Increasing international collaboration in health research raises new challenges for privacy and data protection laws relating to health data.
Advocates of ‘open science’ promote sharing medical data and benefits resulting from medical research with the international community as a desirable international norm. International instruments such as the OECD Privacy Guidelines and the Council of Europe Convention 108 approach international transfer of data, including health data, as something which should be not only allowed but encouraged. Free flow of health data, while enhancing the quality of research and benefits made available to the public, presents difficulties in meeting the expectations of persons who contribute their data to these endeavours. Privacy protection is particularly challenging where sensitive health data moves between jurisdictions with non-harmonised data protection regimes.
A survey of Australian attitudes to privacy points to high levels of concerns regarding personal data being transferred to other countries. Concerns identified with regard to sharing medical data generally, particularly apprehensions of loss of control and lack of trust, may be magnified when medical data is transferred internationally.
This paper examines the manner and degree to which Australian privacy and data protection law addresses these concerns and compares the Australian law to approaches of the GDPR and other jurisdictions with regard to international transfer of health data. Based on this examination, the paper interrogates the ‘dual role’ of the law, ensuring free flow of data while protecting the privacy rights of individuals, and draws conclusions regarding the key factors directing its evolution.