The Ethics and Governance of Human Genetic Databases European Perspectives Part 6 ppsx

guidelines and circulars. RECs have no legal personality. Their role is

advisory. Lacking enforceable powers, they can neither veto uses of data

or biosamples nor halt projects that violate ethical conditions. In practice

they enjoy considerable status and influence – partly because professional

bodies and research funders typically demand external ethical approval.

UK Biobank will integrate itself into the existing framework, and have its

own dedicated, independent Ethics and Governance Council. But that

advisory Council too lacks ‘teeth’.

Like the UK, Sweden historically relied on a voluntary approach until

the Ethical Review Act (‘ERA’)12 placed mandatory ethical review on a

statutory footing. Every research project involving the handling of certain

sensitive personal data, or conducted on traceable biosamples, must be

reviewed by a Regional Board of Research Ethics. Unlike the BBA, the

ERA captures all biobanks. A Central Board for Research Ethics super￾vises ERA-regulated activities and hears appeals. Undertaking unap￾proved research or contravening ethical conditions are criminal offences.

Iceland and Estonia similarly enshrined ethical review of projects

seeking to use their national database projects within legislation. One

surveillance body designated to oversee the Icelandic HSD is the

Interdisciplinary Ethics Committee. But its functions and powers are

vague. Under the draft Security Target, it is supposed to evaluate studies

requesting access to the HSD, and define parameters for determining

what subsets of data they may receive. More generally, the National

Bioethics Committee has specific duties and powers. By law, all serious

scientific research involving human subjects must have prior ethical

approval. Significantly, Icelandic ethics committees have a legislative

duty to monitor the progress of approved research projects, coupled with

power to halt projects that breach stipulated ethical conditions.

In Estonia too, gene bank users require prior approval from the

Estonian Genome Project Ethics Committee. However, as in Iceland,

the Committee’s role is not defined in any detail in the HGRA, being left

to by-laws (the Committee’s articles of association) and agreements

between the chief processor and main authorized processor. The

Committee’s principal task is to ensure adherence to legal regulations,

by assessing the gene bank’s procedures and drawing its supervisory and

management boards’ attention to any circumstances conflicting with

ethical norms. Significantly, though, its powers are circumscribed. The

HGRA requires its consent before the chief processor may decode data to

identify any donor(s). This aside, its assessments are not binding.

12 Ethical Review Act Concerning Research Involving Humans 2003:460 (Lag om etik￾pro¨vning av forskning som avser ma¨nniskor), Swedish Parliament.

138 Susan M. C. Gibbons

Enforcement powers and sanctions

All four jurisdictions make at least some provision for civil remedies,

criminal prosecutions, official complaints procedures, and/or judicial

review of laws or administrative decision-making. But considerable var￾iations, gaps and deficiencies can be detected.

In the data protection realm, enforcement mechanisms mostly are

consistent and accord with the DP Directive. All four countries’ data

protection authorities may institute proceedings for violations. In

Estonia, however, violations are classed as administrative wrongs (mis￾demeanours) not criminal offences (in contrast to the other three coun￾tries); and the only penalties available are fines (not fines or imprisonment,

as in Iceland and Sweden). Significantly, the Icelandic Data Protection

Authority may levy daily fines until data controllers comply with its

stipulations. In all four countries individuals may seek civil compensation

from data controllers for wrongful damage. In Iceland this is limited to

financial loss.

While the general biobank laws and specific PGD statutes in Sweden,

Estonia and Iceland confer various individual rights, often no explicit

enforcement procedures are laid down. Thus, in Estonia donors possess

many express ‘paper’ rights, including having data destroyed if their

identifications are disclosed unlawfully, and accessing their genetic

data. But the HGRA neither contains enforcement provisions nor creates

any actionable wrongs, civil or criminal. The chief processor is expected

to police authorized processors’ activities. But this role is implicit.

In Iceland, the state may revoke the HSD operating licence for material

breach of the law or licence terms and claim the database. Unlike Estonia,

it is a criminal offence to violate applicable laws, punishable by fines or

imprisonment. In Sweden too, intentional or neglectful violation of the

BBA is punishable by fines.

Unlike the other three countries, much UK law pertinent to biobanks

stems from principles articulated by the courts. Judicial decisions play a

crucial role. Leading common law and equitable doctrines – including

consent, negligence, breach of confidence and privacy – offer limited

measures against misconduct or abuse. Extra-legal sanctions, such as

the threat of disciplinary proceedings or refusal/withdrawal of research

funding, also apply. Yet, overall, effective means to prevent or punish

violations of appropriate norms and standards are regrettably lacking.

Furthermore, English courts lack constitutional judicial review powers.

They cannot strike down legislation, even if incompatible with funda￾mental rights. Yet, such judicial power may contribute significantly

to governing PGDs effectively – as evidenced by the Icelandic case of

Governance of population genetic databases 139

Ragnhildur Gudmundsdo´ttir v. The Icelandic State.

13 There, the Icelandic

Supreme Court held that certain guidelines applicable to the HSD mon￾itoring bodies were too indefinite. More precise, statutory law-making was

required to safeguard the constitutional guarantee of privacy.

Conclusion

As this brief analysis shows, the nature, status, extent and effectiveness of

PGD governance structures diverge – often markedly – between the four

jurisdictions surveyed. Their shortcomings demonstrate a pressing need

for governance reform, particularly vis-a`-vis biosamples. Relative consis￾tency in the data protection field suggests both that legal forms and

institutions can perform a vital role in aiding PGD governance, and that

harmonization, at least to some extent, may be realistic and desirable.

The time is ripe to pursue imaginative, principled supranational and

national legal reform as a matter of priority.

13 Icelandic Supreme Court Decision of 27 November 2003 in case no. 151/2003.

140 Susan M. C. Gibbons