Our research saves lives – if you let us

18 Nov 2014 | Viewpoint
A new EU data protection law risks killing some types of medical research, researchers at the Karolinska Institutet say. Their prescription: A law that regulates Big Data, but allows for research

It’s down to the bottom line of what medical research is all about: saving lives, and improving lives. But depending on how a new piece of European legislation turns out, we and other researchers may or may not be allowed to continue doing it.

The problem is simple. The law in question, the General Data Protection Regulation, is being drafted in Brussels for worthy causes: to offer tougher protection for citizens’ privacy in the age of Big Data, and to provide a regulatory environment where companies can more easily work across borders. The legislation is now making its way through the lengthy process of reconciling a final text among the European Parliament, the Council of Ministers, and the European Commission.

But there’s a problem. Important sectors of medical research have also been caught up in the new law. If not properly drafted, this could make many kinds of research legally impossible in Europe. As a consequence, people will die, or have their quality of life impaired, for lack of knowledge and treatments.

That’s a big claim – so look at it more closely. First, it helps to understand what medical research looks like. Finding disease causes, a new treatment, or uncovering new environmental threats to public health, is rarely these days a simple game of test-tubes, petri dishes and patient volunteers.

Instead, it is often a computer-intensive process of studying real patient data on a very large scale, sometimes involving millions of people. This is true also for the evaluation of the true effectiveness, safety, and long-term consequences of new or existing therapies. In this line of research health care registries – publicly funded databases of medical information - play a pivotal role. These must be complete and of high quality, and it must be possible to link information among different types of registries to spot correlations and trends.

Radiotherapy risk

Take the case of breast cancer. Every hour about 40 European women are diagnosed with breast cancer. New treatments, such as the now-common Herceptin and related DNA technologies, have greatly improved the odds for survival.

But this is still an evolving field for which registry-based research remains essential. For example, radiotherapy decreases the risk of breast cancer recurrence but carries severe side effects. In 2013 a team of British, Danish and Swedish researchers published an EU-funded study of heart attack risk among women receiving radiotherapy treatment for breast cancer, which showed an increased risk for heart attacks with increasing doses of radiation to the heart. The results of the study have now been incorporated into radiation therapy practice.

It was possible to carry out this piece of research because breast cancer patients identified through cancer registries could be cross-referenced to records of subsequent heart attacks held in in-patient registries.

There are many other examples of how registries have been used in epidemiological research, saving lives and objectively evaluating potential health hazards, spanning from safe pregnancies, vaccine risks, drug safety, and the identification of variations in access to, and outcomes of care.

Ethical protection is already in place

The system is important. It is balanced by national measures that safeguard integrity, such as ethics boards. So why mess with it?

But that is exactly what the new law EU General Data Protection Regulation would risk doing. Some of the drafts we have seen would, for instance, make it illegal to use data without each patient’s individual consent – an impossible task if you are working with millions of records and sometimes under severe time pressure to characterise and avert an imminent threat to public health. For most of the legislators involved in this process, we know, that isn’t their intent; the law is aimed at preventing privacy abuses by search engines, e-commerce sites, online advertisers and other commercial activities far removed from medical research.

But the bottom line: The way the law is drafted now, it would become practically impossible to continue the registry-based research and evaluation that current legislation permits and clinical medicine requires. We urge the Council, Commission and Parliament to take this into account. Big Data needs to be regulated. Research needs to be free, but carried out responsibly. European law needs to be smart enough to accommodate this.

Askling, Hall and Nyrén are professors of, respectively, rheumatology, radiation epidemiology and clinical epidemiology at the Karolinska Institutet in Stockholm. Stenbeck is associate professor in insurance medicine at the Institutet.

Never miss an update from Science|Business:   Newsletter sign-up