Italian Data Protection Authority approved the first code of conduct in the public sector regulating the use of health data for educational and scientific publication purposes
The Italian Data Protection Authority (“Garante”) approved the first code of conduct (Decision No. 7 of January 24, 2021, doc. Web 9535354) on how to use personal data concerning health for educational and scientific publication purposes; the code of conduct was submitted by the Veneto Region (“Code of Conduct”).
No competitive procedures are needed to execute research agreements with public entities: The Italian administrative court of last instance overturns the TAR decision
The Italian administrative court of last instance (“Consiglio di Stato”) closed litigation undertaken by Technogenetics S.r.l. that challenged a research agreement entered into by DiaSorin S.p.A. and the Pavia Hospital (which is classified, under Italian law, as a scientific research and healthcare facility, or IRCCS) for the evaluation of certain molecular and serological tests to diagnose COVID-19 (the Consiglio di Stato’s judgement was published on December 17, 2020).
COVID-19 emergency and processing of health data for scientific research purposes
The health emergency due to the spread of COVID-19 has made the need to correctly manage the processing of health data for scientific research purposes even more topical.
EDPS: clarification on data protection and scientific research
On January 6, 2020, the European Data Protection Supervisor (EDPS) issued a preliminary opinion on data protection and scientific research, in which it provided clarification on the application of data protection rules established by the General Data Protection Regulation (GDPR) and Regulation No. 2018/1725 with regard to scientific research.
Personal Data: new interpretative recommendations in Clinical Trials
On January 23, 2019, the European Data Protection Board (EDPB) published an opinion on the interplay between the Clinical Trials Regulation (CTR) and the General Data Protection Regulation (GDPR) regarding the processing of clinical trial data.
New consent for processing sensitive data not needed after change of data controller: data protection thoughts and M&A
For the first time in Italy, a court has affirmed that when a data controller changes, there is no need to acquire new consent from the participants of a research project involving the processing of sensitive data, if the research purposes do not change.