The COVID-19 pandemic demonstrated the need for rapid implementation of nation-wide public health interventions and access to personal data from the general population for academic and industry research. Personal data is any information collected from a data subject's devices (e.g., smartphones, sensors) that can reveal their identity. Researchers and governments' challenges to gain access to personal data included obtaining informed consent and collecting data distributed across multiple proprietary databases (data sources) and not standardized. Traditional means of obtaining and maintaining informed consent are expensive and ineffective in handling these circumstances. Furthermore, the current large-scale digital landscape of ubiquitous technologies, such as smartphones, wearables, and sensors, is also not suitable for traditional means of obtaining informed consent. Additionally, gaining access to personal data from different data sources is difficult due to the lack of interoperability between data custodians.
Growing concerns over privacy and safety protection of data subjects over the last decades have manifested in the form of regulatory acts and legislations, such as the Personal Information Protection and Electronic Documents Act (PIPEDA), Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and General Data Protection Regulation (LGPD). These regulatory acts define rules and penalties that those involved in storing, processing, sharing, and transacting personal data must follow. For example, any data subject has the right to opt-in and opt-out of research whenever they desire, the right to access his personal data, the right to rectify information from data processors, custodians, and third parties, and the right to be notified whenever their personal data is shared, stored, processed, modified, and deleted. Hence, regulatory agencies' requirements create the necessity of automated processes to streamline the collection of informed consent from data subjects.
Dynamic consent is a digital representation of traditional informed consent with enhanced capabilities to implement and adapt to new or evolving regulatory acts. Dynamic consent enhances data subjects' understanding of informed consent by taking advantage of modern devices' capabilities, such as remote communication, videos, digital forms, and user-friendly interfaces. Researchers benefit from dynamic consent platforms because they can recruit and collect informed consent from large cohorts of data subjects, and obtain re-consent from all participants by remote communication, emails, or push notifications, instead of participants having to be present with the researchers physically. Existing dynamic consent solutions are scarce, proprietary, expensive, and lacks interoperability capabilities for transacting consent information with other stakeholders. These challenges occur because there is a lack of a common communication language for dynamic consent compliant with regulatory agencies. Hence, presenting challenges for researchers since dynamic consent obtained by proprietary solutions is not accepted outside their domain, forcing, sometimes, researchers to scrape different data sources to complete a dataset.
This research aims to create a Dynamic Consent Standard (DCS) describing data formats and elements (Resources), and an Application Programming Interface (API) for exchanging dynamic consent information between research stakeholders. The DCS will describe which resources are mandatory based on the type of regulatory acts, type of research, and type of data utilized while containing all traditional and necessary informed consent elements, such as description, benefits, and risks to data subjects. The DCS will include in its design considerations of privacy-preserving techniques, privacy calculus, and distributed collaborative systems engineering to ensure that it can be adapted and used by any dynamic consent platform and its stakeholders. To evaluate the DCS effectiveness, a dynamic consent platform will be developed, and the standard implemented to leverage dynamic consent information. Moreover, a pilot study will be conducted to evaluate the standard's performance and obtain feedback from stakeholders to improve the standard further.
This project will help promote scientific research over personal data since it will allow different stakeholders to transact dynamic consent information, streamlining the process for researchers to obtain access to personal data spread in multiple data custodians. Finally, this project will benefit society since it will allow data subjects to have more control over their data usage while facilitating their enrollment in public health research.
Project members:
Pedro Miranda, PhD
Last updated: April 06, 2021