Abstract
As with many other countries, Malaysia is also developing and promoting biomedical research to increase the understanding of human diseases and possible interventions. To facilitate this development, there is a significant growth of biobanks in the country to ensure continuous collection of biological samples for future research, which contain extremely important personal information and health data of the participants involved. Given the vast amount of samples and data accumulated by biobanks, they can be considered as reservoirs of precious biomedical big data. It is therefore imperative for biobanks to have in place regulatory measures to ensure ethical use of the biomedical big data. Malaysia has yet to introduce specific legislation for the field of biobanking. However, it can be argued that its existing Personal Data Protection Act 2010 (PDPA) has laid down legal principles that can be enforced to protect biomedical big data generated by the biobanks. Consent is a mechanism to enable data subjects to exercise their autonomy by determining how their data can be used and ensure compliance with legal principles. However, there are two main concerns surrounding the current practice of consent in biomedical big data in Malaysia. First, it is uncertain that the current practice would be able to respect the underlying notion of autonomy, and second, it is not in accordance with the legal principles of the PDPA. Scholars have deliberated on different strategies of informed consent, and a more interactive approach has recently been introduced: dynamic consent. It is argued that a dynamic consent approach would be able to address these concerns.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
Introduction
The rapid development of biomedical technologies has shown that biomedical research is crucial and has great potential. Failing to keep up-to-date with its advancement jeopardises the opportunity to develop and improve public healthcare. Biomedical research requires biospecimens taken from human such as blood, tissue, urine, and others that contain information about donors, including information about their lifestyle, genetic composition, illnesses, and clinical outcomes (Parodi 2015). The traditional way of collecting biospecimens in which samples are taken only for specific studies and are not stored for future research can no longer meet the demands of research.
Thus, biobanks have been established to ensure adequate and constant supply of biospecimens to assist researchers in carrying out their work and developing new discoveries in medicine (Marshall 2001; Martin and Kaye 1999; Medical Research Council 1999). As stated by De Souza and Greenspan (2013), the goal of a biobank is “to collect, store and disseminate specimens and related data”. Therefore, biobanks are vital as reservoirs of human biospecimens and biomedical big data, which can be used for future research with different purposes. The vast amount of biospecimens stored in biobanks contain not only personal information of donors but also their health and genetic information that is shared with their family members (Liao 2009).
Therefore, maintaining the privacy and confidentiality of donors is crucial. Due to the importance in ensuring donors’ privacy and confidentiality is maintained, it is critical to understand how biobanks manage biospecimens and protect the privacy and confidentiality of donors. Many view informed consent as imperative in dealing with this ethical problem. It has been implemented as a mechanism for research subjects to exercise their autonomy by determining how their donated biospecimens and its associated data can be used. There are different models that have been adopted to implement consent, which include the use of specific, broad, blanket, and meta consent. However, there are issues with the implementation of these different models of consent, which use the traditional paper-based approach. For instance, they could be costly and ineffective to implement, particularly in light of the need to ensure a complete and up-to-date record of consent from thousands of research subjects.
Given the large number of research subjects involved in biobanking, especially for population-based biobanks, broad consent model is more often used than that of other models of consent. This paper argues that there is a need to revisit this model and its implementation using a traditional paper-based approach for two main reasons. First, it does not uphold or respect the underlying notion of autonomy, and second, it is not in accordance with the legal principles articulated in the PDPA in terms of protecting the privacy and confidentiality of the associated data generated from the collected human biospecimens. To address these concerns, this paper proposes the consideration of implementing a new model of consent known as “dynamic consent” in Malaysia.
The following sections set out first the development of biobanking in Malaysia and discuss the ethical issues surrounding this area. The different models of consent will also be discussed to address the issues with their implementation. Then, this paper examines the current regulation, the PDPA, to explore how biobanking activities fall within its ambit and argue that the current practice of broad consent does not respect the fundamental principle of autonomy and is not in compliance with the legal principles of the PDPA. This is followed by the examination of the possibility of adopting dynamic consent to satisfy and respect the fundamental principle of autonomy and address the issues of privacy by way of ensuring compliance with the legal principles of the PDPA.
Biobanking development in Malaysia
What is the current state of development?
As with many other countries, Malaysia is developing and promoting biomedical research to increase the understanding of human diseases and possible interventions. The Malaysian Cohort is the first national biobank established and the biggest population-based biobank in the country (Malaysian Cohort, n.d.). It was established in 2005 by the Malaysian government to “address and investigate the rising trends of non-communicable diseases” with an aim to “identify risk factors, to study gene-environment interaction and to discover biomarkers for the early detection of cancers and other diseases” (Jamal et al. 2014). There are more than hundred thousands of participants, aged between 35 and 70, who have been recruited from various socioeconomic groups. It is part of the Asia Cohort Consortium, a network of population-based biobanks across Asian jurisdictions, which includes China, India, Japan, Bangladesh, Korea, Mongolia, Singapore, and Taiwan (Asia Cohort Consortium, n.d.). Being the biggest biobank in Malaysia, it stores the largest amount of human samples in the country, which can be used for epidemiological and biomedical research. As part of the recruitment process, research subjects will be asked about their medical history and their family’s medical background through questionnaires.
Other than the cohort, Malaysia also hosts a number of Artificial Reproductive Clinics, which can be considered as biobanks for storing human gametes. There are also biobanks that offer storage for blood such as Cellsafe International (Malaysia) Sdn. Bhd., Cryocord Sdn. Bhd., and StemLife Berhad. The Malaysian Oral Cancer Database and Tissue Bank System was also established for oral cancer and pre-cancer research in Malaysia to develop intervention techniques that can be put into practice to ensure the quality of life of oral cancer patients (Zain et al. 2005). The tissues and data collected are used for research on genetic profiles, genetic polymorphisms, diagnostics, and prognostic markers. Even though there are already a number of biobanks operating in Malaysia, little is known about its governance due to lack of literature written on this subject matter. This includes the implementation of informed consent and the regulation in maintaining the privacy and confidentiality of biomedical big data collected by the biobanks in the country.
Is there any law governing biomedical big data in Malaysia?
Malaysia has yet to establish specific legislation that governs biobanking. However, to address the privacy issues surrounding the use of biomedical data, one would refer to the Personal Data Protection Act 2010 (Malaysia, Personal Data Protection Act 2010; hereinafter, the PDPA). Section 2 of the PDPA stipulates that the PDPA applies to “any person who processes and any person who has control over or authorizes the processing of any personal data in respect of commercial transaction”. Since biobanks are entities that have the control over and capacity to authorise the process of the collected biomaterials and personal data, they fulfil this clause.
However, if the operation of the biobanks does not involve commercial transactions, it will be excluded from the scope of the PDPA. The PDPA defines “commercial transactions” as “any transaction of a commercial nature, whether contractual or not, which includes any matters relating to the supply or exchange of goods or services, agency, investments, financing, banking and insurance, but does not include a credit reporting business…”. This provision further suggests that private biobanks fall under the purview of this PDPA and public biobanks such as the Malaysian Cohort in principle are not included. However, if the latter involve any commercial transaction, they would then be subjected to the PDPA’s jurisdiction.
It is worth noting that, even though publicly funded biobanks that are not commercial in nature may fall outside the ambit of the PDPA, it does not mean they do not have to operate based on legal principles that are stipulated in the law. Given the law functions to control societal behaviour and implicitly reflects social values, it is imperative for these biobanks to embrace the spirit of the law and the legal principles. By conforming to the principles, it may not only help to ensure public trust but would also be useful to establish and maintain a reputable image, which would facilitate collaboration with other credible biobanks in the future.
According to section 4 of the PDPA, “personal data” refers to any information involved in commercial transactions, which are (i) being processed wholly or partly by means of equipment operating automatically in response to instructions given for that purpose; (ii) recorded with the intention that it should wholly or partly be processed by means of such equipment; or (iii) recorded as part of a relevant filing system or with the intention that it should form part or a relevant filing system, that relates directly or indirectly to a data subject, who is identified or identifiable from that information. Generally, personal data that is governed by the PDPA is the information that relates to data subject who can be identified from the information, which normally includes name, identity card number, and contact details.
The PDPA provides further explication of its scope by making specific reference to this personal data. It has to be processed and could be used directly or indirectly to identify the data subject and defined as information that includes “sensitive personal data”, which is “…consisting information as to the physical or mental health or condition of a data subject” and can only be processed if it is necessary for medical purposesFootnote 1 and explicit consent has been obtained (section 40 (1) of the PDPA). One could infer that any biobank that processes biomedical data that is sensitive in nature and if such data is identifiable to a living person, then (subject to section 2) biobanks fall within the purview of the PDPA.
It is also important to highlight that the PDPA only governs the sensitive personal data extracted from the biospecimens after being “processed…and recorded in a relevant filing system”. This specifically shows that the PDPA does not govern the access to biospecimens, which includes the derivation and transfer of the specimens between biobanks. However, once biomedical data is generated from the biospecimens, access to such data is subjected to the legal principles laid down in this PDPA.
Ethical issues surrounding biomedical big data
There are a number of ethical issues that have been identified and widely debated by scholars (Nuffield Council on Bioethics 2015). However, this paper only focuses on two issues namely autonomy and protection for data privacy.
Respecting the autonomy of research subjects
The collected and stored human biospecimens contain genetic information, which is valuable for many reasons. In theory, the biospecimens can be used to study diseases and the link between one’s genetic makeup and one’s lifestyle. The information carried in one’s biospecimens not only defines one’s personal identity but also contains information of the person’s family members (Liao 2009). Processed genetic information may also reveal the state of health or indicate one’s predisposition to certain diseases, and this extends to family members. Given the sensitivity of the biospecimens and associated data, which could be used to identify research subjects, this gives rise to an important question of how research subjects hold the power to decide on the use of their biospecimens. The right to determine the future use of one’s specimens and personal information signifies one’s right to autonomy.
Protection for data privacy
The use of the specimens and sensitive personal information also gives rise to ethical issues of privacy and confidentiality (Hoeyer et al. 2005; Biller-Andorno and Capron 2016; Tutton and Corrigan 2004; Rothstein 2005). One could question how the privacy of donors of the collected biospecimens and data can be protected. This issue is particularly crucial given the number of biobanks across the globe has grown exponentially, leading to a large volume of biomedical data generated. Some of the largest biobanks in the world that store specimens collected from half a million of individuals or more include the UK Biobank, “All of Us” Biobank in the USA, and Shanghai Zhangjiang Biobank (Orchard-Webb 2018).
To maximise the potential use of the collected biospecimens and generated data to accelerate scientific discoveries, there is a need for collaboration between biobanks both at the local and international levels. This collaboration involves the transfer of the biospecimens and data through biobank networks (Knoppers et al. 2011, b). An issue arises as to what measures are taken, especially by biobanks in Malaysia, to safeguard the privacy and confidentiality of the transferred biospecimens and data. For Malaysia to further develop its biobanking activities and join the international players, there is a need for a regulatory approach that should be able to ensure protection of data privacy.
The following section examines how the traditional models of informed consent have been introduced as an ethical tool to promote autonomy and as a legal basis to protect the privacy and confidentiality of personal data.
Informed consent
Informed consent is recognised worldwide as a fundamental principle in biomedical research, enshrined in the Declaration of Helsinki and Universal Declaration on Bioethics and Human Rights (World Medical Association 2013; UNESCO 2005). It functions as an important ethical tool and legal mechanism to ensure respect for individual’s autonomy and the right to privacy and confidentiality are upheld and respected. Different models of consent have been introduced to ensure emerging technologies such as biobanking can be developed without compromising personal data privacy and individuals’ autonomy. According to the Nuremberg Code (1947, item 1), an “informed consent” requires research subject to know “the nature, duration, and purpose of the experiment; the method and means by which is conducted; all inconveniences and hazards reasonable to be expected; and the effects upon health or person which may be possibly come from his participation in the experiment”. Failing to provide adequate information of a particular research purpose intended would render consent obtained as invalid.
Traditional models of informed consent and its challenging implementation
There are different models of consent that can be adopted, such as broad consent, blanket consent, meta consent, and specific consent. These different models have been introduced and debated by scholars especially on its sufficiency to ensure research subjects are truly informed and the effectiveness of its implementation without being an obstacle to the research progress (Deschênes et al. 2001; Gibbons and Kaye 2007; Hansson 2009; Caulfield and Murdoch 2017).
The specific consent model requires consent to a specific project on the basis of specific information about that project that is disclosed to research subjects. Broad consent only requires consent to broad categories of research and broad information as to how data would be used. Blanket consent refers to consent given without having any restrictions, which means researchers or biobanks are free to use the collected biospecimens and personal information for any purpose. Meta consent model provides research subjects with the option to decide how they would give consent in the future, which means they could choose a different model of consent when making decision in the future. The challenges of the implementation of these different models of consent have been widely debated, and some of the relevant challenges are highlighted in this paper without making reference to the whole spectrum of the debate.
Traditionally, informed consent–taking processes employed by researchers, regardless of the different models mentioned, require research subjects to give their explicit consent by signing an informed consent form—a paper-based approach. This approach can be a time-consuming exercise unless blanket consent is being used, which means there is no need for research subjects to be re-contacted in any circumstances. However, if research subjects provide only specific consent, which means they only consent for certain use of their donated specimens at the time of consent taking, biobanks are ethically obliged to re-contact them if their specimens or personal data need to be transferred or used for different purposes.
This could be burdensome if it involves a population-based biobank, which deals with hundreds of thousands of research subjects. It is not only time consuming to re-contact a large number of research subjects but it can also be costly. It could be even more time consuming when research subjects have difficulties in understanding the information provided. This could also be an obstacle for research progress, especially if there is no way to re-contact research subjects.
The application of broad consent in biobanking
Can broad consent uphold autonomy?
In biobanking, it is difficult to ascertain information on future research (Kaye et al. 2011; Kaye et al. 2012) and it may be difficult to re-contact research subjects in a pool of big data. This has resulted in broad or blanket consent often being used in the biobanking sector. If broad and blanket consent models were adopted, there would be no process of re-consent needed for any particular use of samples in the future. Such an approach allows researchers to use the data without having to re-contact research subjects for re-consent purposes (Caulfield 2007; Master et al. 2015). Some have argued that, technically, it is not disrespecting individuals’ autonomy if research subjects have consented in the beginning of the process that they do not need to be informed of anything and agreed to let others to make decision for them, and that this should be regarded as an informed consent as well (Sheehan 2011). However, others have argued that, in principle, broad consent does not uphold and satisfy the underlying notion of autonomy (Beauchamp and Childress 2001) since the approach does not offer sufficient protection for data privacy and ensure data subjects are truly informed of how their specimens and biomedical data would be used in the future at the time consent is taken.
The legal principles of PDPA
There are some legal principles of the PDPA, which demonstrate that the PDPA can be used to uphold the autonomy of research subjects. However, it is argued that the application of broad consent could undermine the spirit of the legal principles.
Can broad consent conform to legal principles in PDPA to uphold the principle of autonomy?
Under its General Principle, section 6 (1) of the PDPA states “a data userFootnote 2 shall not…process personal data about a data subjectFootnote 3 unless the data subject has given his consent to the processing of the personal data”. This shows the PDPA has established that it is imperative for biobanks to respect the autonomy of research subjects by way of obtaining consent from the data subject to process personal data. Sensitive personal data, in particular, can only be processed if it is necessary for medical purposes and explicit consent has been obtained (section 40 (1) of the PDPA). The use of broad consent would not undermine this principle specifically since research subjects will normally be asked to give explicit consent by way of signing an informed consent for their personal data to be processed at the time of recruitment.
However, broad consent could undermine the Disclosure Principle as well as the Notice and Choice Principle of the PDPA. Section 8 of the PDPA stipulates that no personal data shall be disclosed without the consent of the data subject for any other purposes but with some exceptions.Footnote 4 Based on the Notice and Choice Principle, the data subject must be informed prior to the sharing or transfer of data. If it involves any third party that is not made known to the data subject initially, the law requires the biobank to re-contact the data subject for re-consent. This principle is particularly vital given the fact that it is likely for biomedical data to be shared among biobanks to accelerate scientific research and facilitate the flow of knowledge (Budin-Ljosne et al. 2011). An issue may arise: if broad consent is applied, research subjects will not be re-contacted to give consent for the transfer of their samples and data.
This analysis demonstrates that the legal principles discussed above would not be adhered to if broad consent were adopted. The following section further discusses the implications of adopting broad consent on the legal principles of PDPA to protect the privacy of biomedical big data.
Can broad consent conform to the legal principles of the PDPA to protect the privacy of the biomedical big data?
Subsequently, one could question what measures are provided by the PDPA to protect the privacy of the data and ensure ethical use and transfer of the biomedical big data. This is particularly important, given the fact that it is likely that Malaysian biobanks collaborate with other biobanks through local or international networks, which would require the transfer of data (Knoppers et al. 2011, b).
This section underscores the legal principles that are incorporated in the PDPA to demonstrate its application in protecting the privacy of biomedical big data and the adoption of consent as a regulatory mechanism to ensure ethical conduct. This can be seen through the adoption of the Security Principle and Data Integrity Principle.
The PDPA requires the respect for Security Principle as provided under section 9. Data user shall adopt measures “to protect personal data from any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction” by considering the security measures incorporated into any equipment where the data is stored, the reliability and integrity of personnel having access to the data, and the measures to ensure the secure transfer of the data.
Data users are also legally obliged under section 11 to ensure that the data stored is “accurate, complete, not misleading and kept-up-to-date” to uphold the Data Integrity Principle. This principle is particularly important for biobanks, especially population-based biobanks, which have control over a vast amount of data. Therefore, it is vital for biobanks to adopt a system that is useful and effective in ensuring that the biomedical big data stored is in accordance with the Data Integrity Principle.
It can be seen that the principles further impose the burden and duty on biobanks, as the data users to protect the privacy of the date by adhering to the security and data integrity principles. Nevertheless, this burden could be avoided if broad consent is adopted by biobanks whereby such consent would have released biobanks from the duty to abide with the legal principles especially to re-contact research subjects to update the stored data. Also, given the traditional use of paper-based approaches, one could argue that it would be impossible to keep a record of hundreds of thousands of research subjects complete and up-to-date. Also, technically, if broad consent is given, the issue of an unauthorised disclosure would not resurface.
The analysis above has shown that the PDPA has laid down the legal principles that can be enforced to address the issue of data privacy involving biomedical big data. However, the spirit or objective of the legal principles can be undermined by the application of broad consent, even more so, if it relies on the traditional paper-based approach.
Another recently introduced approach, dynamic consent, has been argued to be an alternative that could address the concerns discussed above.
Dynamic consent model
The issue of the implementation of traditional models of consent in the biobanking sector has been widely discussed, and it has led to a rather complex debate. In recent years, the debate has resulted in the introduction of a conceptual shift from paper-based informed consent forms to the more interactive approach of dynamic consent, which leverages on technological advancement (Kaye et al. 2015).
Dynamic consent is not a new model of consent; instead, it is an interactive approach that promotes individuals’ autonomy to a higher standard since it is tailored to the preference of participants should they wish to adopt different types of consent at any given different time with additional advantages (Kaye et al. 2015). Its interactive interface features offer less operational cost and enable researchers to re-contact research subjects for re-consenting purposes in a more efficient way. It also uses new privacy-enhancing techniques such as homomorphic encryption, which enables collected information to remain encrypted while being processed, protecting identifiable information. The interface provides readily available information to data subjects, and the sharing data process can be tracked by data subjects.
One could argue that such feature would increase transparency and ensure accountability of the operational control, whereby data subjects could access this information in real time (Williams et al. 2015). They can also use the dynamic consent platform to indicate their preference to modify consent, and update and amend their personal details, as well as to withdraw from the research project. Researchers can also utilise its interface feature to provide information to research subjects or update them from time to time as to how their samples and data have benefited any research project. This can be seen as a good approach to help improve scientific literacy among the public.
The following sections discuss how the implementation of dynamic consent could satisfy the need to respect autonomy and facilitate the implementation of consent that could be in accordance with the spirit of the legal principles outlined in the PDPA.
Upholding autonomy with dynamic consent
One could also argue that allowing research subjects to opt for broad and blanket consent does not empower them to exercise their autonomy in the long run as they would not know what happens to their data and the outcome of the research. Such an approach is not in line with the fundamental principle in biomedical research of respect individuals’ autonomy (Steinsbekk et al. 2013). Even though research subjects have opted for broad or blanket consent, this does not mean they do not have to know how their personal data is being used and what will happen to it in the future (Hofmann 2009). It is highly likely that they would not be informed, especially with the current paper-based approach, which is not the most convenient system to facilitate researchers to re-contact research subjects especially for population-based biobanks. Research subjects should be given an avenue that enables them to revisit their decision. They should have the options whether to continue with the participation or withdraw from the research in the future (Hansson et al. 2006).
This issue could be addressed by adopting dynamic consent. By having direct access to their data on an interface platform, research subjects could stay informed of the research progress and how their data is being used in real time, even though they have indicated that their consent need not be sought (Kaye et al. 2015). Such an approach allows or provides them with the opportunity to amend their preference should they have a change of mind in the future. If they wish to withdraw consent, they only need to access the interface platform whenever and wherever convenient to them. This is in contrast to paper-based approach, which would require more effort and may be off-putting, resulting in research subjects choosing to forego their right to autonomy. In view of this, a dynamic consent approach could ensure a more meaningful and informed decision, even if research subjects choose broad or blanket consent. The perception towards the idea of broad and blanket consent could be changed through the implementation of dynamic consent to give the true meaning of informed consent, which is to empower research subjects to make an informed decision.
For research subjects who only provide specific consent, dynamic consent approach could also empower them to self-educate. They will have access to the information about the research, and they will also be able to communicate and engage with researchers in real time, and this allows them to obtain more information about the research activities if they have any concerns or queries whenever and wherever they wish (Kaye et al. 2015). They could also be updated with the research outcome through the interactive interface. This approach could also benefit researchers in terms of research subjects’ retention whereby they could easily get in contact with research subjects on the platform, as well as get opinions from the latter, which could be useful for research (Kaye et al. 2012).
Protecting data privacy: conforming with PDPA legal principles
As highlighted earlier, it could be a challenging task to re-contact research subjects using the traditional paper-based approach. This could be particularly troublesome when researchers are dealing with hundreds of thousands of research subjects and a large volume of personal data. Without a monitoring system, it is uncertain as to whether there is compliance with the re-consent requirement. Also, as argued earlier, research subjects who opted for blanket and broad consent may have completely lost contact with researchers and would not know if their data are transferred to other biobanks. This contradicts the Disclosure Principle as well as the Notice and Choice Principle, which emphasise on the importance to obtain consent before personal data is disclosed to a third party. The enforcement of these Principles would be more feasible if dynamic consent is employed because of its interactive aspects that could easily facilitate communication between researchers and research subjects.
Unlike the traditional approach, dynamic consent could also facilitate the enforcement of Data Integrity Principle and Security Principle. If data subjects have direct access to the data on the interface, they would know if the data is modified, altered, or destroyed. The interface could leverage on the technological feature similar to the feature used by Google drive and Dropbox, whereby the system can specifically indicate who has been granted access to the personal data. Such transparency and security could not be guaranteed if a paper-based approach is used. As mentioned in the beginning of this paper, dynamic consent incorporates security measure known as homomorphic encryption, a new privacy-enhancing technique (Kaye et al. 2015). This will enable encrypted information to remain as it is when it is being processed to avoid deidentification. Such measure is in line with the Security Principles of the 2010 Act, which requires data users to adopt security measures to ensure the security of the personal data.
The issue of research subjects lacking access to their personal data and researchers would have an impact on the spirit of the enforcement of the Access Principle. The Access Principle requires that research subjects be given access to the personal data to keep the data updated, accurate, and not misleading. This could be burdensome if researchers adopted a paper-based approach and must keep updating the large volume of data themselves. One could argue that it is almost impossible to fulfil the principle using this approach in the field of biobanking. Instead, the alternative and reliable option would be to adopt dynamic consent approach. Research subjects could play an active role by updating their own data, making it cost effective and not burdensome for both parties. The interactive platform of the dynamic consent approach also would enable research subjects to have access to and update their data in real time whenever and whenever that is convenient to them.
Given dynamic consent does not conform to one particular model of consent, and it is an interactive approach using interface platform rather than paper-based, it can be argued that it offers flexibility concerning the different types of models of consent to be adopted in a regulatory system (Kaye et al. 2015). Consequently, this interactive approach would be able to stay relevant and adapt to any new consent model developed in the future.
Notwithstanding the advantages, scholars have also identified the challenges in implementing this approach, which include the issues of lack access to technology accessibility and “digital divide” between younger and older generations (Prictor et al. 2018). Nonetheless, it can be said that dynamic consent, in theory, could facilitate the enforcement of the legal principles as outlined in the 2010 Act. For Malaysia to adopt this approach, it is important to carry out further research on its implementation with considerations to the local context to identify what would be the possible challenges that Malaysia could be facing other than the challenges that have already been identified by scholars.
As mentioned above, the data stored in biobanks could be generated from the collection of biospecimens that belong to a huge population of data subjects. Some information could have been generated decades ago. However, it could be challenging for biobanks as data users to do it themselves from time to time, especially given the current practice which could be consent form filling or phone conversation. One could argue that the involvement of data subjects in maintaining the stored data in a more interactive way could be a desired option. This means they definitely need to be given the access to their data as promoted by the Access Principle. In addition, this measure would further enhance the concept of autonomy.
Section 12 of the PDPA gives prominence to the Access Principle by stating that “data subject shall be given access to his personal data held by a data user and be able to correct that personal data whether the personal data is inaccurate, incomplete, misleading or not-up-to-date”. One could argue that this principle also complements the Data Integrity Principle and is very much pertinent for the organisation and “housekeeping” of biomedical big data.
Conclusion
Malaysia has joined other countries in the effort to develop biomedical research. In so doing, the government has established a national biobank, which stores the largest number of biospecimens in the country. There are also other biobanks operating both in the private and public sectors. Currently, there is no specific legislation to govern these biobanks. However, it has been shown that biomedical data generated from the biospecimens collected and stored in the biobanks would fall within the ambit of the Personal Data Protection Act 2010 if its use involves commercial transactions and could directly or indirectly be used to identify a data subject.
The PDPA provides measures to safeguard the privacy of the biomedical data by requiring compliance with a number of legal principles and the implementation of consent as a regulatory tool. Nonetheless, the analysis in the preceding sections has shown that the application of consent using traditional approaches has a number of shortcomings, especially the application of broad consent by population-based biobanks. Traditional approaches not only fail to empower research subjects to exercise their autonomy but also do not conform to the legal principles stipulated in the PDPA. Further analysis has demonstrated that the dynamic consent approach, which uses an interactive interface, has the ability to provide useful means to overcome the issues identified. Nevertheless, the application of dynamic consent is not without any challenges. There is a need for a separate study to further research the possibility of its implementation in Malaysia by considering its feasibility based on the local social, economic, and political climate.
Notes
“Medical purposes” refers to “the purposes of preventive medicine, medical diagnosis, medical research, rehabilitation and the provision of care and treatment and the management of healthcare services.” See section 40 (4) of the Malaysia Personal Data Protection Act 2010.
‘Data user’ refers to “a person who either alone or jointly or in common with other persons processes any personal data or has control over or authorises the processing of any personal data, but does not include a data processor.” See section 4 of the Malaysia Personal Data Protection Act 2010.
“Data subject” refers to “an individual who is the subject of the personal data.” See section 4 of the Malaysia Personal Data Protection Act 2010.
(i) “for the purpose for which the personal data was to be disclosed at the time of collection of the personal data”; (ii) “a purpose directly related to the purpose referred to in subparagraph (i)”; or (iii) to any party other than a third party that was already informed to the research subjects at the beginning of the collection
References
Asia Cohort Consortium. n.d. Participating Cohorts. available at https://www.asiacohort.org/ParticipatingCohorts/index.html. Accessed 30 Sept 2018.
Beauchamp, Tom L., and James F. Childress. 2001. Principles of biomedical ethics. New York, NY: Oxford University Press.
Biller-Andorno, Nikola, and Alexander M. Capron. 2016. Ethical issues in governing biobanks: Global perspectives. New York: Routledge.
Budin-Ljøsne, Isabelle, Anne Marie Tassé, Bartha M. Knoppers, and Jennifer R. Harris. 2011. Bridging consent: from toll bridges to lift bridges? BMC Medical Genomics 4 (1): 69. https://doi.org/10.1186/1755-8794-4-69
Caulfield, Timothy. 2007. Biobanks and blanket consent: The proper place of the public good and public perception rationales. King’s Law Journal 18 (2): 209–226. https://doi.org/10.1080/09615768.2007.11427674
Caulfield, Timothy, and Blake Murdoch. 2017. Genes, cells, and biobanks: Yes, there’s still a consent problem. PLoS Biology 15 (7): e2002654. https://doi.org/10.1371/journal.pbio.2002654
De Souza, Yvonne G., and John S. Greenspan. 2013. Biobanking past, present and future: Responsibilities and benefits. AIDS27 (3): 303-312. https://doi.org/10.1097/QAD.0b013e32835c1244
Deschênes, Mylène, G. Cardinal, Bartha M. Knoppers, and K.C. Glass. 2001. Human genetic research, DNA banking and consent: A question of ‘form’? Clinical Genetics 59 (4): 221–239. https://doi.org/10.1034/j.1399-0004.2001.590403.x
Gibbons, Susan M.C., and Jane Kaye. 2007. Governing genetic databases: Collection, storage and use. King’s Law Journal 18 (2): 201–208. https://doi.org/10.1080/09615768.2007.11427673
Hansson, Mats G. 2009. Ethics and biobanks. British journal of cancer 100 (1): 8-12. https://doi.org/10.1038/sj.bjc.6604795
Hansson, Mats G., Joakim. Dillner, Claus R. Bartram, Joyce A. Carlson, and Gert Helgesson. 2006. Should donors be allowed to give broad consent to future biobank research? Lancet Oncology 7 (3): 266–269. https://doi.org/10.1016/S1470-2045(06)70618-0
Hoeyer, Klaus, Bert-Ove Olofsson, Tom Mjörndal, and Niels Lynöe. 2005. The ethics of research using biobanks: Reason to question the importance attributed to informed consent. Archives of internal medicine 165 (1): 97–100. https://doi.org/10.1001/archinte.165.1.97
Hofmann, Bjørn. 2009. Broadening consent—And diluting ethics? Journal of Medical Ethics 35 (2): 125–129. https://doi.org/10.1136/jme.2008.024851
Jamal, Rahman, Syed Zulkifli Syed Zakaria, Mohd Arman Kamaruddin, Nazihah Abd Jalal, Norliza Ismail, Norkhamiwati Mohd Kamil, Noraidatulakma Abdullah, Norhafizah Baharudin, Noor Hamidah Hussin, Hanita Othman Nor Muhammad Mahadi, and the Malaysian Cohort Study Group. 2014. Cohort profile: The Malaysian Cohort (TMC) project: a prospective study of non-communicable diseases in a multi-ethnic population. International Journal of Epidemiology 44 (2): 423-431. https://doi.org/10.1093/ije/dyu089
Kaye, Jane, Edgar A. Whitley, Nadja Kanellopoulou, Sadie Creese, Kay J. Hughes, and David Lund. 2011. Dynamic consent: a solution to a perennial problem? In BMC 343: d6900. https://doi.org/10.1136/bmj.d6900
Kaye, Jane, Liam Curren, Nick Anderson, Kelly Edwards, Stephanie M. Fullerton, Nadja Kanellopoulou, et al. 2012. From patients to partners: Participant-centric initiatives in biomedical research. Nature Reviews Genetics 13 (5): 371-376. https://doi.org/10.1038/nrg3218
Kaye, Jane, Edgar A. Whitley, David Lund, Michael Morrison, Harriet Teare, and Karen Melham. 2015. Dynamic consent: A patient interface for twenty-first century research networks. European Journal of Human Genetics 23 (2): 141-146. https://doi.org/10.1038/ejhg.2014.71
Knoppers, Bartha M., Jennifer R. Harris, Anne Marie Tassé, Isabelle Budin-Ljøsne, Jane Kaye, Mylène Deschênes, and Ma'n H. Zawati. 2011. Towards a data sharing code of conduct for international genomic research. Genome Medicine 3 (7): 46. https://doi.org/10.1186/gm262
Liao, S.M. 2009. Is there a duty to share genetic information? Journal of Medical Ethics 35 (5): 306–309. https://doi.org/10.1136/jme.2008.027029
Malaysia, Privacy and Data Protection Act 2010
Malaysian Cohort. n.d. Introduction. available at http://www.ukm.my/mycohort/ms/pengenalan/. Accessed 29 Sept 2018.
Marshall, Eliot. 2001. Company plans to bank human DNA profiles. Science 291 (5504): 575. https://doi.org/10.1126/science.291.5504.575A
Martin, Paul, and Jane Kaye. 1999. The use of biological sample collections and personal medical information in human genetics research. London: The Wellcome Trust. Available at https://wellcome.ac.uk/sites/default/files/wtd003283.pdf. Accessed 22 May 2019.
Master, Zubin, Lisa Campo-Engelstein, and Timothy Caulfield. 2015. Scientists’ perspectives on consent in the context of biobanking research. European Journal of Human Genetics 23 (5): 569-574. https://doi.org/10.1038/ejhg.2014.143
Medical Research Council. 1999. Human tissue and biological samples for use in research. Report of the Medical Research Council Working Group to develop operational and ethical guidelines. London: Medical Research Council.
Nuffield Council on Bioethics. 2015. The collection, linking and use of data in biomedical research and health care: Ethical issues. Available at http://nuffieldbioethics.org/wp-content/uploads/Biodata-a-guide-to-the-report-PDF.pdf. Accessed 31 March 2019.
Nuremberg Code. 1947.
Orchard-Webb, David. 2018. 10 largest biobanks in the world. Biobanking.com, 28 May 2018. Available at https://www.biobanking.com/10-largest-biobanks-in-the-world/. Accessed 29 Sept 2018.
Parodi, Barbara. 2015. Biobanks: A definition. In Ethics, Law and Governance of Biobanking: National, European and International Approaches, edited by Deborah Mascalzoni, 15-19. Dordrecht: Springer.
Prictor, Megan, Harriet J.A. Teare, and Jane Kaye. 2018. Equitable participation in biobanks: The risks and benefits of a “dynamic consent” approach. Frontiers in Public Health 6: 253. https://doi.org/10.3389/fpubh.2018.00253
Rothstein, Mark A. 2005. Expanding the ethical analysis of biobanks. The Journal of Law, Medicine & Ethics 33 (1): 89–101. https://doi.org/10.1111/j.1748-720X.2005.tb00213.x
Sheehan, Mark. 2011. Can broad consent be informed consent? Public Health Ethics 4 (3): 226–235. https://doi.org/10.1093/phe/phr020
Steinsbekk, Kristin Solum, Bjørn Kåre Myskja, and Berge Solberg. 2013. Broad consent versus dynamic consent in biobank research: Is passive participation an ethical problem? European Journal of Human Genetics 21 (9): 897-902. https://doi.org/10.1038/ejhg.2012.282
Tutton, Richard, and Oonagh Corrigan, eds. 2004. Genetic databases: Socio-ethical issues in the collection and use of DNA. Abingdon: Routledge.
UNESCO. 2005. Universal declaration on bioethics and human rights.
Williams, Hawys, Karen Spencer, Caroline Sanders, David Lund, Edgar A. Whitley, Jane Kaye, and William G. Dixon. 2015. Dynamic consent: A possible solution to improve patient confidence and trust in how electronic patient records are used in medical research. JMIR Medical Informatics 3 (1): e3. https://doi.org/10.2196/medinform.3525
World Medical Association. 2013. World Medical Association Declaration of Helsinki: Ethical principles for medical research involving human subjects. JAMA 310 (20): 2191-2194. https://doi.org/10.1001/jama.2013.281053
Zain, R.B., R.J. Raja Latifah, I.A. Razak, S.M. Ismail, A.R. Samsuddin, S.A. Atiya, B.Y. Hashim, A. Jallaludin, W.M. Nasir, S.C. Cheong, A.Z. Bustam, W.M.W. Mahadzir, M.T. Abraham, Z.A.A. Rahman, G. Krishnan, N.P. Kipli, J. Norma, K.K. Tay, and K.M.Yuen. 2005. Oral cancer and precancer research in Malaysia - The database and tissue resource bank. Oral Oncology 1(1), 123–123. https://doi.org/10.1016/s1744-7895(05)80305-0
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Abdul Aziz, M., Mohd Yusof, A. Can dynamic consent facilitate the protection of biomedical big data in biobanking in Malaysia?. ABR 11, 209–222 (2019). https://doi.org/10.1007/s41649-019-00086-2
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41649-019-00086-2