Learn how GA4GH helps expand responsible genomic data use to benefit human health.
Learn how GA4GH helps expand responsible genomic data use to benefit human health.
Our Strategic Road Map defines strategies, standards, and policy frameworks to support responsible global use of genomic and related health data.
Discover how a meeting of 50 leaders in genomics and medicine led to an alliance uniting more than 5,000 individuals and organisations to benefit human health.
GA4GH Inc. is a not-for-profit organisation that supports the global GA4GH community.
To guide our collaborative, globe-spanning alliance, GA4GH relies on a Standards Steering Committee and an Executive Committee.
The Funders Forum brings together organisations that offer both financial support and strategic guidance.
The EDI Advisory Group responds to issues raised in the GA4GH community, finding equitable, inclusive ways to build products that benefit diverse groups.
Distributed across four Host Institutions, our staff team supports the mission and operations of GA4GH.
Curious who we are? Meet the people and organisations across six continents who make up GA4GH.
More than 500 organisations connected to genomics — in healthcare, research, patient advocacy, industry, and beyond — have signed onto the mission and vision of GA4GH as Organisational Members.
These core Organisational Members are genomic data initiatives that have committed resources to guide GA4GH work and pilot our products.
This subset of Organisational Members whose networks or infrastructure align with GA4GH priorities has made a long-term commitment to engaging with our community.
Local and national organisations assign experts to spend at least 30% of their time building GA4GH products.
Anyone working in genomics and related fields is invited to participate in our inclusive community by creating and using new products.
Wondering what GA4GH does? Learn how we find and overcome challenges to expanding responsible genomic data use for the benefit of human health.
Study Groups define needs. Participants survey the landscape of the genomics and health community and determine whether GA4GH can help.
Work Streams create products. Community members join together to develop technical standards, policy frameworks, and policy tools that overcome hurdles to international genomic data use.
GIF solves problems. Organisations in the forum pilot GA4GH products in real-world situations. Along the way, they troubleshoot products, suggest updates, and flag additional needs.
NIF finds challenges and opportunities in genomics at a global scale. National programmes meet to share best practices, avoid incompatabilities, and help translate genomics into benefits for human health.
Communities of Interest find challenges and opportunities in areas such as rare disease, cancer, and infectious disease. Participants pinpoint real-world problems that would benefit from broad data use.
See all our products — always free and open-source. Do you work on cloud genomics, data discovery, user access, data security or regulatory policy and ethics? Need to represent genomic, phenotypic, or clinical data? We’ve got a solution for you.
All GA4GH standards, frameworks, and tools follow the Product Development and Approval Process before being officially adopted.
Learn how other organisations have implemented GA4GH products to solve real-world problems.
Help us transform the future of genomic data use! See how GA4GH can benefit you — whether you’re using our products, writing our standards, subscribing to a newsletter, or more.
Help create new global standards and frameworks for responsible genomic data use.
Align your organisation with the GA4GH mission and vision.
Solve your real-world data problems with support from this valuable network of global institutions.
Work with like-minded groups committed to better data use in areas like rare disease, cancer, and infectious disease.
Share your thoughts on all GA4GH products currently open for public comment.
Solve real problems by aligning your organisation with the world’s genomics standards. We offer software dvelopers both customisable and out-of-the-box solutions to help you get started.
Learn more about upcoming GA4GH events. See reports and recordings from our past events.
Speak directly to the global genomics and health community while supporting GA4GH strategy.
Be the first to hear about the latest GA4GH products, upcoming meetings, new initiatives, and more.
Questions? We would love to hear from you.
Read news, stories, and insights from the forefront of genomic and clinical data use.
Attend an upcoming GA4GH event, or view meeting reports from past events.
See new projects, updates, and calls for support from the Work Streams.
Read academic papers coauthored by GA4GH contributors.
Listen to our podcast OmicsXchange, featuring discussions from leaders in the world of genomics, health, and data sharing.
Check out our videos, then subscribe to our YouTube channel for more content.
View the latest GA4GH updates, Genomics and Health News, Implementation Notes, GDPR Briefs, and more.
Discover all things GA4GH: explore our news, events, videos, podcasts, announcements, publications, and newsletters.
3 Feb 2020
Given the importance of SCCs to international data transfers, the December 2019 opinion of Advocate General Saugmandsgaard Øe (AG) on the suitability of standard contractual clauses (SCCs) in Facebook Ireland and Schrems, C-311/18 (“Schrems II”) has caused some consternation.
Notice to readers: This post is outdated. Please consult the GA4GH GDPR Forum’s analysis of the decision in Schrems II here.
Standard contractual clauses (SCCs) are the most common legal mechanism for international data transfers where the European Commission is yet to issue an “adequacy decision”, which finds that a third country’s data protection regime is “essentially equivalent” as the EU’s. Given the importance of SCCs to international data transfers, the December 2019 opinion of Advocate General Saugmandsgaard Øe (AG) on the suitability of standard contractual clauses (SCCs) in Facebook Ireland and Schrems, C-311/18 (“Schrems II”) has caused some consternation. While the opinion is only non-binding guidance for the Court of Justice of the European Union (CJEU), we wish to contextualise the AG’s findings and give readers indications regarding what to keep an eye out for when the CJEU gives its ruling.
So, what is notable about the AG Opinion?
On the scope of GDPR data transfer rules and SCCs:
The AG noted that SCCs are mechanisms for transfer “irrespective of the third country of destination and the level of protection guaranteed there.” While this is technically true, the level of protection guaranteed in a third country impacts the level of protection that the SCCs in that jurisdiction provide.
On the standard and method by which SCCs are assessed:
The AG opined that SCCs must meet the same standard of protection that applies to adequacy decisions – SCCs (i.e., the contractual relationship between the data exporter and importer) must provide “essential equivalence”’ in the protections they provide. Given the breadth of the considerations that go into an adequacy decision (e.g., human rights protections, existence and efficacy of independent supervisory authorities, etc. in the third country), this is potentially a demanding task. The result of failing such an assessment is the suspension of transfers based on the SCC in question.
When conducting such an examination, the AG noted that controllers must examine “all the circumstances characterizing each transfer.” This likely includes the criteria mentioned in b). Of particular interest to genomic and health-related research, the AG was of the opinion that the adequacy of each transfer is to be made by reference to the sensitivity of the data and security measures. Thus, where genomic and/or health-related data are implicated, it seems that exporting data controllers and their contractual partners should be more vigilant regarding the ability of contractual obligations to be met. As Kuner notes in his analysis of the AG Opinion, commercial data controllers are often in no position to offer an assessment of factors like the rule of law, human rights protections and so on.
The way in which these considerations are to be mediated is far from clear. Should the CJEU take a similar approach, additional guidance should be issued regarding the proper method for determining whether a third country’s law prevents the effective execution of contractual obligations pertaining to personal data protection, and in what way security measures and the data’s sensitivity are to be taken into account.
Given the reliance of SCCs for international data transfers for research and other purposes, what should we in the genomic research community keep an eye on? With the CJEU’s decision expected in the coming months, we should pay special attention to whether the Court takes the same approach to assessing SCC validity. Furthermore, we should look out for the decision in Quadrature du Net v. Commission, T-738/16. This case has been parked for the time being, awaiting the Schrems II decision, but focuses more squarely on Privacy Shield.
Relevant GDPR Provisions
Michael Beauvais works at the Centre of Genomics and Policy at McGill University in Montreal, Quebec, Canada.
Johan Ordish works for the PHG Foundation, a think tank with a special focus on genomics and personalised medicine that is a part of the University of Cambridge.
For a list of previous briefs, please consult here.
Please note that GDPR Briefs neither constitute nor should be relied upon as legal advice. Briefs represent a consensus position among Forum Members regarding the current understanding of the GDPR and its implications for genomic and health-related research. As such, they are no substitute for legal advice from a licensed practitioner in your jurisdiction.