Opportunities and challenges of a dynamic consent-based application: personalized options for personal health data sharing and utilization
Research
Ah Ra Lee, Dongjun Koo, Il Kon Kim, Eunjoo Lee, Sooyoung Yoo, Ho-Young Lee
BMC Medical Ethics, 31 August 2024
Open Access
Abstract
Background
The principles of dynamic consent are based on the idea of safeguarding the autonomy of individuals by providing them with personalized options to choose from regarding the sharing and utilization of personal health data. To facilitate the widespread introduction of dynamic consent concepts in practice, individuals must perceive these procedures as useful and easy to use. This study examines the user experience of a dynamic consent-based application, in particular focusing on personalized options, and explores whether this approach may be useful in terms of ensuring the autonomy of data subjects in personal health data usage.
Methods
This study investigated the user experience of MyHealthHub, a dynamic consent-based application, among adults aged 18 years or older living in South Korea. Eight tasks exploring the primary aspects of dynamic consent principles–including providing consent, monitoring consent history, and managing personalized options were provided to participants. Feedback on the experiences of testing MyHealthHub was gathered via multiple-choice and open-ended questionnaire items.
Results
A total of 30 participants provided dynamic consent through the MyHealthHub application. Most participants successfully completed all the provided tasks without assistance and regarded the personalized options favourably. Concerns about the security and reliability of the digital-based consent system were raised, in contrast to positive responses elicited in other aspects, such as perceived usefulness and ease of use.
Conclusions
Dynamic consent is an ethically advantageous approach for the sharing and utilization of personal health data. Personalized options have the potential to serve as pragmatic safeguards for the autonomy of individuals in the sharing and utilization of personal health data. Incorporating the principles of dynamic consent into real-world scenarios requires remaining issues, such as the need for powerful authentication mechanisms that bolster privacy and security, to be addressed. This would enhance the trustworthiness of dynamic consent-based applications while preserving their ethical advantages.

Data Altruism, Personal Health Data and the Consent Challenge in Scientific Research: A Difficult Interplay between EU Acts

Gauthier Chassang, Lisa Feriol

European Data Protection Law Review, 2024

Abstract

The article explores the challenges in implementing data altruism, focusing on personal health data altruism for scientific research purposes. The analysis highlights conceptual gaps and lack of clarity of the Data Governance Act (DGA) provisions and their unclear interplay with the General Data Protection Regulation (GDPR). Ethical considerations regarding the relationship between altruism and solidarity-based systems are discussed, along with legal issues surrounding the scope of data altruism and consent requirements in different scenarios of personal health data altruism for scientific research. The discussion extends to existing opt-out practices in scientific research and their recognition, pointing out potential drawbacks of an overly restrictive emphasis on consent in the context of data altruism. The conclusion highlights the conceptual and ethical shortcomings of data altruism, advocates for the development of an integrative approach to altruism within the regulatory sphere and within health data-sharing organisations for encouraging collaboration and recognition of contributors to not-for-profit research in the public interest. Ultimately, the article supports the development of new approaches to participation in research through dynamic opt-out mechanisms in health systems and emphasises the need for clearer regulatory guidance to unlock the full potential of health data altruism.

Privacy, Data Protection and Data-driven Technologies
Book
Martin Ebers, Karin Sein
Routledge, 2025
Description
This book brings together contributions from leading scholars in law and technology, analysing the privacy issues raised by new data-driven technologies. Highlighting the challenges that technology poses to existing European Union (EU) data protection laws, the book assesses whether current legal frameworks are fit for purpose, while maintaining a balance between supporting innovation and the protection of individual’s privacy. Data privacy issues range from targeted advertising and facial recognition, systems based on artificial intelligence (AI) and blockchain, and machine-to-machine (M2M) communication, to technologies that enable the detection of emotions and personal care robots. The book will be of interest to scholars, policymakers and practitioners working in the fields of law and technology, EU law and data protection
[Chapters Relating to Consent]
Part II: Consent, Data Protection and New Technologies
Chapter 2: Dark Patterns and the Scraping Consumer Consent: Comparative Remarks on More Effective Legal Compliance, Giorgia Guerra
Chapter 3: The Consent Service in Estonia: Enhancement of State-held Data Sharing vs Privacy Risks, Karin Sein
Chapter 4: Consent to Data Processing in Biobanking: Regulatory Challenges of Data Processing in Biobanking, Using the Estonian Example, Kärt Pormeister

Retrospective Radiology Research: Do We Need Informed Patient Consent?
Original Research
Yfke Ongena, Thomas C. Kwee, Derya Yakar, Marieke Haan
Journal of Bioethical Inquiry, 19 August 2024
Open Access
Abstract
While knowledge of the population’s view on the need for informed consent for retrospective radiology research may provide valuable insight into how an optimal balance can be achieved between patient rights versus an expedited advancement of radiology science, this is a topic that has been ignored in the literature so far. To investigate the view of the general population, survey data were collected from 2407 people representative of the Dutch population. The results indicate that for non-commercial institutions, especially hospitals (97.4 per cent), respondents agree with the retrospective use of imaging data, although they generally indicate that their explicit consent is required. However, most respondents (63.5 per cent) would never allow commercial firms to retrospectively use their imaging data. When including only respondents who completed the minimally required reading time of 12.3 s to understand the description about retrospective radiology research given in the survey (n = 770), almost all (98.9 per cent) mentioned to have no objections for their imaging data to be used by hospitals for retrospective research, with 57.9 per cent indicating their consent to be required and 41.0 per cent indicating that explicit patient consent to be unnecessary. We conclude that the general population permits retrospective radiology research by hospitals, and a substantial proportion indicates explicit patient consent to be unnecessary when understanding what retrospective radiology research entails. However, the general population’s support for the unrestricted retrospective use of imaging data for research purposes without patient consent decreases for universities not linked to hospitals, other non-commercial institutions, government agencies, and particularly commercial firms.

Statistical Analysis of Abilities to Give Consent to Health Data Processing
Antonella Massari, Biagio Solarino, Paola Perchinunno, Angela Maria D’Uggento, Marcello Benevento, Viviana D’Addosio, Vittoria Claudia De Nicolò, Samuela L’Abbate
Applied Mathematics, August 2024
Abstract
The recent pandemic crisis has highlighted the importance of the availability and management of health data to respond quickly and effectively to health emergencies, while respecting the fundamental rights of every individual. In this context, it is essential to find a balance between the protection of privacy and the safeguarding of public health, using tools that guarantee transparency and consent to the processing of data by the population. This work, starting from a pilot investigation conducted in the Polyclinic of Bari as part of the Horizon Europe Seeds project entitled “Multidisciplinary analysis of technological tracing models of contagion: the protection of rights in the management of health data”, has the objective of promoting greater patient awareness regarding the processing of their health data and the protection of privacy. The methodology used the PHICAT (Personal Health Information Competence Assessment Tool) as a tool and, through the administration of a questionnaire, the aim was to evaluate the patients’ ability to express their consent to the release and processing of health data. The results that emerged were analyzed in relation to the 4 domains in which the process is divided which allows evaluating the patients’ ability to express a conscious choice and, also, in relation to the socio-demographic and clinical characteristics of the patients themselves. This study can contribute to understanding patients’ ability to give their consent and improve information regarding the management of health data by increasing confidence in granting the use of their data for research and clinical management.

Dynamic consent: a royal road to research consent?
Extended essay
Andreas Bruns, Eva C Winkler
Journal of Medical Ethics, 24 July 2024
Abstract
In recent years, the principle of informed consent has come under significant pressure with the rise of biobanks and data infrastructures for medical research. Study-specific consent is unfeasible in the context of biobank and data infrastructure research; and while broad consent facilitates research, it has been criticised as being insufficient to secure a truly informed consent. Dynamic consent has been promoted as a promising alternative approach that could help patients and research participants regain control over the use of their biospecimen and health data in medical research. Critical voices have focused mainly on concerns around its implementation; but little has been said about the argument that dynamic consent is morally superior to broad consent as a way to respect people’s individual autonomy. In this paper, we identify two versions of this argument—an information-focused version and a control-focused version—and then argue that both fail to establish the moral superiority of dynamic over broad consent. In particular, we argue that since autonomous choices are a certain species of choices, it is neither obvious that dynamic consent would meaningfully enhance people’s autonomy, nor that it is morally justifiable to act on every kind of consent choice enabled by dynamic consent.

Editor’s note: In reflecting on the argument as presented in the abstract, we are reaching out to explore and assess further in dialogue with the authors.

Contours of data protection in India: the consent dilemma
Research Article
Aafreen Mitchelle Collaco
International Review of Law, Computers & Technology, 26 June 2024
Abstract
Amid the rapid advancement of digital technology in India, there is a growing concern regarding data protection and digital privacy. The recent DPDP Act 2023 also reflects the significant emphasis on a robust privacy practice. This paper examines the effectiveness of consent, a crucial principle and a subject of many debates in data privacy regimes. Despite being a cornerstone of privacy regimes globally, the consent-based approach has significant limitations. For instance, its binary character allows for a yes or no response and its inability to guarantee data subjects to make an informed choice. The study is set against the prominent data breaches and the Indian Government’s effort to strengthen data protection measures. The study also examines the theoretical and legal aspects of consent by analysing the fundamental ideas that form the basis of the DPDP Act, 2023, protecting the consent framework. It questions whether the current form of the Act aligns with the landmark Privacy Judgement. It concludes by exploring alternative and more adaptable mechanisms for implementing informational privacy that might effectively address the specific issues in the Indian context while taking inspiration from other jurisdictions like the EU.

Unleashing the power of clinical trial data: a proposal for enhancing informed consent and data sharing
Commentary
Lorenzo Trippa, Sean Khozin
The Oncologist, 10 June 2024
Excerpt
Clinical trials play a crucial role in establishing the safety and efficacy of new treatments. Despite the uncertainties surrounding potential benefits and risks, patients willingly participate in these studies and their contributions deserve not only recognition but also optimal utilization. Creating new mechanisms for sharing data from clinical trials can honor such contributions by advancing scientific research and aligning with patients’ altruistic motivations…

Is pay-or-consent for privacy justifiable? Evidence from different users’ privacy attitudes toward behavioral data collection in South Korea
Sangjun Nam, Youngsun Kwon
Telecommunications Policy, 30 May 2024
Open Access
Abstract
As regulators began prohibiting online platforms from collecting personal data based on the “take-it-or-leave-it” basis, platform firms must adopt more refined user consent rules such as the pay-or-consent approach. Ensuring sufficient user options could increase the welfare of privacy-sensitive users but reduce the efficiency of data-driven business models. To balance the benefits and costs of enhanced privacy protection, regulators should understand the diversity in users’ attitudes toward behavioral data collection in free online platforms. Tradeoffs among privacy, conveniences, and free services based on users’ heterogeneous preferences are considered to investigate the user’s different privacy attitudes in free online platforms. Three distinct user groups were found: the first one reluctantly accepts the “take-it-or-leave-it” condition because of the lack of alternatives, the second one accepts it for free services, and the third one accepts it because it does not matter. These three user segments constituted 32.9%, 47.0%, and 20.1% of all the respondents, respectively. The pay-or-consent approach can be justifiable in terms of balancing the benefits and costs of the privacy regulations if it properly reflects privacy-sensitive users’ willingness to pay for privacy.

How to Elucidate Consent-Free Research Use of Medical Data: A Case for “Health Data Literacy”
Gesine Richter,  Michael Krawczak
JMIR Medical Informatics, 2024
Abstract
The extensive utilization of personal health data is one of the key success factors of modern medical research. Obtaining consent to the use of such data during clinical care, however, bears the risk of low and unequal approval rates and risk of consequent methodological problems in the scientific use of the data. In view of these shortcomings, and of the proven willingness of people to contribute to medical research by sharing personal health data, the paradigm of informed consent needs to be reconsidered. The European General Data Protection Regulation gives the European member states considerable leeway with regard to permitting the research use of health data without consent. Following this approach would however require alternative offers of information that compensate for the lack of direct communication with experts during medical care. We therefore introduce the concept of “health data literacy,” defined as the capacity to find, understand, and evaluate information about the risks and benefits of the research use of personal health data and to act accordingly. Specifically, health data literacy includes basic knowledge about the goals and methods of data-rich medical research and about the possibilities and limits of data protection. Although the responsibility for developing the necessary resources lies primarily with those directly involved in data-rich medical research, improving health data literacy should ultimately be of concern to everyone interested in the success of this type of research.