Health data privacy and confidentiality rights

(1)

Pleasecitethisarticleinpressas:FariaPLd,CordeiroJV.Healthdataprivacyandconﬁdentialityrights:Crisisorredemption?RevPortSaúde w w w . e l s e v i e r . p t / r p s p

Original

Article

Health

data

privacy

and

conﬁdentiality

rights:

Crisis

or

redemption?

Paula

Lobato

de

Faria

∗

,

João

Valente

Cordeiro

EscolaNacionaldeSaúdePúblicadaUniversidadeNOVAdeLisboaandCentrodeEstudosdeSociologiadaUniversidadeNovadeLisboa, Lisboa,Portugal

a

r

t

i

c

l

e

i

n

f

o

Articlehistory: Received31July2014 Accepted15October2014 Availableonlinexxx Keywords: Righttoprivacy Righttoconﬁdentiality Healthdata

Healthdataprotectionandsecurity Patient’srights

Europeandataprotectionlaw

a

b

s

t

r

a

c

t

Althoughwidelyanalyzedbyauthorsandtheoreticallyvaluedbythepublic,therightto healthdataconﬁdentialityseemstobemoreofanacademicﬁgurethanarealprotected right. This happens duetointrinsic problems withthe practicalenforcement ofsome patient’srights,butisgettingmorenotoriousincontemporarysociety.

Thisarticledescribestherightstohealthdataprivacyandconﬁdentialityinitsclassical contours,focusingonareasofconsensusandcontroversyandanalyzingtherecent trans-formationsinsocietythatarecausingacrisisinthesesamerights.Weagreethatthereare reasonstobelievethattherearenonovellegalinstrumentsinHealthLawtoredeemthese rights,exceptforEuropeanDataProtectionLaw.Here,webrieﬂyanalyzethenewEuropean dataprotectiondraftregulation,whichintendstobringreinforcedtoolsonthisdomain.

Weconcludethatthejuridicalaurathatstillembracestherighttomedicalandgenetic dataconfidentialityinHealthLawandBioethicsseemsnolongertohaveapracticalsense. Inordertoassurethepracticalexistenceofprivacyandconfidentialityinthemedicaland geneticfields,HealthLawneedstodedicatemoreattentiontothisarea.

Direito

à

vida

privada

e

à

conﬁdencialidade

de

dados

de

saúde:

crise

ou

redenc¸ão?

Palavras-chave:

Direitoàvidaprivada Direitoàconﬁdencialidade Dadosdesaúde

Protec¸ãoeseguranc¸adedados desaúde

Direitosdosdoentes

r

e

s

u

m

o

Apesardeamplamenteanalisadopelosautoreseteoricamentevalorizadopelopúblico,o direitoàconfidencialidadedosdadosdesaúdeparecesermaisdeumafiguraacadémicado queumdireitorealmenteprotegido.Talacontecedevidoaalgunsproblemasintrínsecosna aplicaçãopráticadealgunsdosdireitosdosdoentes,mastorna-secadavezmaisnotório nassociedadescontemporâneas.

Esteartigodescreve,emprimeirolugar,osdireitosàvidaprivadaeàconﬁdencialidade dedadosdesaúdenosseuscontornosclássicos,mostrandoasáreasdeconsensoe con-trovérsiasemtornodeles.Emsegundolugar,analisam-seasrecentestransformac¸õesna

∗ _{Corresponding}_author.

E-mailaddress:pa.lobfaria@ensp.unl.pt(P.L.d.Faria).

http://dx.doi.org/10.1016/j.rpsp.2014.10.001

(2)

Pleasecitethisarticleinpressas:FariaPLd,CordeiroJV.Healthdataprivacyandconﬁdentialityrights:Crisisorredemption?RevPortSaúde

Direitoeuropeudaprotec¸ão dedados

sociedadequeestãoacausarumacrisenessesmesmosdireitos,sendoestacapazdeos transformaroumesmodeoseliminarcomodireitosdosdoentesverdadeiramente respeita-dos.Nestecapítulo,constata-sequeháfortessinaisparaacreditarquenoDireitodaSaúde enaBioéticaosdireitosàvidaprivadaeàconfidencialidadeestãoasofrerumacrisee quenãosetêmcriadoquaisquerinstrumentoslegaisinovadoresemDireitodaSaúdepara osresgatar,aocontráriodoqueacontecenoDireitoEuropeudeProtecçãodeDados.Esta premissalevaàterceirapartedoartigo,ondeseanalisambrevementeapropostadonovo regulamentoeuropeudeproteçãodedadospessoais,cadavezmaispertodeserpublicado, oqualpretendetrazerferramentasreforçadasnestedomínio.

Conclui-sequea aurajurídicaqueaindaenvolveosdireitosàconfidencialidadedos dadosmédicosegenéticosemDireitodaSaúdeeBioéticanãopareceterjáumsentido prático,sendoquasecomopromoverumprodutocomenormepotencialmasquenãoexiste nomercado.Aúnicaáreaqueaindasemovenafrentededefesadavidaprivadae da confidencialidadededadospessoaisnanossasociedadeéodireitoeuropeudeproteção dedados.Noentanto,mesmoqueestefactoapresentenovastendênciaslegaisquepodem ajudaradaraosdireitosdosdoentesàvidaprivadaeàconfidencialidadedosseusdados umpoucomaisdeforça,pensamosque,apesardasmedidaseuropeiasinovadoras,oDireito daSaúdeprecisadesededicarmaisaproduzirumnovopensamentojurídicooperacional paraosdireitosàvidaprivadaeconfidencialidadenosfuturoscenáriosdaMedicinaeda Genética,sobpenadestespoderemdeixardeexistirnaprática.

Introduction

“Issuesofprivacyhavebecomeentangledwith bioinfor-maticsas,increasingly;werelyontechnologyratherthan onhumanbeingstoresolveprivacyissues.”1(p6)

“Newtechnologies upheave old norms, and newnorms needtobenegotiated:aprocessthattakestime.”2(p125)

Preliminarynote

Althoughweare aware that thetopic ofthis articleis not novel, we think that it still needs attention ascontinuous transformationsinsocietyareconstantlybringingnewfacts thatreﬂectupontherightstoprivacyandconﬁdentialityas patient’srightseitherinhealthcareormedicalresearch sett-ings.

Baringthispremiseinmind,thispaperaimstodiscussthe classicalconceptsoftherights toprivacyand confidential-ityofhealthversustherecentdevelopmentandsolidification ofapermanent“realityshow” societywhich trivializesthe disclosureandthedisseminationofpersonaldata,including healthdata.Moreandmorepeopleadheretofree informa-tionandareignorantorreluctanttodataprotectionprinciples until they suffer considerable consequences. Nevertheless, litigation regarding the rights to privacy and confidential-ity ofhealthdataisrare. As someauthors putit “the(...) issueofmedicalconfidentialityhasbeenmorediscussedthan litigated.”3

ThereisanampleHealthLawandBioethicsliteratureon theimportanceoftherighttoconﬁdentialityofmedicaland geneticdata,whichisconsideredafundamentalpatientright andisenshrinedintheLawofseveralWesterncountries.This

right isalsooneofthe maindataprotectionrights. Impor-tantly,medicalandgeneticdataareconsideredexceptionally sensitive data bycurrent Data ProtectionLaws, which isa specialstatusrequiringextrasecurityandconﬁdentiality pro-tectionmeasures. Thereasonforthisspecialstatusisthat medicalandgeneticdataareconsideredtobelongtothe “pri-vate”sphereoftheperson(datasubject),astheyrelatetothe mostintimatepersonalareas.Hence,anunauthorized disclo-sureofthisdataispotentiallymeanttocausediscrimination andstigmatizationinthepersonal,professionalorsociallife domainsofthedatasubject.Concurrently,healthdataprivacy isalsoaveryimportanttoolinPublicHealthpolicies(e.g.for theacceptanceandsuccessofname-basedsurveillance).4

FromtheHippocraticOath,totherighttobeforgotten

Thedutyofconﬁdentialityisamedicaldeontologicalpillar sincethe HippocraticOath, dating backtothe 5th century BC. On the other hand, the right to privacyis a relatively recentjuridicalconcept.Theclassicalconceptionoftheright toprivacysproutsfromthenotionthatthroughoutlifeevery personmoveswithinjuridicalspaceswithvaryingdegreesof liberty.5,a_Such_spaces_can_be_broadly_grouped_into_two_main

areas,apublicandaprivatesphere.Whenwemovewithinour publicspherewhateverwedo,sayorchoosecanbeconsidered

a_Jonathan_Franzen_refers_to_this_matter_in_page₄₃_of_his_very

acuteessayonprivacy,called“ImperialBedroom”:“Whatreally undergirdsprivacyistheclassicalliberalconceptionofpersonal autonomy orliberty.Inthelastfewdecades,manyjudgesand scholarshavechosentospeakofa“zoneofprivacy”ratherthana “zoneofliberty”,butthisisashiftinemphasis,notinsubstance: notthemakingofanewdoctrinebuttherepackagingofanold one”.

(3)

publicinformationinawaythatnorestrictionsare placed toitsdiffusionanddissemination.Inparallel,insideour pri-vatesphere,specialcaremustbeexercisedinordertorestrict accessandsharingofinformationsothatspeciallimits,which aredeﬁnedbytheindividual,arenotcrossed unlessavery signiﬁcantpublicinterestisatstake.Therighttoprivacyisin thatsensea“personalityright”6,b_rooted_in_the_need_to_respect

theautonomyofpeopleandaimedatprotectingthemfrom harm.7_The_concession_to_every_human_being_of_an_individual

privatespaceisdeeplyconnectedwithvaluessuchas free-domandself-determination.Certainly,thebordersbetween publicand private spheresvary signiﬁcantly dependingon historicalandsociologicalcontexts,politicalconditionsand evenpersonalandindividualrepresentationsofreality.Ithas beenmorethan120yearssinceSamuelD.WarrenandLouisD. Brandeis8_wrote_“The_Right_to_Privacy”_an_inﬂuential_Harvard

LawReviewarticledrawingattentiontotheneedof protec-tionagainsttheinvasionofprivacy.Inthisarticle,theauthors deﬁnedtheconceptofprivacyprotectionbyadaptingafamous expressionofjudgeThomasCooley(regardingtortinjury)as “(...)aninstanceoftheenforcementofthemoregeneralright oftheindividualtobeletalone”.8

The premonitory significance of this article and the increasingdifficultyandnecessitytofindthecorrectmeasures toprotectprivacyinanageoffast-pacedtechnology-driven progressarewellacknowledged.Infact,justaboutone hun-dredyears afterWarren andBrandeis,inapersuasive1998 NewYorkeressaytitled“ImperialBedroom”,JonathanFranzen depictedprivacyas“(...)espousedasthemostfundamental ofrights,marketedasthemostdesirableofcommodities,and pronounceddeadtwiceaweek”.5 _{Interestingly,}_in_“Imperial

Bedroom”FranzenalsoquotedRichardPowers’deﬁnitionof theprivateaspectsoftheselfas“(...) thatpartoflifethat goesunregistered”.5

Thesequotesreﬂectthepresentstateoftherighttoprivacy, whichwasbornoutofaworldthathadjustdiscoveredthe wondersandperilsofthetelephoneorphotographyandtoday isthreatenedbyourtechnology-swampedlives.Weconcede thatthechallengesthattechnologyposestotherightto pri-vacyandconﬁdentialityaremanyandthatsocietyhasevolved inwaysthatseem tocontradictthealmost revered impor-tancethattheserightsoncehad.However,thesechallenges donotnecessarilycorrespondtooblivionoftheserights. Evi-dencehasshownthatregardinghealthandgeneticdata,the protectionoftheserightsisstillapriorityforpatientsand physicians.7,9,c_Furthermore,_it_is_the_main_concern_of_the

pub-licregardingthedonationsoftheirownbiologicalmaterialto biobanks.10_This_fact_suggests_that_privacy_and_{conﬁdentiality}

arestillvaluedconceptsbymostpeopleandthereforedidnot losealltheirpracticalsense.

Someofthesefactors,whichexplainadiminishingvalue ofthe rights to privacyand conﬁdentiality, were generally

b _This_is_the_category_of_rights_in_which_the_Portuguese

Consti-tutionincludestherighttoprivacy(article26).SeeforallMoreira andCanotilho,Constituic¸ãodaRepúblicaPortuguesa,Artigos1◦_a

107◦.

c _Despite_court_actions_against_{professionals}_who_did_not

dis-closegeneticrisktorelativesoftheirpatientsthereisreluctance fromphysiciansandgeneticcounselorstobreachconﬁdentiality.

identiﬁed by the EuropeanCommission as a basis for the ongoing reform of data protection in the European Union (EU).11_We_highlight_(infra₃₎_the_efforts_on_new_data

protec-tionmechanisms,whichhavebeendevelopedbytheEuropean Commission(EC),coinedinthedraftofanewdata protec-tionregulation,d_as_a_good_example_of_{conﬁdentiality}_rights

resilience.11_We_analyze_this_new_legal_turn_in_data_protection

intheEUandmakesomeconsiderationsonitsrelevancefor theconfidentialityofpersonalhealthdata.Inbrief,thenew regulationwillgivemorepowertocustomersofonline ser-vices,determinestrongersafeguardsforEUcitizens’datathat getstransmittedabroad,andconsiderablyincreasefineson companiesthatbreachthelaw.Importantly,intheregulation draft,healthdataarestillconsidered“particularlysensitive andvulnerableinrelationtofundamentalrightsorprivacy” deserving“specificprotection”.11

Wealsoexaminethenew“righttobeforgotten”whichis alsoenactedinthealreadymentionedregulationdraftondata protectionandwasrecognizedbytheCourtofJusticeofthe EuropeanUniononMay2014intheGoogleSpainSL,GoogleInc. vsAgenciaEspa ˜noladeProteccióndeDatoscase.12

Inbrief,thisarticleaimsmainlytosummarizetheissues andquestionsraisedinthehealthdataprotectionﬁeld,rather thantoprovideanysolutions.Nonetheless,bearingthenew EuropeanLawdevelopmentsinmind,thisarticleendswith ourlastwordonthestatusquoofprivacyandconﬁdentiality ofpersonalhealthdatarights(seeinfra4).

State

of

the

art

Therightstoprivacyandconﬁdentiality

Therighttoconfidentialityisbasedonthefundamentalrights toprivacyandto“informationalself-determination”,which relate to personal data protection (data protection rights). However,confidentialityisadifferentconceptthanprivacy, and it comprises morethan data protectionrights. Firstly, confidentiality works downstreamofprivacyandfor confi-dentialitytobelegally“triggered”,privacymusthavealready beendisclosed.13_Furthermore,_on_one_hand_the_right_to

pri-vacy iswhat is calleda “negative” right because it claims non-interferencewithinformationbelongingtothe private sphere.Ontheotherhand,conﬁdentialityisbotha“negative” anda“positive”rightasitsimilarlyclaimsnon-interferenceor silence(e.g.intheformofprofessionalsecrecy)butalso prac-tical protectiveactions(e.g. securitymeasures;supervision; sanctions–seeFig.1).

Historically,understandingtherealmeaningandthelimits oftherighttoconﬁdentialitycanbebetterachievedby tak-ingalookatthe1988EnglishtortlawcaseAttorneyGeneralv. TheObserverLtd.14_This_case_covered_the_publication_in_several

Britishnewspapers ofexcerptsfrom thecontroversialbook

Spycatcher,writtenbyformerMI5counterintelligenceofﬁcer

d_Regulations _are _the _strongest _European _Union _normative

instrumentsenteringinforceinallmemberStatesassoonasthey arepublishedintheOfﬁcialJournaloftheCommunities.They dif-ferfrom“directives”,whichneedtobetransposedtothemember Statesinternallegalorder.

(4)

Confidentiality V. Privacy

Privacy sphere

Direct disclosure (doctor)

Professional secrecy Security measures Supervision sanctions Indirect disclosure (biobank)

Medical-genetic

information Secret information

Confidentiality

Fig.1– ConﬁdentialityV.Privacy.

PeterWright.Thebook,atthetimealreadypublishedinthe USAandAustraliabutnotinEngland,containeddetailsabout Wright’sactivityinMI5,whichconstitutedaviolationofanAct oftheParliamentoftheUnitedKingdom–theOfficialSecrets Act1991–protectingstatesecretsand officialinformation. InhisargumentintheHouseofLords,LordGoffof Chieve-leyidentifiedavitaldimensionoftherighttoconfidentiality –thedutyofconfidence.AccordingtoLordGoffof Chieve-ley,thisduty“(...)ariseswhenconfidentialinformationcomes totheknowledgeofaperson(theconfidant),withtheeffect that(...)heshouldbeprecludedfromdisclosingthe informa-tiontoothers”.14_Therefore,_he_concludes_“(_._._.)_there_is_such

apublicinterestinthemaintenanceofconﬁdences,thatthe lawwillprovideremediesfortheirprotection”.11_Importantly,

AttorneyGeneralv.TheObserverLtd.alsopermittedtoidentify thelimitstotherighttoconfidentiality.First,therightto con-fidentialityonlyappliestoconfidentialinformationandnot toinformationthathasalready enteredthe publicdomain (informationforwhichthereisgeneralaccess).Second,the righttoconfidentialitydoesnotapplytotrivialinformation. Third,andperhapsmostsignificantly,thepublicinterestof confidenceprotectionmustbebalancedinthefaceofother publicinterests.Inthisregard,LordGoffofChieveleydeclares that“(...)itisthislimitingprinciplewhichmayrequireacourt tocarryoutabalancingoperation,weighingthepublic inter-estinmaintainingconfidenceagainstacountervailingpublic interestfavoringdisclosure”.14

AsAttorneyGeneralv.TheObserverLtd.sowellillustrates, themostcontroversialpartoftheright/dutyof confidential-ityisthezonewherethisrighthastobebalancedwithother conflictingpublicinterests.Infact,thiszoneofconflicthas beenthesubjectofintensestudyinthefieldsofHealthLaw andEthicsmainlyinthedomainofHIVinfection(probably themostcontroversial)and,particularly,intherelated ten-sionbetweenthedutyofprofessional/medicalsecrecyandthe dutytodisclosepersonalhealthinformationforthepurposes ofprotectingathirdparty’shealthorlife.Importantly,recent advancesingenomicsandthepossibilitytodefinesomeone’s futurerisk ofdevelopingadisease byanalyzing hereditary geneticinformationfeedsintothesamediscussionand illus-tratesthatthisdebateisverymuchaliveinourtime.15

Understandingthe tensionbetweenthe right to/dutyof conﬁdentialityandpublicinterestmustalsobeinformedbya

closerlookatdifferentdefinitionsofthelatter.Publicinterest isanopenandeverevolvingconcept.Manywouldarguethat nomattertheextenttowhichtheconceptevolvesand trans-forms,publicinterestshouldneverbeallowedtobeconfused withcuriosity orvoyeurism andthat exaggerated broaden-ing ofsomedefinitionsofpublicinterestwould,ultimately, endupemptyingthenotionofprivateinformation,turningit into trivia,anddefeatingthepurposeofrecognizingaright to confidentialitywithbalanced limits.On theother hand, others arguethatwearemovingtowardsabroadnotionof publicinterestthatwould,mostofthetimes,favordisclosure ofinformation.Accordingtothisnotionthealternative pub-licinterestrelatedtoprotectingconfidencelooksincreasingly morelike aprivateinterest.Nomatterwhich sidewetake onthis argument,it isimportanttobalancepublicinterest withconfidentialityandidentifyanddiscussrelevantfactors leadingtoapossiblefadingortransmutationofthelatter.

The rights to privacy and conﬁdentiality are nowadays entangledwiththerighttotheprotectionofpersonaldata, whichisestablishedbyArticle8oftheCharterofFundamental RightsoftheEU,16_Article₁₆_of_the_Treaty_on_the_Functioning_of

theEuropeanUnion(TFEU),17_and_in_Article₈_of_the_European

ConventionofHumanRights(ECHR).18_As_underlined_in₂₀₁₀

bytheCourtofJusticeoftheEUinthejoinedcasesVolkerund MarkusScheckeGbRandHartmutEifertvLandHessen,19_the_right

totheprotectionofpersonaldataisnotanabsoluteright,but mustbeconsideredinrelationtoitsfunctioninsociety.Data protectioniscloselylinkedtotherespectforprivateandfamily lifeprotectedbyArticle7oftheCharter.16Thisisreﬂectedby Article1(1)ofDirective95/46/EC20_which_provides_that

Mem-berStatesshallprotectfundamentalrightsandfreedomsof naturalpersonsandinparticulartheirrighttoprivacywith respectoftheprocessingofpersonaldata.

Whatever happens in the data protectionlaw ﬁeld will affecttremendouslytherightstoprivacyandconﬁdentiality inthehealthlawdomain.Thisiswhytheongoingreformin Europeandataprotectionlegalinstrumentsissoimportant todiscusshere.Ina2012documentprecedingthedraftofthe newEUregulation,withthesuggestivetitleofSafeguarding Pri-vacyinaConnectedWorld–AEuropeanDataProtectionFramework forthe21stCentury,21_the_European_Commission_undoubtedly

showsthattheprotectionofprivacyandconﬁdentialityrights isthecoreofdataprotectionlaw.Thisdocumentidentiﬁes

(5)

asthe majorchallenge fortoday’sdataprotection,thenew waysof sharing information, through socialnetworks and storinglargeamountsofdataremotelywhich“havebecome partoflifeformanyofEurope’s250millioninternetusers”.21

Nevertheless,itstressesveryclearlythat “inthisnew digi-talenvironment,individualshavetherighttoenjoyeffective controlovertheirpersonalinformation”.21

Inaway,wethinkthat,atpresent,dataprotectionlawis the“practical”or“feasible”partofthedefenseoftherights toprivacyandconﬁdentialityofhealthinformation.Thisis particularlysoasnowadays,thecompliancewiththeserights essentiallydependsalmosttotally onthe existenceofvery objectivesecuritymeasuresinhealthcareinformation tech-nologies(IT).Forinstance,theconceptof“privacybydesign” (seeinfra3)broughtupbytheEUdataprotectionreformand alsoincludedinthedraftofthenewregulation,11,e_if_adopted

inhealthcareunitscouldbethekeytopreventbreachesof con-ﬁdentiality“fromscratch”.However,thecostsandtechnical implicationsofthesemeasuresmaybedissuasive,particularly ifsanctionsfornotcomplyingwithdataprotectionmeasures arenotstrongenoughorifcontrolbythecompetent authori-tiesisinexistent.

Nowadays,personalhealthdataarestoredandaccessedin differentsystems,sometimesindependentlyofsecrecyduties. Inother cases, suchdata can evenbestored inthe Cloud,

althoughthispracticeisconsideredtobeinadvisablebydata protectioncommissioners.Hence,itisobviousthatinorder toprotecttherighttoconﬁdentialityincontemporary soci-etiesand healthcareunits,informationtechnologysystems mustprovidethe appropriatemechanismstoavoid illegiti-matebreachesofpatient’sdata.Averyimportantcorollaryof thisisthatconﬁdentialitybecameexpensivetoprotectand,as such,itmaycometobemoreofa“luxury”tohealth manage-mentthanabasicnecessity.Thistendencymayevenbemore acutewithinthe healthcaresystemsinaninverted demo-graphicpyramidworld.

Consensualanddefyingideas

The interconnected rights to privacy and confidentiality regardingmedicalandgeneticinformationhavebeenamply discussedintheBioethicsandHealthLawfieldsandhavebeen theobjectofconsensualanddefyingideas.Inthefirstgroup, itisindisputablethatasacentenarymedicalduty,thedutyof medicalsecrecyisstillkeytothemedicalbusiness.Without theperceptionthatphysiciansareboundbyadutyofmedical secrecy,certainlymostpatientswouldnotdisclosesomeof theirintimateclinicalhistory.Furthermore,itisimportantto highlighttheconsensualnotionthattherightto confidential-ityinhealthworksnotonlytopreserveasignificantelement oftrust,whichisofvitalimportanceinmostinteractionsin thehealthcarecontext,butalsotopreventstigmatizationand defendagainstdiscrimination.Therefore,confidentiality pro-tectionmeasuresarevaluablepublichealthallies,notonlyin thehistoryofepidemicsasalreadymentionedabove4_but_also

inrelativelynewareas,suchaspublichealthgenomics(e.g.

e _See _section ₂ _on _Data _Security, _article _30/3 _(security _of

processing)oftheregulationdraft.

withouttrustintheconﬁdentialityofbiobanksforresearch purposes,peoplearenotwillingtodonatetheirDNA10_).

However,relevantastheymaybe,thetraditionalconcepts ofprivacyandconfidentialityhavebeensubjecttosignificant defiance.Thefirstnoteworthyexampleisthatofthefamous 1982NewEnglandJournalofMedicinearticlebyMarkSiegler,22

whichdenouncedtheexcessivenumberofpeopleaccessing medical records in hospitals, leading to the characteriza-tionofconﬁdentialityinmedicineasa“decrepitconcept”.22

Twentyyearsafter,anextensiveliteraturereviewbyPamela Sankarandcolleaguesillustratedageneralunawarenessor misunderstanding of the ethical and legal right to medi-calconﬁdentialitybypatients,whichpromptedtheauthors to label the concept as both “over and underestimated”.23

Notably,widespreadconfusion(andinsomecasesignorance) aboutconfidentialityanditsrelevanceinthebiomedicalarena isthoughttobeinfluencedbytheinexistenceofaclear,precise andharmonizeddefinitionofwhatconstitutes“confidential data”.Thisimprecisionhasledsomeauthorstoportray con-fidentialityasa“TourofBabel”.24

In addition to the aforementioned issues on a lack of clear definitions of“confidential data” and privacy bound-aries,recenttrendsinthecontextofgenetics(forexamplein thecontextofbiobanking)providenovelchallengestohealth privacy. Theadvancement oftechnologyand its impactin molecularbiologyresearchalsobroughtagitationandstress tothe conceptsofprivacyand confidentiality.Insummary, cantheseconceptssurviveintheformofadutyofgenetic confidentialityandgeneticprivacyrights?Letuslookatthe example ofbiobanking.Inbiobanksthereisno“privileged” relationship3 _between _the _scientists _on _one _side _and _the

researchparticipantsontheother,contrarilytowhathappens in the patient-physician biomedicalrelationship.This con-trastnecessarilymeanstheneedofaredefinitionofthelegal basisinwhichpersonalinformationissharedandprotected inbiobanks.Infaceofthesenewchallenges,thenecessary departurefromclassicalnotionsissometimessosignificant thatsomeauthorsconsiderthatconceptscannotbendthat far without being irreparablybrokenand thereforewonder whetherconfidentialityisnowbutanobsoleteconcept.25

Toclosethisbriefpresentationofdefyingideasonhealth andgeneticdataprivacyandconfidentialityweshould men-tiontheissueofanonymizationofhumanbiologicalmaterials (HBMs).Inreality,biobankingactivitiesposeprivacyand con-fidentialityobstaclesthatseemtobesurpassediftheconcept ofconfidentiality isredefined and reconfigured,moving on fromatrust-basedmodelofinformationsecrecy,towardsan anonymized-data model.26 _The_{pre-requisite}_would _be_that

anonymizationbecameacorerequirementtobuildabiobank. However, anonymization ofHBMs poses several questions, whichendangerthisapparentsolution.QuotingMariachiara Tallachinni”27 _the _rationale _behind _this _model_is _based _on

theassumptionthatthede-identiﬁcationofthehuman bio-logicalmaterials(HBMs)canceltheir“subjectivetraceability”,

i.e.thecharacteristics thatrenderthem re-identifiable, and thatthis,throughdifferentmethodsofencryptingthe sen-sitive information,is“thetechnicalfilterwhichguarantees dataconfidentiality”.27 _Nonetheless,_the_same_author

inter-estinglysuggeststhatthereareareasofdoubtinthevalidity of this “guarantee”. Firstly,by statingthat “theexpression

(6)

‘anonymizationofdata’ oftenconcealssituationsinwhich, infact, thepossibilityofreidentifyingdatastillexists,and, therefore,inwhichanonymityisneitherrealnorcomplete” (...). Secondly, and perhaps more critically, by considering anonymityas“therhetoricalstrategyfordenyingthe exist-enceofany subjectiveinterestinHBMsand,consequently, forafﬁrming theirfreeavailabilitytothosewho maymake interestinguseofthem:thebiotechindustry”.27

Insummary,theaforementionedconsensualanddefying ideasclearly illustrate how the field ofhealth and genetic dataprivacyandconfidentialityrightsisaverycomplexlegal ground,whichclaimsformorededicatedattentionfrom aca-demicsinthefieldofHealthLaw.

Factorsthataretransforminghealthdataprivacy andconﬁdentiality

Theprogressiveerosionofourownprivatespheres2_is_now

contributingtothe growth and expansionofa global pub-licsphereweallshare.Privacyconcessionscanbeobserved everywhereandhavemultiplecausesandaims.Security,for example, is the prominentcause for disclosure of private data.Followingthe9/11terroristattacksintheUnitedStates ofAmerica,privacyconcessions based onsecurity reasons were greatly expanded.28 _{Concomitantly,} _intrusions _in _our

privatespheressuchasairport screening,collectionof fin-gerprintsandphotographsandextensivevideosurveillance arenowwidelyacceptedand perceivedasnormalpractice. Remarkably,people are not onlytoleratingprivacy conces-sionsforsharedpurposessuchascommonsecuritybutalso increasinglyoptingtogiveawayprivacyforindividualgains, suchasfame,moneyandrecognition.TVshowsandsocial phenomena wherepeople linger on other’s most intimate momentssuchasprecisefirst-handaccountsofdeeply trau-maticexperiences(includinghealth-relatedconditions)have gainedsignificantnotoriety.ThecaseofJadeGoody,a27 year-oldBritishBigBrotherparticipantisanextremeexampleof exposureofterminalillnessinthemedia.Goodyraisedaround £1mfrommediadealssignedsinceshewastoldshehad ter-minalcervicalcancer.Hermainreasontosignthesecontracts foralivecoverageofherfinaldayswastoleavethemoneyto herchildren.f

InPortugal,veryrecently,ManuelForjaz,awell-knownand charismaticacademicfamouslysharedwritingsandphotos onsocialmediaabouttheprogressionofhiscancer,including chemotherapysessions,itssecondaryeffectsandconsequent suffering. During this period he participated in a weekly TV show and spoke regularly and openly in public about hisdisease.He died afew days afterpublishingof abook abouthissharedexperienceasacancerpatient.29_These

sit-uationsillustratethepossibletransformation ofthe nature

f _See_newspaper_articles_“Jade_Goody_to_wed_and_die_‘in_the

pub-liceye’TherealityTVstarwillsellmediarightstoraisemoneyfor herchildren”(TheObserver,Sunday15February2009)Availableat:

http://www.theguardian.com/theobserver/2009/feb/15/jade-goody-cancer)and“JadeGoodysettomake£1mfrommediadeals” (the-guardian.com,Wednesday 18February 200912.33, available at:

http://www.theguardian.com/media/2009/feb/18/jade-goody-wedding-deals).

of healthdata from a paradigm ofsecrecy made ofa cer-tain “embarrassment”,3 _into _a _possible_future _paradigm_of

openness.Overall,healthdataarebecomingsocially accept-able informationandits self-disclosureisbecoming trivial. However,thistendencycertainlydoesnotsuiteveryoneas dif-ferentpeoplehaveverydifferentnotionsofwhattheywant tokeepprivate.Still,theparadigmmaybechanging,andit wouldbeatleastdoubtfulifsomeonewhosharedhisorher healthconditiononsocialmediacouldsubsequentlytrytosue thosewhodecidedtosharethatinformationoutsidethecircle withinwhichthatinformationwasoriginallyshared.Hence, in a world where health information too becomes widely sharedonsocialnetworks,societycanrelativizetherightsto medicalandgeneticprivacyandconﬁdentiality,whichmay ultimatelypervadelawandjustice.

Trivializationofthesharingofformerlyconsidered “sen-sitive data”isalsobecomingmoreacuteduetothealmost impossible taskthatisrequiredofdataprotection authori-tiestocontrolthemultitudeofhealthdata,whichiscurrently being collected.On the other hand,building systems that secure confidentiality is sometimes considered a luxury, whichisneglected byhealthadministrators,particularlyin countrieswherefinancialcriseshaveledtoausterity meas-ures (e.g. Portugal). In the case of Portugal, the absence ofsystematicsupervisionand sanctions bydataprotection authorities, which struggle with lack of means, together with thealmost inexistent litigationinthis domain,result inrandomprivacyorconfidentiality protectionconcernsin healthcareunits.Asaconsequence,anecdotalevidence indi-cates that it is possible for administrative staff to access patients’ medical histories, in violation of national law. Unsurprisingly, incountries wheresocialwelfare is jeopar-dized,patientsprioritizeaccesstocareoveranyotherrights andarelesspronetocomplainofcasesinvolvingaviolation ofprivacyandconfidentialityrights.

Geneticprivacyandconﬁdentiality

Notably,thiserosionofhealthdataprivacyand confidential-ity finds parallel inmorespecific phenomenain the areas of geneticsand genomics.Here again, privacyconcessions are motivated by public and private interest alike. As we know,theHumanGenomeProject (HGP)and theadventof genomicshavehighlighted(oratleastpromised)the impor-tanceofgeneticdatainfightingdiseaseandimprovinghealth outcomes. Forexample,different PublicHealth fields,such as infectious andchronic disease,occupationalhealth and environmental health can advantagefrom the progressof genomicsandthesharingofgeneticdata,leadingtowhathas beendescribedbysomeauthorsas“Geneticinformationfor all”syndrome.30_This_subject_and_the_related_issue_of

person-alizedmedicine(wheretherapyisspecificallydesignedtoan individualbasedonhis/hersgeneticprofile)havedeepprivacy andconfidentialityimplications.Firstandforemost,wemust considerwhetherourgeneticinformationcancontributeto significant conclusionsabout ourrisksofdevelopingfuture diseases.Ifthatisestablished,atleastatareasonablelevel, geneticdataneedtobeconsidered asprivateasany other healthdata.Nevertheless,itisclearthatifsomeonecarriesa geneticalterationthathasbeenassociatedwithasignificant

(7)

andelevatedriskofdevelopingadiseaseinthefuture,that informationcould beusefultofamilymembers whomight sharethatsamealteration.Despitethefactthatdifferent stud-iesshowthattheoverwhelmingmajorityofpatientschoose topassinformationofgeneticriskandgeneticdiseaseto fam-ilymembers,insomecasessharinginformationcollidesboth withthepatients’willandtherightoffamilymembersnot toknow.31,32 _Hence,_in _pondering _whether _or _not_to _share

geneticdatawithfamilymembers,theprobability thatthe diseasewilldevelopandthemagnitudeoftheharmshould thatdiseaseindeeddevelopmustbebalancedandweighted againstthecosts(individualandpublic)ofbreaching conﬁ-dentialityduties.13 _Hence,_clearly, _the_advances_in_genetics

andgenomicsposesigniﬁcantchallengestoprivacyand con-ﬁdentialitytoo.

Finally,justasupplementarynotetomentionthat,inline withtheaforementionedsecurityconcernsandtherefore per-hapsunsurprisingly,itisalreadyacceptedtogiveawaygenetic privacyforjusticereasons,insomecases.Forexample,theUK NationalDNAdatabasealreadyincludesDNAproﬁlesofmore than3millionindividuals,coveringmorethan6%ofthe pop-ulationandraisingprivacyandconﬁdentialityissuesamongst otherinnumerousbioethicsandhumanrightsquestions.33–35

Thetopic ofgeneticprivacyand biobanksforforensic pur-poses,however,willnotbedebatedhereasitgoesbeyondthe scopeofthisarticle.

The

European

Data

Protection

Law

reform:

the

redemption

of

health

data

privacy

and

conﬁdentiality

rights?

Preliminarynote

Intheprevioussectionsweidentifiedreasonstobelievethat therightstohealthdataprivacyandconfidentiality–once socherishedinHealthLaw–aresufferingacrisis.This cri-sis iscaused not only bygeneral societal phenomena but alsobyspecificfactorsrelatedtothefieldsofhealthcareand genomics.Wealsomentionedthatweconsiderdata protec-tionlawasthe“practical”or“feasible”partofthedefenseof therights toprivacyand confidentialityofhealth informa-tionas,currently,thecompliancewiththeserightsessentially dependsonsecuritymeasuresandIT.Hence,weagreethat whateverhappensinthedataprotectionlawfieldwillhavea significantimpactintherightstoprivacyandconfidentiality inthehealthlawdomain.ConsideringthatEuropeanData Pro-tectionLawhasbeenrecentlysubjecttoaconsiderablereform, includinganewEuropeanregulationdraft,itisveryimportant toanalyzeithere,althoughnotindetail,asthisdoesnotfit exactlythescopeofthisarticle,whichisorientedtoHealth LawandBioethicsandnottoDataProtectionLawissueswhere otherauthorshavedevelopedthismatter.36,37

TheEUreformofthedataprotectionlegalframework

“Rapidtechnologicaldevelopmentshavebroughtnew chal-lengesfortheprotectionofpersonaldata.Thescaleofdata sharingandcollectinghasincreaseddramatically. Technol-ogyallowsbothprivatecompaniesandpublicauthorities

tomakeuseofpersonaldataonanunprecedentedscale inordertopursuetheiractivities.Individualsincreasingly makepersonalinformationavailablepubliclyandglobally. Technologyhastransformedboththeeconomyandsocial life.”11(p1)

In 2012, the EuropeanCommission (EC)proposed a key reformoftheEUlegalframework,whichledtothedraftof anewEuropeanregulationontheprotectionofpersonaldata. Thisregulationintendstostrengthen individualrights and tacklethechallengesofglobalizationandnewtechnologies (mainlyon-line)byadaptingthegeneralprincipleswhichwere consideredtoremainvalidtothesechallengeswhile main-tainingthetechnologicalneutralityofthelegalframework.

Whenitcomesintoforce,whichhasbecomemorelikely to happen after the majority of the European Parliament approveditsdraft(March2014),thenewRegulation (hencefor-wardcitedas“theRegulation”)willimmediatelybecomethe newgenerallegalframeworkofdataprotectioninallmember StatesoftheEU,abolishingthelongtimerulingofDirective 95/46/CE.20_The_pathway_to_this_reform_was_based_in_several

documentsfrom differententities,someofwhichincluded innovativemechanismstoprotectpersonaldataagainstthe challenges it endures atpresent time.38 _This_pathway_also

included a Eurobarometer 2011 survey39 _on _the _attitudes

towards data protection, which showed interesting results and revealedthatthemajorityofEuropeansfeelobligedor arewillingtogiveuptheirprivacyandconﬁdentialityalmost on adailybasis. Resultsofthe Eurobarometer2011survey showed that 58% of Europeansfeel that there is no alter-native other than to disclose personal information if they wanttoobtain productsorservices;79% ofsocial network-ingandsharingsiteuserswerelikelytodisclosetheirname; 51% theirphotoand47%their nationality.Onlineshoppers typicallygavetheirnames(90%),homeaddresses(89%),and mobilephonenumbers(46%).OnlyathirdofEuropeanswere awareofanationalpublicauthorityresponsiblefor protec-tingtheirpersonaldatarights(33%)andjustoveraquarter ofsocialnetwork users (26%)and evenfeweronline shop-pers(18%)feltincompletecontroloftheirdata.39_Importantly,

thesenumbersjustconﬁrmedwhattheEuropeaninstitutions alreadysuspected.In2010,inaCommunicationtothe Euro-pean Parliament, the Council, the European Economic and SocialCommitteeandtheCommitteeoftheRegions,titled“A comprehensiveapproachonpersonaldataprotectioninthe EuropeanUnion”,40 _the_Commission_concluded_that_the_EU

needed“amorecomprehensiveandcoherentpolicyonthe fundamentalrighttopersonaldataprotection”.40

ThenewgeneralrulesintheRegulationthatcanhave impactintheprotectionofhealthdata

ThenewEUstrategyintendsto“putindividualsincontrolof theirowndata”11_and _in_the_Regulation_a_new_approach_to

whatisconsidered“nominativedata”isadopted.Forinstance, theactsofbeingobservedandbeingtracedbecomeprivacy threats,evenwithoutknowingthenameoftheobservedor tracedperson.36_Article_4/2_of_the_Regulation_determines_that

personaldata“meansanyinformationrelatingtoadata sub-ject”.Datasubjectisdeﬁnedas“anidentiﬁednaturalperson

(8)

oranaturalpersonwhocanbeidentified,directlyorindirectly, bymeansreasonablylikelytobeusedbythecontrollerorby anyothernaturalorlegalperson,inparticularbyreference toanidentificationnumber,locationdata,onlineidentifieror tooneormorefactorsspecifictothephysical,physiological, genetic,mental,economic,culturalorsocialidentityofthat person”(Article2/1).

Asigniﬁcantimprovementistheprincipleoftransparency introducedbyArticle5(Principles relatingtopersonaldata processing), which stipulates that personal data must be “processed lawfully, fairlyand in a transparentmanner in relationtothedatasubject”(Article5/a).

Twootherinnovationsintermsofdatacontrolrightsfrom itssubjectsaretherighttoportabilityandtherighttobeforgotten.

Article18/1oftheRegulationdeterminesthatdatasubjects havetherighttoobtainfromthecontrolleracopyoftheir per-sonaldataina“structuredandcommonlyusedformatwhich iscommonlyusedandallowsforfurtherusebythedata sub-ject”.InArticle18/2itisgrantedtothedatasubjectthe“right totransmitpersonaldataandanyotherinformationprovided bythedatasubjectandretainedbyanautomatedprocessing system, intoanother one,inan electronicformatwhich is commonlyused,withouthindrancefromthecontrollerfrom whomthepersonaldataarewithdrawn”.Assomeauthorsput it,dataportabilityisthereforetherightto“takepersonaldata andleave”.36_Importantly,_the_“right_to_be_forgotten”_(and_to

erasure)isalsoanewoptionintheRegulationandhasrecently beenconﬁrmedbytheCourtofJusticeoftheEuropeanUnion (Article17)12_:

“Anypersonshouldhavetherighttohavepersonaldata concerning them rectiﬁed and a ‘right to be forgotten’ wheretheretentionofsuchdataisnotincompliancewith this Regulation.Inparticular, data subjectsshould have therightthattheirpersonaldataareerasedandnolonger processed,wherethedataarenolongernecessaryin rela-tiontothe purposesforwhich thedataare collectedor otherwiseprocessed,wheredatasubjectshavewithdrawn theirconsentforprocessingorwheretheyobjecttothe processing of personal data concerning them or where theprocessingoftheirpersonaldataotherwisedoesnot complywiththisRegulation.Thisrightisparticularly rel-evant,whenthedatasubjecthasgiventheirconsentasa child,whennotbeingfullyawareoftherisksinvolvedby theprocessing,andlaterwantstoremovesuchpersonal dataespeciallyontheInternet.However,thefurther reten-tionofthedatashouldbeallowedwhereitisnecessaryfor historical,statisticalandscientiﬁcresearchpurposes,for reasons of public interest in the area of public health, forexercisingthe right offreedom ofexpression,when requiredbylaworwherethereisareasontorestrictthe processingofthedatainsteadoferasingthem.”11

Inthisrespect,weagreewithCostaandPoullet36_when

theseauthorsafﬁrmthattheeffectivenessoftherighttobe forgottenreliesonatechno-legalapproach,astechnical solu-tionshavetobeadoptedtoensuretheerasureandblockingof dataontheInternet.Thisfactisrelatedtoanotherinnovative rule of the Regulation, the introduction of a “privacy-by-design”obligation.

“Privacy-by-design”isestablishedinArticle23ofthe Regu-lation(Dataprotectionbydesignandbydefault)givingdata controllersthedutyto“Havingregardtothestateoftheartand thecostofimplementation(...)bothatthetimeofthe deter-minationofthemeansforprocessingandatthetimeofthe processingitself,implementappropriatetechnicaland orga-nizationalmeasuresandproceduresinsuchawaythatthe processingwillmeettherequirementsofthisRegulationand ensuretheprotectionoftherightsofthedatasubject”(Article 23/1).TheEuropeanCommissionistheinstitutionempowered tospecify data protection bydesignrequirements “applicable acrosssectors,productsandservices”(Article23/3).

Veryimportanttothe futureofpersonaldataprotection ingeneralandintheﬁeldofhealthandgeneticdataprivacy andconﬁdentialityrightsisthenewapproachfoundinthe RegulationinwhatreferstoResponsibilityandLiability. Differ-entlyfromtheDirective95/46/CE,theRegulationisverymuch concernedaboutresponsibility,andclearlystatesthatthe con-trollers ofdataare responsible toimplement datasecurity requirements(Article23).Importantly,theRegulation deter-minesa“principleofaccountability”anddescribesindetail the obligationofthecontroller tocomplywiththe Regula-tion andtodemonstratethiscompliance,including byway ofadoptionofinternalpoliciesandmechanismsforensuring suchcompliance.11_This_is_a_very_important_step_ahead_in_the

generalprotectionofpersonaldata,whichcanhaveahuge impactonhealthdatacontrollersandprocessors(Article22on theresponsibilityofthecontroller).Furthermore,intermsof lia-bility,theRegulationpresentstwoconsiderablemodiﬁcations totheDirective.Itmakesprocessors(thosewhoprocessdata onbehalfofcontrollers)liablefordamagesandwhentheseare multipleitestablishesa“jointliability”avoidingthenecessity toidentifytheoneatfault(Articles23and24).The Regula-tionalsoimposesoncontrollersandprocessorsthedutyto cooperatewiththesupervisoryauthority(Article29).

Inbrief,withallthesenewdataprotectionenforcement mechanismstheRegulationseemstobringthepossibilityof aneweraforprivacyandconfidentialityrightsingeneraland implicitlytohealthandgeneticdataprotection.Nevertheless, inspecifictermstheonlyinnovationintheRegulationwhich targetshealthdataisArticle84,insertedinChapterIX (Pro-visionsrelatingtospecificdataprocessing)on“Obligationsof secrecy”.Inthisdispositionitisstatedthatwithinthe lim-itsoftheRegulation,MemberStatesmayadoptspecificrules (whichhavetobenotifiedtotheEuropeanCommission)toset outtheinvestigativepowersbythesupervisoryauthorities“in relationtocontrollersorprocessorsthataresubjectsunder nationallaworrulesestablishedbynationalcompetent bod-iestoanobligationofprofessionalsecrecyorotherequivalent obligations ofsecrecy, wherethis isnecessary and propor-tionate toreconcile the right ofthe protectionofpersonal data withthe obligationofsecrecy”.41,g _For_the _remaining,

g _This _importance_given_to _secrecy_was_also _stressed _on _the

MadridResolution,signedbytheDataProtectionandPrivacy Com-missionersin2009whereontopic13datarelatingtohealthorsex lifeisconsidered“sensitivedata”.Inthesamedocument,topic21 referstoa“dutyofconﬁdentiality”whichstatesthat“The respon-sible personandthoseinvolvedatanystageoftheprocessing shallmaintaintheconﬁdentialityofpersonaldata.Thisobligation

(9)

the Regulation maintains the concept that “health related data” and “genetic data” must be considered as “sensitive data”,andassuchrequiremoredataprotectionsafeguards. Article9oftheRegulation11_sets_out_the_general_prohibition_for

processingspecialcategoriesofpersonaldata,including“data concerninghealth”andtheexceptionsfromthisgeneralrule, buildingonArticle8oftheDirective95/46/EC.20_Strangely,

arti-cle81oftheRegulationwhichdeﬁnestheprocessingofhealth datadoes notincludegeneticdata.TheRegulationdeﬁnes both“geneticdata”and“dataconcerninghealth”(Article4) butitisobviousthatthissectorwasnotamajorconcernin theEUdataprotectionreform.

Overall, some of the new instruments proposed for a renewedframework fordataprotectionin Europecan give apractical sense tothe rights ofprivacyand confidential-ity in healthcare and genetic settings, transforming them fromrhetorical figures into realobligationstothe counter-parts (healthand genetic data controllers and processors). Forinstance, itwillbekeyforhealthinformationsystems’ managersinthe obligationtobuild “privacybydesign”for theprocessing ofhealthdataor biobanks. For example,in Portugal, a comprehensive and official Health Portal42 _has

beenlaunchedwithouttrulyinformingthepublicabouthealth privacyand conﬁdentialityissues. Furthermore,thereisno mention to the rights of the people who will be putting theirmedicaldata intothe portal, whichwould havebeen impossibleyearsago.Moreover,theNationalDataProtection Commissionisnotreferencedintheportalashavinggivenits authorizationtotreatmentofmedicaldataatsuchan exten-sion.Wethinkthatwheninforce,thenewrulesfromtheEU Regulationwillhaveapositiveimpactontheprivacyand con-ﬁdentialityofpatients’data,whichurgentlyneedredemption inPortugalandelsewhere.

Last

word

“But someone will always have to speak for privacy, becauseitdoesn’tnaturallyrise tothetopofmost con-siderationsets,whetheringovernmentorintheprivate sector.”2(p126)

“Youhavezeroprivacyanyway.Getoverit.”Thisfamous 1999quoteinWiredh_by_Scott_McNealy,27_was_more_than_an

epiphanyasitbecomesmoreandmoreaccurateastimegoes by.

Certainly, today privacy is a deﬁed and perhaps even compressedconcept.Nonetheless,eventhosewillingly shar-ing their areas of reclusion take offense when seeing others intruding those same areas without their consent. Furthermore,experiencingperniciouseffectsrelatedto pri-vacy exposure can constitute disturbing incidents, which rarely lead to decisions of maintaining minute areas of personalretreat. Therefore, despiteits transmutations and

shallremainevenaftertheendingoftherelationshipwiththedata subjector,whenappropriate,withtheresponsibleperson.”

h _Wired_is_a_famed_magazine_on_scientiﬁc_innovations_and_their

impactinsociety,alsoknownforfeaturingeditorialsfromindustry leaders.

metamorphosis, privacy is still part of our hardwiring as agentsendowedwithfreewill.Hence,transformed,nuanced andself-afﬁrmedconceptsofprivacystillpersevereinthese highlydemandingcircumstances.

Inaway,thefactsarenotsuitinganydataprotectionrights, but the newEU regulationseems towantto protectthese rightsagainstallodds,reinventingdataprotectioninamix ofalegal-technologicalapproach.Nevertheless,wemustnot benaïve,anditisimportanttonoticethattheratiooftheEU concernsisnotlinkedtoahumanrightsbasedphilosophy ordefense,butmainlytoeconomicmotives.The fundamen-talgoalofthenewEUinstrumentsondataprotectionisthe “buildingoftrustintheonlineenvironment”whichis“keyto economicdevelopmentaslackoftrustmakesconsumers hes-itatetobuyonlineandadoptnewservices”.11_Novel_policies_on

dataprotectioninEuropeaimtoavoidtherisksthatfearofan uncontrolledsharingofdatamayslowdownthedevelopment ofinnovative uses ofnewtechnologies. Itismentioned in theexplanatorymemorandumoftheRegulation11_that_“heavy

criticismhasbeenexpressedregardingthecurrent fragmen-tationofpersonaldataprotectionintheUnion,inparticular byeconomicstakeholderswhoaskedforincreasedlegal cer-taintyand harmonization oftherules onthe protectionof personaldata”.Also,thecomplexityoftheruleson interna-tionaltransfersofpersonaldataisconsideredasconstitutinga “substantialimpedimenttotheiroperationsastheyregularly needtotransferpersonaldatafromtheEUtootherpartsof theworld”.11_{Nevertheless,}_even_when_economic_motivations

aredrivingreform,fundamentalhumanrightstoprivacyand dataprotectionandconﬁdentialitymaybeneﬁtfromthenew EURegulation.

In reality, even if the erosion of the rights to privacy andconfidentialityinthehealthcareandbiobankingfields becomes clearer, the public and health professionals still demandatleastaperceptionoftheobservationoftheserights. Thefactsthoughseemtorevealanunstoppablefadingofthe frontiersofprivatelife,especiallyinthehealthcaredomain. Clearly, many changes occurred during the 100 years that mediatedbetween“TheRighttoPrivacy”and“Imperial Bed-room”.Thebirthoftheportablesnapshotphotographycamera and laterofthevideocamcorder, themobile phone indus-try,themassuseofcomputersandthedawnoftheinternet are good examples oftechnology-propelledsocial transfor-mations thatprovide achallenge toclassical constructions ofindividualrightsandfreedoms.However,despiteallthese transformations theessentialdimensionofindividual free-domrelatingtopersonalinformationandtothenotionthat thelessisknownaboutusthefreerweallareisstillvery rel-evant andwellgrounded.Intermsofourindividualselves, fears ofinvasionofour mostprivatelives remainjustified andperhapsevenfurther,asmoreandmoreinformationis known andsharedabout us,usingamultitudeofdifferent communicationchannels.Asfarasourcollectiveselvesgo, oursocialtolerancetowardsinformationdisseminationand data sharing isalsoincreasingin tandemwiththe expan-sionofphenomenasuchassocialmediaand onlinesocial networks.Therefore,individualsandsocietyingeneralseem nowmorewillingtoacceptalevelofinformationdisclosure farhigherthanbefore.Asmoreandmoreisknownandshared aboutusthemorewetendtocherishwhateverpartofusisleft

(10)

uninvaded.Notsurprisingly,fourteenyearsonsinceJonathan Franzen’sNewYorkeressay,discussionaroundtheissuesof privacyprotectionandconﬁdentialitybreachingare undoubt-edlyas prominentas ever. This urge comes perhapsfrom theutilitarianismofourtimes,whichoverthrowstheworries ofpublicauthoritiesand privatecorporations with individ-ualprivacyandconﬁdentialityanddataprotectionrightsin healthcareandgenetics.Becauseeconomicsisgettingthelast word,expensiverightscansoonvanishfromtheLaw.

Consequently, wethink the rights toprivacy and confi-dentialityhavetobereframedinthecontextofHealthLaw andBioethicsandbeseenmoreasdataprotectionrightsand lessasmerereflectionsoftheHippocraticOath.Silenceisno longerenoughtoprotectourpersonalhealthinformation.On thecontrary,informationtechnologiesbuilttoprotect medi-calandgeneticprivacycanperformthisrole,butLawhasto provideobligationsandsanctionstomaketheseenforceable. AslongastopadministratorsandITprofessionalsworkingin healthcareunitsandbiobanksarenotheavilysanctionedfor lackofcompliancewithdataprotectionlegalrequirements therightstoprivacyandconfidentialityinthesesettingswill stillbemenaced.

Wearewatching, atleastinEurope,toanunacceptable regressionofparticularlyimportantindividualrights.Forthis reason,as healthlegal and ethicalexpertswe expressthe urgentneedtoupdatethediscussionontherightstohealth dataprivacyandconﬁdentialityandtomakesurewewillkeep theseissuesaliveincontemporaryHealthLaw.

Conﬂicts

of

interest

Theauthorshavenoconﬂictsofinteresttodeclare.

r

e

f

e

r

e

n

c

e

s

1. Auray-BlaisC,PatenaudeJ.Abiobankmanagementmodel applicabletobiomedicalresearch.BMCMedEthics.2006;7:E4,

http://dx.doi.org/10.1186/1472-6939-7-4.

2. McCrearyL.Whatwasprivacy?[Internet].HarvBusRev. 2008;86:123–30,142.Availablefrom:

http://hbr.org/2008/10/what-was-privacy/ar/1[citedAugust 2014].

3. AnnasGJ.Therightsofpatients.3rded.Carbondale: SouthernIllinoisUniversityPress;2004.

4. BayerR,FairchildAL.Publichealth:Surveillanceandprivacy. Science.2000;290:1898–9.

5. FranzenJ.Imperialbedroominhowtobealone.London: HarperandCollinsPublishers;2010.

6. MoreiraV,CanotilhoJJ.Constituic¸ãodaRepúblicaPortuguesa: anotada:artigos1◦a107◦,vol.I.Coimbra:CoimbraEditora; 2007.

7. DuganRB,WiesnerGL,JuengstET,O’RiordanM,MatthewsAL, RobinNH.Dutytowarnat-riskrelativesforgeneticdisease: Geneticcounselors’clinicalexperience.AmJMedGenetC SeminMedGenet.2003;119C:27–34.

8. WarrenSD,BrandeisLD.Therighttoprivacy.HarvLawRev. 1890;4:193–220.

9. RochePW.Clinicalgenetics:Meetingthechallengesto privacy.In:FariaPL,editor.Theroleofhealthlaw,bioethics andhumanrightstopromoteasaferandhealthierworld. [Internet].Lisboa:Fundac¸ãoLuso-Americana.EscolaNacional

deSaúdePública.UniversidadeNovadeLisboa;2006.,ISBN 972-98811-4-6p.123–82.Availablefrom:https://www.ensp. unl.pt/dispositivos-de-apoio/cdi/cdi/sector-de-publicacoes/ precario/publicacoesemcoedicao/publicacoesemcoedicao

[citedJune2014].

10.WolfLE,CataniaJA,DolciniMM,PollackLM,LoB.IRBchairs’ perspectivesongenomicsresearchinvolvingstoredbiological materials:Ethicalconcernsandproposedsolutions.JEmpir ResHumResEthics.2008;3:99–111,http://dx.doi.org/10.1525/ jer.3.4.99.

11.EuropeanCommission.Proposalforaregulationofthe EuropeanparliamentandoftheCouncilontheprotectionof individualswithregardtotheprocessingofpersonaldataand onthefreemovementofsuchdata(GeneralDataProtection Regulation).[Internet].Brussels:EuropeanCommission;2012. Availablefrom:http://ec.europa.eu/justice/data-protection/ document/review2012/com201211en.pdf[citedJune 2014].

12.CourtofJusticeoftheEuropeanUnion.[Internet].Press ReleaseNo70/14,Luxembourg.JudgmentinCaseC-131/12, GoogleSpainSL,GoogleInc.vAgenciaEspa ˜nolade ProteccióndeDatos;2014,May.Availablefrom:http://curia. europa.eu/jcms/upload/docs/application/pdf/2014-05/ cp140070en.pdf[citedJune2014].

13.BeauchampT,ChildressJ.Principlesofbiomedicalethics.6th ed.NewYork:OxfordUniversityPress;2009.

14.HouseofLords.HerMajesty’sAttorneyGeneralV.The ObserverLimitedandOthers.[Internet].Judgment13.10.88. UnitedKingdom;2014.Availablefromhttp://www.bailii.org/ uk/cases/UKHL/1988/6.html[citedMay2014].

15.GoldJL.Towarnornottowarn?Geneticinformation.MJM. 2004;8:72–8.

16.EuropeanUnion.CharterofFundamentalRightsofthe EuropeanUnion.[Internet].OfﬁcialJournaloftheEuropean Communities.C364/1,18.12.2000;2014.Availablefrom:

http://www.europarl.europa.eu/charter/pdf/texten.pdf[cited May2014].

17.EuropeanUnion.ConsolidatedversionoftheTreatyonthe functioningoftheEuropeanUnion.OffJEurUnion.2012, October;C326/47.

18.CouncilofEurope.Europeanconventiononhumanrights [Internet];1950.Availablefrom: http://hub.coe.int/what-we-do/human-rights/european-convention[citedMay2014]. 19.CourtofJusticeoftheEuropeanUnion.JudgmentoftheCourt

(GrandChamber)of9November2010.JoinedCasesVolker undMarkusScheckeGbR(C-92/09)andHartmutEifert (C-93/09)vLandHessen.[Internet].Availablefrom:http:// curia.europa.eu/juris/liste.jsf?language=en&jur=C,T,F&num= c-92/09&td=ALL[citedMay2014].

20.EuropeanUnion.Directive95/46/ECoftheEuropean ParliamentandoftheCouncilof24October1995onthe protectionofindividualswithregardtotheprocessingof personaldataandonthefreemovementofsuchdata. [Internet].OffJEurUnion.1995,November;L281:0031–50. Availablefrom:http://eur-lex.europa.eu/LexUriServ/ LexUriServ.do?uri=CELEX:31995L0046:en:HTML[citedMay 2014].

21.EuropeanCommission.Communicationfromthe CommissiontotheEuropeanParliament,theCouncil,the EuropeanEconomicandSocialCommitteeandthe CommitteeoftheRegions:safeguardingprivacyina connectedworld:aEuropeanDataProtectionFrameworkfor the21stCentury.[Internet].Brussels:EuropeanCommission; 2012.Availablefrom: http://ec.europa.eu/justice/data-protection/document/review2012/com20129en.pdf[cited June2014].

22.SieglerM.Conﬁdentialityinmedicine:Adecrepitconcept. NEnglJMed.1982;307:1518–21.

(11)

23.SankarP,MoraS,MerzJF,JonesNL.Patientperspectivesof medicalconﬁdentiality:Areviewoftheliterature.JGen InternMed.2003;18:659–69.

24.KnoppersBM,SaginurM.TheBabelofgeneticdata terminology.NatBiotechnol.2005;23:925–7.

25.KarlsenJR,StrandR.Theethicaltopographyofresearch biobanking.EthicsLawSoc.2009;4:127–47.

26.CaplanA.Whatnooneknowscannothurt:Thelimitsof informedconsentintheemergingworldofbiobanking. In:SolbakkJH,HolmS,HofmannB,editors.Theethics ofresearchbiobanking.Dordrecht:Springer;2009.p.25–33.

27.TallacchiniM.Rhetoricofanonymityandpropertyrightsin humanbiologicalmaterials(HBMs).LawHumGenomeRev. 2005;22:153–75.

28.AnnasGJ.Terrorism,tortureandotherpost9/11epidemics: Mustwesacriﬁcehumanrightsinthenameofsecurity?In: FariaPL,editor.Theroleofhealthlaw,bioethicsandhuman rightstopromoteasaferandhealthierworld.[Internet]. Lisboa:Fundac¸ãoLuso-Americana.EscolaNacionaldeSaúde Pública.UniversidadeNovadeLisboa;2006.,ISBN 972-98811-4-6p.123–82.Availablefrom:https://www.ensp.unl.pt/ dispositivos-de-apoio/cdi/cdi/sector-de-publicacoes/precario/ publicacoesemcoedicao/publicacoesemcoedicao[cited June2014].

29.ForjazM.Nuncatedistraiasdavida.Lisboa:OﬁcinadoLivro; 2014.

30.GerardS,HayesM,RothsteinMA.Ontheedgeoftomorrow: Fittinggenomicsintopublichealthpolicy.JLawMedEthics. 2002;303Suppl.:173–6.

31.BenkendorfJL,ReutenauerJE,HughesCA,EadsN,WillisonJ, PowersM,etal.Patient’sattitudesaboutautonomyand conﬁdentialityingenetictestingforbreast-ovariancancer susceptibility.AmJMedGenet.1997;73:296–303.

32.WolffK,BrunW,KvaleG,NordinK.Conﬁdentialityversus dutytoinform:Anempiricalstudyonattitudestowardsthe handlingofgeneticinformation.AmJMedGenet.

2007;143A:142–8.

33.NuffieldCouncilonBioethics.Theforensicuseof bioinformation:Ethicalissues.[Internet].London,UK: NuffieldCouncilonBioethics;2007.Availablefrom:http:// www.nuffieldbioethics.org/sites/default/files/The%20forensic %20use%20of%20bioinformation%20-%20ethical%20issues. pdf[citedJune2014].

34.LevittM.Forensicdatabases:Beneﬁtsandethicalandsocial costs.BrMedBull.2007;83:235–48.

35.Gonc¸alvesME,JesusIA.Securitypoliciesandtheweakening ofpersonaldataprotectionintheEuropeanUnion.Comput LawSecRev.2013;29:255–63.

36.CostaL,PoulletY.Privacyandtheregulationof2012.Comput LawSecRev.2012;28:254–62.

37.DeHertP,PapakonstantinouV.Theproposeddataprotection RegulationreplacingDirective95/46/EC:Asoundsystemfor theprotectionofindividuals.ComputLawSecRev. 2012;28:130–42.

38.EuropeanDataProtectionSupervisor.Opinionof theEuropeanDataProtectionSupervisoronthe CommunicationfromtheCommissiontotheEuropean Parliament,theCouncil,theEconomicandSocialCommittee andtheCommitteeoftheRegions:Acomprehensive approachonpersonaldataprotectionintheEuropeanUnion. OffJEurUnion.2011,June,2011/C181/01.

39.EuropeanCommission.Attitudesondataprotectionand electronicidentityintheEuropeanUnion.Special EurobarometerReport[Internet]359;2011.1–88.Available from:http://ec.europa.eu/publicopinion/archives/ebs/ebs 359en.pdf

40.EuropeanCommission.Communicationfromthe CommissiontotheEuropeanParliament,theCouncil,the EconomicandSocialCommitteeandtheCommitteeofthe Regions:Acomprehensiveapproachonpersonaldata protectionintheEuropeanUnion.[Internet].Brussels: EuropeanCommission;2010.Availablefrom:http://ec.europa. eu/justice/news/consultingpublic/0006/com2010609en.pdf

[citedJune2014].

41.31stInternationalConferenceofDataProtectionandPrivacy Commissioners.JointProposalforaDraftofInternational StandardsontheProtectionofPrivacywithregardtothe processingofPersonalData:TheMadridResolution:“Privacy: TodayisTomorrow”.CongressPalace,Madrid,4-6November 2009.Madrid:DataProtectionandPrivacyCommissioners; 2009.

42.Portugal.MinistériodaSaúde.PortaldaSaúde;2014.Available from:http://www.portaldasaude.pt/portal[citedJuly2014].