Why does the Human Brain
Project (HBP) need a Data Protection Officer and what are the main challenges
for this role? Our
Questions and Answers series with Ethics
Support task leaders continues with Data
Protection Officer Kevin McGillivray.
Q1: What are the aims of Data Protection Officer (DPO)?
A DPO is a professional in the field
of data protection law. In the HBP, the DPO advises HBP partners on data
protection issues and assists with monitoring of internal compliance with data
protection obligations across the HBP. The DPO also evaluates the risks that
the HBP poses to the individuals providing their data to the HBP.
Q2: What are the main activities of Data Protection Officer?
In short, the
main activity of Data Protection Officer is observing that the data processing that occurs in the HBP, and the platforms we
build, comply with the requirements of the General
Data Protection Regulation (GDPR).
Since the HBP
project began in 2013, EU data protection law has undergone significant
changes. In particular, the longstanding Data Protection Directive was replaced
by the GDPR, which entered into force in 2016 and was applied from 25 May 2018.
While the GDPR does not completely break from the moorings set out in the
Directive, there are important changes. In particular, the GDPR increases
accountability obligations and significantly increases potential administrative
fines for violation of the law.
The DPO provides
advice, education, and information on compliance with the GDPR. In addition to
conducting meetings with SubProjects and working as a stakeholder on various
HBP platforms (i.e. the Medical
Informatics Platform (MIP) and the Neuroinformatics
Platform). The HBP raises many difficult questions without clear answers
under the GDPR. As a result, the HBP is extremely interesting and challenging
from a legal/compliance point of view.
Q3: Who are the main collaborators of
Data Protection Officer within and beyond the HBP?
located at the University of Oslo Medical Faculty as part of Research Support (‘MEDFORSK’)
team. I am the only one working on the HBP at that location. However, I work
closely with the Data
Governance Working Group (DGWG), the Ethics
Support team at DMU, legal counsel at EPFL, and several members of the MIP
team at CHUV.
of the HBP, I maintain a close relationship with the Norwegian Research Center
for Computers and Law (NRCCL) at the University of Oslo, Faculty of Law.
Q4: What are the main achievements of
Data Protection Officer so far?
a GDPR compliance plan for the HBP
guidance/protocols/templates aimed at GDPR compliance
opinions on data protection issues
the data protection section of the Data
Policy Manual (DPM)
with HBP platforms and others to implement GDPR requirements
multiple data protection focused deliverables
on data protection law at HBP events and online
Q5: What are the main challenges for
Data Protection Officer for the next years?
many areas, the requirements of the GDPR are not fully understood. At the same
time, the HBP, and technology generally, are moving very quickly. Thus,
applying a principle-based legislative instrument, where guidelines, opinions,
and national interpretations are under development, to a project pushing the
state of the art is a significant challenge. This challenge will continue,
particularly as we develop the HBP joint platform and increase data sharing
position of DPO is relatively new. I started the position of DPO around the
time the GDPR became applicable. Thus, there is still a lot of work to be done
across the project to meet GDPR compliance requirements.
Q6: Anything else?
If you have any questions
on data protection, please contact me at:
HBP Data Protection
Officer (HBP DPO):
Box 1078 Blindern
firstname.lastname@example.org or email@example.com
The post Data Protection Office in the Human Brain Project: Q&A with Kevin McGillivray appeared first on Ethics Dialogues.
Source: New feed