Ethical and legal considerations constitute an important part of any research project in particular if it involves human participants. In the following we have collated links to information and documentation of relevance when designing your project.
- The European Commission has made a very useful ethics self-assessment document that we highly recommend that you go through when drafting your proposal or protocol to ensure that you have covered the main ethical and legal points that apply to your project: https://ec.europa.eu/research/participants/data/ref/h2020/grants_manual/hi/ethics/h2020_hi_ethics-self-assess_en.pdf.
- The EU General Data Protection Regulation 2016/679 (GDPR) is the main European Economic Area (EEA) data protection law applying to all EU countries and non-EU countries Iceland, Liechtenstein and Norway. It also applies to data processing for scientific research purposes. The GDPR can be found in all its official languages here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679.
- Please be aware that Member States may have additional legislation related to processing of health and genetic data that must also be complied with. Of particular importance, but not applicable in all European countries, are the Council of Europe Convention on Human Rights and Biomedicine: https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/164 and its Additional Protocol on Biomedical Research https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/195.
- The GDPR contributes significantly to harmonization of data processing and movement of data within the EEA, but please be aware that data transfers to countries outside the EEA may raise complex legal questions, so it is wise to consult with your institution’s legal expertise if your project requires such transfers. GDPR Chapter V must be complied with for all personal data transfers to countries outside the EEA. The European Commission provides information on international transfers and which non-EEA countries the EC has determined to offer an adequate level of data protection: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en.
- There is a distinction between consent to research participation (research ethics) and a lawful basis for data processing (data protection). The lawful basis for data processing can be law or consent. If you are conducting a clinical trial, some elements of the data processing may be mandated by law, and these elements should therefore not be subject to consent. A useful explanation of this distinction, and of the interplay between the GDPR and the EU Clinical Trial Regulation has been provided by the European Data Protection Board: https://edpb.europa.eu/our-work-tools/our-documents/dictamen-art-70/opinion-32019-concerning-questions-and-answers_en. The European Data Protection Board has also issued guidance specifically on consent to data processing: https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-052020-consent-under-regulation-2016679_en.
- If you are going to conduct a clinical trial on medicinal products for human use, you will need to comply with EU Directive 2001/20 on clinical trials: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32001L0020. This Directive will be replaced by EU Regulation 536/2014 on clinical trials: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32014R0536. When the Regulation becomes applicable, it will repeal the Directive. The Regulation will also apply to trials authorized under the previous legislation if they are still ongoing three years after the Regulation has come into operation. Further information, including on the expected application date for the Regulation, is available from the European Medicines Agency: www.ema.europa.eu/en/human-regulatory/research-development/clinical-trials/clinical-trial-regulation.