DNA RESEARCH FIRM Genomics Medicine Ireland has said that uncertainty in data protection rules has made it “more difficult” to make everyday business decisions.
Genomics Medicine Ireland, or GMI, conducts research on DNA samples to find new health treatments. It collects these samples from volunteers and is opening a new facility in Dublin city centre.
In 2018, the company was acquired by WuXi NextCODE, a US-based genomics research outfit once linked to Chinese pharma company WuXi Apptec.
Last year, a few months after the EU’s stringent General Data Protection Regulation (GDPR) came into effect, GMI wrote to the Department of Health to air concerns around how the rules would be enforced in Ireland for groups conducting health research.
The concerns mostly centred around the need to regain consent from individuals, according to the company, which is laid out in health research regulations in the government’s data protection act.
GMI said in the letter, released under freedom of information laws, that explicit consent is not needed under GDPR if the data processing is necessary for health research.
On the flip side, it said that the Irish regulations state that “explicit consent of the data subject must be obtained” in these situations.
Data controllers like GMI can get an exemption to this in the form of a ‘declaration’ from a committee appointed by the health minister.
This can be granted in cases where there is a public interest or the controller obtained consent for health research processing per previous rules and this consent has not been withdrawn.
GMI put several questions to the department around the status of this committee set-up and how the process for engaging with it will work.
It also raised concerns over how practicable it will be for the committee to review all declaration submissions by the 30 April deadline and whether it will be extended.
When contacted by Fora, GMI declined to comment on the matter.
GMI said in its letter that it faces several barriers to regaining consent for the use of data from volunteers.
The company said in many cases it does not hold any contact details for the volunteers it collects DNA from – much of the information is ‘pseudonymised’ to strip it of personal identifiers.
It added that contacting patients could cause distress as they may “not wish to be reminded of a time of serious illness” or in the event of contacting families of the deceased, it would cause “undue upset”.
According to GMI, the lack of clarity in the data protection rules could lead to medical research in Ireland missing out on the “unique rich resource of data and samples”.
It could “even lead potentially to research projects being located in other jurisdictions”, the letter said.
“The longer the period of uncertainty continues, the more difficult it becomes for us to make every day business decisions,” it added.
Prior to its acquisition last year, GMI has raised $40 million in funding from backers that included Google investment arm GV and the Irish government’s sovereign wealth fund, the Ireland Strategic Investment Fund.