor and manage their own consent preferences. This feature leads to improved transparency and proactive privacy management. Due to such benefits, dynamic consent offers potential applications in other domains that collect diverse data that require multiple consents over time. One possible testbed is digital health, where there have been several attempts to track symptoms and diagnose mental illnesses (e.g., depression) with data collected from mobile and wearable devices (i.e., digital phenotyping). As these sensors continuously collect personal data, users may feel uncomfortable in certain private contexts. However, the current status of the studies only provides one-off informed consent without consideration of specific user contexts, which calls for context-aware fine-grained control. Thus, this paper explores the feasibility of dynamic consent in sensor-driven research and suggests a future outlook of dynamic consent usage in mobile and ubiquitous computing.

Controversies between regulations of research ethics and protection of personal data: informed consent at a cross-road
Scientific Contribution
Eugenijus Gefenas, J. Lekstutiene, V. Lukaseviciene, M. Hartlev, M. Mourby, K.Ó Cathaoir
Medicine, Health Care and Philosophy, 17 November 2021
Abstract
This paper explores some key discrepancies between two sets of normative requirements applicable to the research use of personal data and human biological materials: (a) the data protection regime which follows the application of the European Union General Data Protection Regulation (GDPR), and (b) the Declaration of Helsinki, CIOMS guidelines and other research ethics regulations. One source of this controversy is that the GDPR requires consent to process personal data to be clear, concise, specific and granular, freely given and revocable and therefore has challenged the concept of ‘broad consent’, which has been widely applied in the context of biobanking. Another source of controversy is the interplay between regulations of research ethics and protection of personal data related to the secondary use of personal data and biological materials. In this case, the GDPR ‘research condition’ provides an alternative to re-consent for the use of previously collected personal data and biological materials. Although the mentioned controversies have been raised in the legal literature, they have not been explicitly addressed from the research ethics perspective. Should consent be regarded as a priority legal basis for personal data processing in health data research? Can broad consent still be a suitable legal ground for biobanking? What should be the role of research ethics provisions that differ from the GDPR standards, and what should be the role and function of research ethics committees in the changing environment of health data research? These are the ongoing controversies to be explored in the paper.

Data protection-compliant broad consent for secondary use of health care data and human biosamples for (bio)medical research: towards a new German national standard
Sven Zenker, Daniel Strech, Kristina Ihrig, Jahns, Roland, Gabriele Müller, Christoph Schickhardt, Georg Schmidt, Ronald Speer, Eva Winkler, Sebastian Graf von Kielmansegg, Johannes Drepper
OSF Preprints, 7 October 2021
Open Access
Abstract
Background
The secondary use of deidentified but not anonymized patient data is a promising approach for enabling precision medicine and learning health care systems. In most national jurisdictions (e.g., in Europe and North America), this type of secondary use requires patient consent. While various ethical, legal, and technical analyses have stressed the opportunities and challenges for different types of consent over the past decade, no country has yet established a national consent standard accepted by the relevant authorities.
Methods
A working group of the national Medical Informatics Initiative in Germany conducted a requirements analysis and developed a GDPR-compliant broad consent standard involving all relevant stakeholder groups and authorities.
Results
This paper presents the broad consent text together with a guidance document on mandatory safeguards for broad consent implementation. The mandatory safeguards comprise i) independent review of individual research projects, ii) organizational measures to protect patients from involuntary disclosure of protected information, and iii) comprehensive information for patients and public transparency. This paper further describes the key issues discussed with the relevant authorities, especially the position on additional or alternative consent approaches such as dynamic consent.
Discussion
Both the resulting broad consent text and the national consensus process are relevant for similar activities internationally. A key challenge of aligning consent documents with the various stakeholders was explaining and justifying the decision to use broad consent and the decision against using alternative models such as dynamic consent. Public transparency for all secondary use projects and their results emerged as a key factor in this justification. While currently largely limited to academic medicine in Germany, the first steps for extending this broad consent approach to wider areas of application, including smaller institutions and medical practices, are currently under consideration.

AI, big data, and the future of consent
Open Forum
Adam J. Andreotta, Nin Kirkham, Marco Rizzi
AI & Society, 30 August 2021
Open Access
Abstract
In this paper, we discuss several problems with current Big data practices which, we claim, seriously erode the role of informed consent as it pertains to the use of personal information. To illustrate these problems, we consider how the notion of informed consent has been understood and operationalised in the ethical regulation of biomedical research (and medical practices, more broadly) and compare this with current Big data practices. We do so by first discussing three types of problems that can impede informed consent with respect to Big data use. First, we discuss the transparency (or explanation) problem. Second, we discuss the re-repurposed data problem. Third, we discuss the meaningful alternatives problem. In the final section of the paper, we suggest some solutions to these problems. In particular, we propose that the use of personal data for commercial and administrative objectives could be subject to a ‘soft governance’ ethical regulation, akin to the way that all projects involving human participants (e.g., social science projects, human medical data and tissue use) are regulated in Australia through the Human Research Ethics Committees (HRECs). We also consider alternatives to the standard consent forms, and privacy policies, that could make use of some of the latest research focussed on the usability of pictorial legal contracts.