What GDPR and the Health Research Regulations (HRRs) mean for Ireland: “explicit consent”—a legal analysis

Abstract

Abstract Background Irish Health Research Regulations (HRRs) were introduced following the commencement of the General Data Protection Regulation (GDPR) in 2018. The HRRs set out supplementary regulatory requirements for research. A legal analysis presented under the auspices of the Irish Academy of Medical Sciences (IAMS) on April 8 and November 25, 2019 at the Royal College of Surgeons in Ireland welcomed the introduction of GDPR and the HRRs. The analysis found the GDPR “explicit consent” introduced by the HRRs is problematic. A call was made to regulate informed consent in line with the common law as an achievable alternative safeguard, bringing Ireland in line with other EU Member States. Aims This article aims to review academic papers, legal opinion, EU opinion and advice and data protection law in relation to research and explicit consent, in order to examine the legal burden of GDPR and the HRRs on health research in Ireland and to determine whether the analysis presented at the IAMS meetings is reflected more widely in legal text. Methods Legal literature review of academic papers, legal opinion, EU opinion and advice and data protection legislation. Results The legal literature review overwhelmingly supports the concerns raised. Conclusions Our results confirm the GDPR explicit consent requirement of the HRRs is having had a significantly negative and far-reaching impact on the conduct of health research in Ireland. Urgent review of the HRRs and meaningful engagement between the health research community and legislators in healthcare is required.