Learn how GA4GH helps expand responsible genomic data use to benefit human health.
Learn how GA4GH helps expand responsible genomic data use to benefit human health.
Our Strategic Road Map defines strategies, standards, and policy frameworks to support responsible global use of genomic and related health data.
Discover how a meeting of 50 leaders in genomics and medicine led to an alliance uniting more than 5,000 individuals and organisations to benefit human health.
GA4GH Inc. is a not-for-profit organisation that supports the global GA4GH community.
To guide our collaborative, globe-spanning alliance, GA4GH relies on a Standards Steering Committee and an Executive Committee.
The Funders Forum brings together organisations that offer both financial support and strategic guidance.
The EDI Advisory Group responds to issues raised in the GA4GH community, finding equitable, inclusive ways to build products that benefit diverse groups.
Distributed across four Host Institutions, our staff team supports the mission and operations of GA4GH.
Curious who we are? Meet the people and organisations across six continents who make up GA4GH.
More than 500 organisations connected to genomics — in healthcare, research, patient advocacy, industry, and beyond — have signed onto the mission and vision of GA4GH as Organisational Members.
These core Organisational Members are genomic data initiatives that have committed resources to guide GA4GH work and pilot our products.
This subset of Organisational Members whose networks or infrastructure align with GA4GH priorities has made a long-term commitment to engaging with our community.
Local and national organisations assign experts to spend at least 30% of their time building GA4GH products.
Anyone working in genomics and related fields is invited to participate in our inclusive community by creating and using new products.
Wondering what GA4GH does? Learn how we find and overcome challenges to expanding responsible genomic data use for the benefit of human health.
Study Groups define needs. Participants survey the landscape of the genomics and health community and determine whether GA4GH can help.
Work Streams create products. Community members join together to develop technical standards, policy frameworks, and policy tools that overcome hurdles to international genomic data use.
GIF solves problems. Organisations in the forum pilot GA4GH products in real-world situations. Along the way, they troubleshoot products, suggest updates, and flag additional needs.
NIF finds challenges and opportunities in genomics at a global scale. National programmes meet to share best practices, avoid incompatabilities, and help translate genomics into benefits for human health.
Communities of Interest find challenges and opportunities in areas such as rare disease, cancer, and infectious disease. Participants pinpoint real-world problems that would benefit from broad data use.
Find out what’s happening with up to the minute meeting schedules for the GA4GH community.
See all our products — always free and open-source. Do you work on cloud genomics, data discovery, user access, data security or regulatory policy and ethics? Need to represent genomic, phenotypic, or clinical data? We’ve got a solution for you.
All GA4GH standards, frameworks, and tools follow the Product Development and Approval Process before being officially adopted.
Learn how other organisations have implemented GA4GH products to solve real-world problems.
Help us transform the future of genomic data use! See how GA4GH can benefit you — whether you’re using our products, writing our standards, subscribing to a newsletter, or more.
Help create new global standards and frameworks for responsible genomic data use.
Align your organisation with the GA4GH mission and vision.
Want to advance both your career and responsible genomic data sharing at the same time? See our open leadership opportunities.
Join our international team and help us advance genomic data use for the benefit of human health.
Share your thoughts on all GA4GH products currently open for public comment.
Solve real problems by aligning your organisation with the world’s genomics standards. We offer software dvelopers both customisable and out-of-the-box solutions to help you get started.
Learn more about upcoming GA4GH events. See reports and recordings from our past events.
Speak directly to the global genomics and health community while supporting GA4GH strategy.
Be the first to hear about the latest GA4GH products, upcoming meetings, new initiatives, and more.
Questions? We would love to hear from you.
Read news, stories, and insights from the forefront of genomic and clinical data use.
Attend an upcoming GA4GH event, or view meeting reports from past events.
See new projects, updates, and calls for support from the Work Streams.
Read academic papers coauthored by GA4GH contributors.
Listen to our podcast OmicsXchange, featuring discussions from leaders in the world of genomics, health, and data sharing.
Check out our videos, then subscribe to our YouTube channel for more content.
View the latest GA4GH updates, Genomics and Health News, Implementation Notes, GDPR Briefs, and more.
Discover all things GA4GH: explore our news, events, videos, podcasts, announcements, publications, and newsletters.
22 Oct 2021
The GDPR represents the most progressive measure to protect individual privacy in twenty years, and is rapidly becoming a global baseline, considered by many as model legislation.
The current state-of-play
The GDPR represents the most progressive measure to protect individual privacy in twenty years, and is rapidly becoming a global baseline, considered by many as model legislation. The territorial reach of the regulation demonstrates what has been coined the “Brussels effect:” the capacity of the EU to forge sectoral standards as a condition of market access, which in turn are adopted by international and domestic firms to minimize burdens of pursuing separate compliance requirements. However, as an omnibus regulation, the general principles that apply to banking, private commerce and other forms of processing apply to publicly funded biomedical research, with some conditional exceptions.
Since the GDPR’s enactment in May 2018, the biomedical science community has been caught in a metaphorical crossfire, struggling to find an admissible legal basis for long-term international data transfers.
International data transfers under the GDPR are particularly problematic for US federal agencies such as the National Institutes of Health (NIH), the single largest source of biomedical research support in the world. Presently, there are no international transfer mechanisms readily available to US federal agencies. EU counterparts are not pursuing international agreements or administrative arrangements under Article 46; standard contractual clauses, codes of conduct and certification mechanisms under Article 46 are not feasible for governmental bodies; and there is reluctance to make use of Article 49 derogations, which constitute exceptions to the main rules of data protection law in limited circumstances, in the absence of an adequacy decision or appropriate safeguards.. US public agencies are unable to comply with Article 46 obligations, due to principles of sovereign immunity and statutory conflict. These include provisions specifying indemnification, judicial redress, auditing of data systems by a foreign entity and submitting to the jurisdiction of foreign courts. Article 46 transfer mechanisms have become even less flexible following the increased requirements for international transfers following the Schrems II decision.
The result is a system of distributed analysis: rather than share data in real time, highly productive groups such as the International Genomics of Alzheimer’s Project and others must run identical but isolated analyses, and then pool results using summary meta-analysis. The approach yields data of reduced scientific value, constrains the number of research questions that can be explored, is more costly, and inefficient.
As one stark example, research oncologists at NIH’s Clinical Center were unable to secure European donor samples from an established bone and marrow transplantation network to conduct hematopoietic stem cell transplantation therapy for patients under experimental treatment, for otherwise intractable cancers. The GDPR is not only a data issue per se but can have direct effects on patient care in a research setting.
Greater interpretive clarity and responsible remedies are needed if the US and EU scientific communities are to pursue large initiatives toward curative treatments, diagnostics, and vaccines. GDPR transfer mechanisms must expand to resolve the unintended consequences on biomedical data sharing and incorporate scientific research as an explicit public interest.
Among available transfer mechanisms, frameworks modeled after Privacy Shield might potentially provide a legal basis for personal data transfer. A second prospect is the development of a bilateral or multilateral international agreement or administrative arrangement for use by US or third country public agencies and their affiliates and EU public bodies. A third would be to craft sector-specific contractual clauses, approved by the Commission, for use when sharing pseudonymous data with non-EU public agencies for scientific research purposes. Each may require augmentation of U.S. privacy legislation, including judicial redress for EU residents whose samples and data are processed in the US, among other safeguards.
A less robust option would be to make fuller use of the Article 49 derogation to the prohibition on international data transfers for transfers necessary for important reasons of public interest (Article 49(1)(d)). Last Fall, NIH concluded its lone data use agreement under the GDPR based on this exemption, resuming a 20-year partnership with the Finnish National Institute of Health and Welfare (THL) to identify susceptibility genes for Type 2 diabetes and associated traits.
An additional supportive measure may be to create a consistent standard of anonymization. The absence of well-defined metrics of identifiability has impeded data sharing due to concerns with non-compliance. Together with agreed standards, innovations in privacy enhancing technologies will reduce concerns that data subjects could be reidentified through linked molecular phenotypic and genotype datasets, inferential analytics, and imputation techniques.
In principle, and with sufficient political will, these seem workable propositions. Although the US and EU systems of data privacy protection evolved independently, they share identical core principles and safeguards enshrined in privacy law. This is reflected in the establishment of cooperative frameworks to protect privacy in the criminal justice context, such as the 2017 EU-U.S. Umbrella Data Protection Agreement. The same agreed principles could be extended to reach a sound legal basis for transatlantic scientific data flows in biomedicine and public health.
(This commentary does not represent an official Federal agency position and intended solely to stimulate discussion.)
Relevant GDPR provisions
Robert Eiss is Senior Global Health Adviser to the Director of the National Institutes of Health (NIH) and Fogarty International Center.
See all previous briefs.
Please note that GDPR Briefs neither constitute nor should be relied upon as legal advice. Briefs represent a consensus position among Forum Members regarding the current understanding of the GDPR and its implications for genomic and health-related research. As such, they are no substitute for legal advice from a licensed practitioner in your jurisdiction.