women computer table labor research

Data-driven research needs ethics and a systematic approach

published on 10.08.2021

Medical progress needs health data from everyday healthcare. What do we need to do now to achieve this? Prof. Dr. Christiane Woopen has clear ideas about this. In an interview, the former chair of the European Ethics Council explains how to convince patients, the role that data trustees play and the options open to the legislator. She classifies analogies to organ donation and reveals why she considers the much-cited term data donation to be misleading.

expert talk with
Prof. Dr. portrait Christiane Woopen
Prof. Dr. Christiane Woopen
European Ethics Council

Data trustees and data sharing for medical progress

Prof. Dr. Woopen, you would like to see a learning healthcare system. How does a system like that work?

Basically, like a classic circulation system. On the one hand, it is all about collecting data from everyday care in the healthcare system, structuring it sensibly and then evaluating it. On the other hand, it is important to feed the findings from precisely this data back into care – with the aim of continuously improving healthcare.

What specific improvements do you expect to see?

Quite a lot in fact. Diagnoses would not only be more accurate, but also available faster. Patients could then save themselves having to travel from one doctor to the next, not to mention double examinations. I also expect more individualized and thus more efficient therapy planning. After all, health data from medical practice would provide information about which therapy works particularly well for which patient group and where side effects were recorded. At the same time, a learning healthcare system means more efficient research because data from everyday medical practice significantly broadens the information base. It would probably also give a real boost to prevention. The greater the background knowledge, the better we can develop measures or environments to prevent the emergence of diseases.

That sounds like it has really great potential ...

And that’s by no means all. The pandemic especially highlighted the important role that so called social determinants, i.e., socio-economic conditions, such as housing and working conditions, play in the health of certain population groups. Well-structured everyday data could ensure that these determinants can be incorporated into healthcare to a much greater extent than is the case now. In healthcare processes, efficiency can be expected to increase – even across sector boundaries. One other considerable opportunity to be considered is that digital media and customized information could give individuals more control over their health data. The patient now has sovereignty over their health.

And patients can provide an important service to the well-being of others by making their health data available to research. Willingness seems to be high, as surveys on COVID-19 have shown. Do you think this mood is largely pandemic related or do you see this willingness as sustainable commitment on the part of citizens and patients?

I believe that moods like these depend very much on their context. Even the way a question is worded can often influence the result. Nevertheless, surveys do provide important indications of the direction in which we are moving. In my opinion, many people are willing to make data available for good purposes, when certain conditions are met. Nobody would be willing to release their data for research if they had to worry about this leading to higher insurance costs or poorer prospects on the job market. People must be able to rely on the fact that exploitation in areas unrelated to the purpose for which the data was collected is not permitted and that any violation will be consistently punished.

Assuming that these conditions are met and no one has to worry about being put at a disadvantage, is it a moral duty to donate data?

I do in fact consider it an act of solidarity to make health data available to research. But to speak of an duty is going too far for me. I would instead like to see this as a duty in cases where individual data release is absolutely necessary to pursue a very high-level goal. That aside, I have my problems with the term data donation ...


I think it is misleading and sometimes even manipulative. If I donate something – money or a kidney, for instance – it is gone and I no longer have it. If I share my data with others, however, I can do so as often as I want and I can also keep it for myself. I can also assert certain rights, such as deletion or correction. However, I cannot donate money to someone and then say, “Oh, I’ve changed my mind – I’d like that back.” I therefore prefer to speak of data disclosure or data sharing.

We regularly come across calls for a data donation card. Even if the term ‘donation’ is misleading, what’s your opinion on the analogy to organ donation?

We know that organ donation is subject to an extended consent regime. And a person can decide not to donate certain organs. Data sharing regulations and the GDPR go even further. Data can also be used on the basis of legal authorizations – without consent. This means that anyone who wants more data to flow into research is not helping the cause when they use the organ donation analogy.

What regulations could help with data sharing instead?

One consideration would be to introduce a consent model that is not project-specific in the sense of meta-consent. Instead, it would consider the preferences of data providers, identify those areas where they would give broad consent and other areas where only informed consent is an option for them. A data trustee could act as a custodian in this scheme and is familiar with the research fields where the patient would generally pass on their data, i.e., without a prior specific agreement. And the trustee knows which requests from research institutions would have to be reported to the patient so that they can decide whether or not to release their data for the specific project. Some projects indicate that with a certain amount of counselling and guidance, people would agree to such a consent model.

And what requirements would the data trustee have to fulfil?

The data trustee should be an independent institution. Anyone entrusting their data to this institution must be able to rely on it to act in the interests of the data provider. The data trustee should be neither a platform nor a pure database. Nor should it be an intermediary that mediates between the patient and the researchers. Instead, I see it as representing the interests of the data provider – in a regulated data ecosystem that creates legal certainty.

A secure, functioning system in which patients can share their data without hesitation is one thing, but how do you get people to use this system?

I believe there are two central reasons why people release their data for research: when it serves a good purpose and when they themselves stand to gain from it. So, the main thing is to make people understand the benefits of data sharing – even if an individual benefit will not be immediately apparent. Let everyone see that sharing data is not just pure altruism, but can be rewarding in many ways. Communication needs many illustrative example scenarios and real success stories, of which there are in fact quite a few. At the same time, people need to be informed about stakeholder trust and system security.

Isn’t it a contradiction that people demand maximum transparency and security for such a noble cause, while every day they feed more personal data to the big tech corporations?

Of course, it is. But that highlights how important it is to make potential data providers aware of how they can personally benefit from such a learning healthcare system. With social media platforms, the advantages are obvious, i.e., people can get in touch with each other quickly, take part in discussions in an uncomplicated way and find out things firsthand. Many people probably do feel a bit uneasy about social media, but they put these concerns aside because the benefits can be experienced so directly. 

Couldn’t we also think about some kind of opt-out solution, so that we are all forced to address the matter of data sharing along with its benefits, success stories and safeguards?

When it comes to organ donation, I am all in favor of an informed opt-out solution. The preconditions for health data are different and there is a much greater potential for abuse. At the moment, we also do not have the regulatory environment needed to support an opt-out solution for data sharing. For this, we would first need to adapt the technical, institutional and legal framework. In any case, a general opt-out solution does not seem to me to be expedient, since the research landscape is extraordinarily diverse. If anything, it should be limited to defined areas.

An opt-out solution aside, what do we need to see happen in the regulatory environment for us to take the next step in sharing health data for research purposes?

The Genetic Diagnostics Act (GenDG, Gendiagnostikgesetz) already clearly prohibits the use of genetic data. The legislator could introduce similar prohibitions for other types of data that could be easily used for discrimination. The National Ethics Council – the predecessor to the German Ethics Council – had already suggested this for health data used for insurance purposes and in the labor market. The Data Ethics Commission has also proposed an amendment to the General Act on Equal Treatment (AGG, Allgemeines Gleichbehandlungsgesetz). Other proposals include a ban on the unlawful de-anonymization of data and the regulation of data-based profiling. Debate about data trustees focuses heavily on certifications, transparency obligations and specific contractual clauses.

Bans, certifications, penalties – that might not sound lucrative to some ...

With its regulatory proposals, the Data Ethics Commission is not trying to hinder innovation in any way. That’s something that I truly want to emphasize. We do not want to create a bureaucratic monster. It’s all about providing security, so that innovation can be all the more powerful and effective. In the end, the new regulations themselves should be so clever that they can be implemented easily and effectively.

Is it enough to focus exclusively on Germany?

I think it is extremely important for Europe to take action. That’s why a European Health Data Space will be set up. Interoperability, interconnectivity, the standardization of certain technical details – all of these factors are the key to preventing the emergence of various isolated solutions that would make cooperation impossible. There are already some initiatives underway that address the international exchange of health data. They aim to identify how standard contractual clauses based on the GDPR can be developed further in order to enable the secure transfer of health data beyond European borders. One thing that I am certain of is that we need a European solution.