Archives

Benedikt Burger, Claudia Langer, and Veronika Krizova, Privacy law in the U.S. and in Europe in emerging fields of biotechnology

By privacylaw | Posted on

Benedikt Burger, Claudia Langer, and Veronika Krizova, Privacy law in the U.S. and in Europe in emerging fields of biotechnology

Comment by: Paul Schwartz

PLSC 2013

Workshop draft abstract:

Biotechnology is one of the key technologies of our days. Its rapid evolution opens new opportunities for healthcare and bio-engineering. But as the progress of biotechnological medical research and therapy advances, so do the threats to privacy. Genes as the basic biological component of biological sample tissues contain sensitive information about donors or patients. While an individual may profit, for example, from his participation in research projects or from therapies, the protection of privacy requires him/her to remain in control of his/her data.

Only if the legal framework keeps track with the rapid development and solves the conflict between the researchers need for information and the individual’s right to privacy, biotechnology can bring benefits to individuals as well as the society in general without reducing the protection of an individual’s privacy.

The paper illustrates this intersection on three controversially discussed examples: human tissue engineering, biobanks, and organ donation and transplantation.

Human tissue engineering constantly consumes human tissue samples for the research for new and promising therapies and cures for diseases. By taking tissue samples which doctors/researchers then prepare as human tissue engineered products (HTEPs), they provide treatment while simultaneously collecting the patients’ clinical data. Furthermore, HTEPs are worldwide exchanged among researchers in international projects. The projects have to face the challenge of different national laws on patients’ privacy rights. But also single patients travel internationally for innovative therapies. Such medical tourist destinations are regularly countries where their privacy rights do (almost) not exist. Specific privacy rules on medical tourism and the international tissue exchange are necessary to ensure the individuals’ rights. The paper will present how informed consent is a way to serve both the patients’ and the researchers’ needs in a globalized world.

After the collection of tissues, biobanks may be installed to maximize scientific research in interdisciplinary and international projects. Genetic data is used as an input to perform either research which may help to understand diseases and to develop of new drugs. The nature of research does not allow precise information about its progress and findings. The level of information an individual can get at the time of his consent is therefore inevitably low. New models like open or broad consent are introduced to solve this conflict – and reduce an individual’s protection even further. The paper will present alternatives that will balance the scientific needs and an individual’s protection.

Organ donation and transplantation has been one of the first medical fields that drew attention of lawyers and the general public due to the controversial nature of the method in respect to personality rights. Many attempts have already been made to find the best compromise for a legal regulation of issues regarding i.e. consent, incentives and benefits for donors or the privacy of data collected, stored and shared. But there still seems to remain uncertainty as to what approach is the most sensible yet effective one. As the medical law and medicine itself evolves, new fields of research and innovations bring new challenges for legislation. At the same time, they help to introduce new legal solutions. New areas such as stem cell research or the use of biobanks for scientific and commercial purposes can also represent potential elements of a new legal framework for organ donation and transplantation while they can thrive from the variety of approaches to the existing problems in more traditional fields of medicine.

The goal of this paper is to show the interrelation between specific aspects of biotechnology and privacy. It will focus on the comparison between U.S. and European Privacy Law and show the different ways of regulation as well as commonalities in order to maximize potential benefits of international research.

Paul M. Schwartz & Daniel J. Solove, The PII Problem: Privacy and a New Concept of Personally Identifiable Information

By privacylaw | Posted on

Paul M. Schwartz & Daniel J. Solove, The PII Problem: Privacy and a New Concept of Personally Identifiable Information

Comment by: Rick Kunkel

PLSC 2011

Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1909366

Workshop draft abstract:

Personally identifiable information (PII) is one of the most central concepts in information privacy regulation.  The scope of privacy laws typically turns on whether PII is involved.  The basic assumption behind the applicable laws is that if PII is not involved, then there can be no privacy harm.  At the same time, there is no uniform definition of PII in information privacy law.  Moreover, computer science has shown that the very concept of PII can be highly malleable.

To demonstrate the policy implications of the failure of the current definitions of PII, this Article examines current practices of behavioral marketing.  In their use of targeted technologies, companies direct offerings to specific consumers based on information collected about their characteristics, preferences, and behavior.  Behavioral marketing has enormous implications for privacy, yet the present regulatory regime with PII as the cornerstone has proven incapable of an adequate response.  Behavioral marketers are able to engage in their targeting practices without the use of what most laws consider to be PII.  Despite this fact, behavioral marketing causes privacy problems that should be addressed.  Other practices not involving PII as traditionally formulated also lead to problems.  Since PII defines the scope of so much privacy regulation, the concept of PII must be rethought.  In this Article, we argue that PII cannot be abandoned; the concept is essential as a way to define regulatory boundaries.  Instead, we propose a new conception of PII, one that will be far more effective than current approaches.

This Article proceeds in four steps.  First, we develop a typology of PII that shows three basic approaches in United States law to defining this term.  As part of this typological work, the Article traces the historical development of the jurisprudence of PII and demonstrates that this term only became important in information privacy law in the late 1960s with the rise of the computer’s data processing.  Second, we use behavioral marketing, with a special emphasis on food marketing to children, as a test case for demonstrating the severe flaws in the current definitions of PII.  Third, we discuss broader policy concerns with PII as it is conceptualized today.  Finally, this Article develops an approach to redefining PII based on the rule-standard dichotomy.  Drawing on the law of the European Union, we propose a new concept of PII that protects information that relates either to an “identified” or “identifiable” person.  We conclude by showing the merits of this new approach in the context of behavioral marketing and in meeting the other policy concerns with the current definitions of PII.

Paul Schwartz, The Constitutional Right to Confidential and Secure Information Systems: German and American Telecommunications Privacy in Comparison

By privacylaw | Posted on

Paul Schwartz, The Constitutional Right to Confidential and Secure Information Systems: German and American Telecommunications Privacy in Comparison

Comment by: Mark Eckenwiler

PLSC 2009

Workshop draft abstract:

In 2008, the German Constitutional Court declared a new constitutional right that protected the confidentiality and security of information systems.  According to the German High Court, this constitutional interest protects the individual against certain kinds of searches of her personal computer, cell phone, or electronic calendar.  To protect this right, the Court required the creation of suitable procedures by the legislature.   In my presentation, I discuss a broad series of contemporary German legal developments that respond to new kinds of online searches and telecommunications surveillance as well as the post-9/11 policy landscape.  The presentation will draw comparisons with the legal response in the United States.