Data Protection Office in the Human Brain Project: Q&A with Kevin McGillivray

Why does the Human Brain
Project (HBP) need a Data Protection Officer and what are the main challenges
for this role? Our
Questions and Answers series with Ethics
Support
task leaders continues with Data
Protection Officer
Kevin McGillivray.

Q1: What are the aims of Data Protection Officer (DPO)?

A DPO is a professional in the field
of data protection law. In the HBP, the DPO advises HBP partners on data
protection issues and assists with monitoring of internal compliance with data
protection obligations across the HBP. The DPO also evaluates the risks that
the HBP poses to the individuals providing their data to the HBP.

Q2: What are the main activities of Data Protection Officer?

In short, the
main activity of Data Protection Officer is observing that the data processing that occurs in the HBP, and the platforms we
build, comply with the requirements of the General
Data Protection Regulation
(GDPR).

Since the HBP
project began in 2013, EU data protection law has undergone significant
changes. In particular, the longstanding Data Protection Directive was replaced
by the GDPR, which entered into force in 2016 and was applied from 25 May 2018.
While the GDPR does not completely break from the moorings set out in the
Directive, there are important changes. In particular, the GDPR increases
accountability obligations and significantly increases potential administrative
fines for violation of the law.

The DPO provides
advice, education, and information on compliance with the GDPR. In addition to
conducting meetings with SubProjects and working as a stakeholder on various
HBP platforms (i.e. the Medical
Informatics Platform
(MIP) and the Neuroinformatics
Platform
). The HBP raises many difficult questions without clear answers
under the GDPR. As a result, the HBP is extremely interesting and challenging
from a legal/compliance point of view.

Q3: Who are the main collaborators of
Data Protection Officer within and beyond the HBP?

I am
located at the University of Oslo Medical Faculty as part of Research Support (‘MEDFORSK’)
team. I am the only one working on the HBP at that location. However, I work
closely with the Data
Governance Working Group
(DGWG), the Ethics
Support
team at DMU, legal counsel at EPFL, and several members of the MIP
team at CHUV.

Outside
of the HBP, I maintain a close relationship with the Norwegian Research Center
for Computers and Law (NRCCL) at the University of Oslo, Faculty of Law.

Q4: What are the main achievements of
Data Protection Officer so far?

  • Creating
    a GDPR compliance plan for the HBP
  • Writing
    guidance/protocols/templates aimed at GDPR compliance
  • Writing
    opinions on data protection issues
  • Re-writing
    the data protection section of the Data
    Policy Manual
    (DPM)
  • Working
    with HBP platforms and others to implement GDPR requirements
  • Writing
    multiple data protection focused deliverables
  • Presenting
    on data protection law at HBP events and online

Q5: What are the main challenges for
Data Protection Officer for the next years?

In
many areas, the requirements of the GDPR are not fully understood. At the same
time, the HBP, and technology generally, are moving very quickly. Thus,
applying a principle-based legislative instrument, where guidelines, opinions,
and national interpretations are under development, to a project pushing the
state of the art is a significant challenge. This challenge will continue,
particularly as we develop the HBP joint platform and increase data sharing
across platforms.

The
position of DPO is relatively new. I started the position of DPO around the
time the GDPR became applicable. Thus, there is still a lot of work to be done
across the project to meet GDPR compliance requirements.

Q6: Anything else?

If you have any questions
on data protection, please contact me at:

HBP Data Protection
Officer (HBP DPO)
:

Kevin
McGillivray

University
of Oslo

Research
Support (MEDFORSK)

PO
Box 1078 Blindern

0316
Oslo, Norway

Contact
page https://nettskjema.uio.no/answer/94779.html

Email:
[email protected] or [email protected]

The post Data Protection Office in the Human Brain Project: Q&A with Kevin McGillivray appeared first on Ethics Dialogues.

Source: New feed

Share This Post
Have your say!
00