BioSHaRE conference July 28th, 2015, Milan - Latest tools and services for data sharing Stream 2: ELSI approaches and services An ethico-legal analysis was conducted at ULEIC that examined each step of the DataSHIELD process from the perspective of UK case law, regulations, and guidance. In order to facilitate a similar analysis for other countries/ jurisdictions, a ‘DataSHIELD Legal Analysis Template’ is being made. Contact: sew40@leicester.ac.uk DataSHIELD was born of the requirement in the biomedical and social sciences to co-analyse individual patient data (micro data) from different sources, without disclosing identity or sensitive information. Under DataSHIELD, raw data never leave the data provider and no micro data or disclosive information can be seen by the researcher. The analysis is taken to the data – not the data to the analysis. It provides a flexible, modular, open-source solution ideally placed to serve a broad user and development community and to circumvent barriers related to ethical-legal restrictions, intellectual property and physical size of the data as a limiting factor.

1. The DataSHIELD Legal Analysis Template
Susan Wallace, University Of Leicester, Leicester, UK
Jennifer Harris, Norwegian Institute of Public Health, Oslo, Norway

2. DataSHIELD
…DataSHIELD uses
distributed computing and
parallelized analysis to
enable full joint analysis of
individual-level data from
several sources—e.g.
research projects or health or
administrative data—without
the need for those data to
move, or even be seen,
outside the study where they
usually reside.
Gaye, A. et al. DataSHIELD: taking the analysis to the
data, not the data to the analysis. Int J Epidemiol
2014; 43(6):1931
Within each biobank
personal data is:
•protected using
security measures
•processed according
to national law
Only common query
language and summary
statistics (e.g.
anonymised data) are
transmitted to/from the
web portal and analysis
computer

3. DataSHIELD
Repeated until
answer reached

4. Rationale
DataSHIELD is ethically robust
Budin-Ljøsne, I et al. DataSHIELD: An ethically robust
solution to multiple-site individual-level data analysis.
Public Health Genomics 2015;18:87-96
Need to consider the legal implications of the
use of DataSHIELD in cross-border applications
DataSHIELD relies on the assumption that anonymised
data falls outside current the data protection
provisions, but true for every European country (?)
General Data Protection Regulation (GDPR) is coming:
‘compromise’ language states that anonymised data
will fall outside new data protection rules, but
unknown if this position will be approved
Unknown what is needed for non-European countries

5. UK analysis
Only a UK analysis has been conducted
Wallace SE, Gaye A, Shoush O, Burton PR: Protecting Personal Data in
Epidemiological Research: DataSHIELD and UK Law. Public Health
Genomics 2014, 17:149-157
DataSHIELD does comply with UK law
DataSHIELD only processes anonymised data
Although the biobank holds the link that can identify individuals, the
data has been ‘changed’ sufficiently to protect participant data
Common Services Agency v Scottish Information Commissioner [2008]
UKHL 47
Does not breach an individual’s right to privacy under UK Human
Rights Act 1998
R v Dept of Health ex parte Source Informatics Ltd [2001] 1 All ER 786

6. DataSHIELD Legal Analysis Template for Europe
BioSHaRE and other projects are not limited to the
UK!
Working with Healthy Obese Project cohorts to
determine factors that they [individual European
researchers or biobanks] considered when agreeing
to participate in DataSHIELD
Doiron D et al. Data harmonization and federated analysis of
population-based studies: the BioSHaRE project. Emerg Themes
Epidemiol 2013; 10(1):12

7. • What formal approvals were needed to
be involved in a DataSHIELD analysis
and in choosing variables?
• Do consent materials address:
• Is data is coded/anonymised?
• Is prior ethics approval needed for
data access?
• Can data be shared outside
institution?
• With whom can data be shared?
• Is there guidance on what constitutes
‘anonymised data’ in your country?
• Are there links to your biobank’s data
security provisions?

8. Future plans I
Revise SurveyMonkey questionnaire according to
responses from BioSHaRE biobanks to create a
template for biobanks who are considering using
DataSHIELD
Pilot questionnaire through BBMRI ELSI to gain their
input and capture different country perspectives
Identify and trial questionnaire with European
biobanks who have not used DataSHIELD
Finalise a ‘European’ template (dependent on
any changes in data protection rules)

9. Future plans/questions?
Approach European research ethics
committees – if a biobank met the
requirements of the template, could
that be used to gain ethics approval?
Can a similar exercise be used with
other countries and jurisdictions, or
are the differences too great?
What happens if anonymised data falls
under data protection rules in Europe?

10. Acknowledgement
The research leading to these results has received funding from the
European Union Seventh Framework Programme (FP7/2007-2013) under
grant agreement n° 261433 (Biobank Standardisation and Harmonisation
for Research Excellence in the European Union - BioSHaRE-EU)