|
KMID : 1011120220160010021
|
|
Bioethics Policy Studies
2022 Volume.16 No. 1 p.21 ~ p.52
|
|
|
Is the Use of Pseudonymized Personal Information without Consent Justified?: The issue of the secondary research use of personal information without consent or the permission of IRB
|
|
Choi Kyung-Suk
|
|
|
Abstract
|
|
|
|
The recent development of big data technology has increased our interest in collecting, storing, and using personal information like genetic or health information in the use of health and medical data. The ethical principle to obtaining informed consent has been observed in bioethics for human subject research with the exceptional allowance to waive informed consent through the review of IRB. However, Europe¡¯s GDPR allows to use personal information pseudonymized without informed consent from or notification to data subject for the the secondary use like public record, scientific or historic research, or statistics although respecting the ethical principle to obtain informed consent. Similarly, Personal Information Protection Act in Korea allows to use the personal information with the pseudonymisation for the secondary use without consent. However, these have the following problems. First, GDPR¡¯s requirement for the exempt from notification to data subject cannot be considered to be close to the criteria for waiving an informed consent, which have been adopted in bioethics. Second, unlike GDPR, there is no regulation in Personal Information Protection Act to indicate the criteria for the secondary use of the collected personal information without the notification to data subject. Third, there is no clear regulation to give a controller, who determines the purposes and means of the processing of personal data, the authority to pseudonymize the already-collected personal information without informed consent. Fourth, GDPR has the regulation to give a controller the authority to pseudonymize personal information without consent. However, its theoretical ground is too weak. Public good may be a reason to support such a secondary use. This reason cannot be a sufficient one because the concept of public good is vague. Restriction on right to self-determination of date subject for public good may distrupt trust building necessary to the improvement in using data. In order to overcome the problems mentioned earlier, I argue that the introduction of blanket consent for secondary use into Bioethics and Safety Act in Korea is needed as observed in the revision of 45 CFR 46 in U.S.A.
|
|
|
KEYWORD
|
|
|
GDPR, Personal Information Protection Act, pseudonymisation, pseudonymized information, secondary use, public good, self-determination of data subject
|
|
|
FullTexts / Linksout information
|
|
|
|
|
|
Listed journal information
|
|
|
|
|