When Laws are Inadequate: Enabling Compliant Health Data Transfers Between South Africa and the EU
My Session Status
South Africa is a prime location for genetics and genomic research due to its combination of genetic diversity, high disease burdens, and high-quality infra-structure. Most research projects of this nature, including in South Africa, are funded by organizations such as the United States National Institutes of Health (NIH), the European Commission, the United Kingdom Medical Research Council, and the Wellcome Trust. These organizations are situated in the global North whose data sharing requirements are based on their respective national laws. Unfortunately, their laws differ quite substantially to those in the global South in ways that either prevent or complicate cross border sharing of sensitive personal data such as genetic and/or genomic data.
The European Union’s General Data Protection Regulation had a significant influence on the drafting of South Africa’s Protection of Personal Information Act. However, in this paper, the authors highlight the major differences between these laws and examine the resultant impact on the lawful sharing of personal data. They show that, due to the incompatibility of data protection laws between South Africa and European Union members states, Data Transfers Agreements and Data Access Committees are the most viable way to bridge these legal inadequacies to allow legal personal data sharing to ensure scientific progress. The authors also explain how these tools overcome legislative shortcomings and enable legal and ethical data sharing.