The European Committee for Standardization (CEN) has developed draft CEN Workshop Agreement (CWA) 17933.
This agreement is a draft of a good practice guide on user consent that will help organisations and scientific associations that undertake research to develop and evaluate digital health innovations. The guide’s aim is to assist organisations to obtain from individuals the most appropriate form of consent (whenever the bodies are piloting and evaluating digital health innovations or are conducting research).
An “open commenting phase” on the draft guide started. Your comments are needed as soon as possible on the draft guidelines. Comments – in a “commenting form” – will be accepted until April 18 2023.
On March 20 2023 and 14 April 2023, workshops were held that outlined the draft guidelines’ content.
Read some pointers on the purposes underpinning the CEN CWA draft guide.
A draft guide on user consent: Some initial pointers
The intention of the CEN Workshop Agreement 17933 guide is to complement a number of European and international standards that already deal with more formal considerations regarding consent for the processing of personal data.
The CEN draft guide has been produced because many contemporary initiatives have indicated a need to understand aspects of consent better.
There is, for example, a need to understand:
- how to seek consent in an efficient and comparable manner,
- how to take into account ethical and data protection requirements,
- how to word consent forms needed for a specific study,
- how to obtain ethics committee approval before a study is begun.
When research is to take place, consent can be sought at various stages. Here, some insights are offered into how this takes place in pilots, through evaluation instruments, and with real-world data.
The guide can also serve, therefore, as a basis for the collection of consent for various research purposes.
User consent for research
It is a recognised challenge to seek consent for data gathered during a piloting phase or through evaluation instruments (when the data will be re-used as a dataset for future research by other organisations, possibly in other countries). If data re-use is intended, then it is appropriate to check whether the re-use is (a) covered by the initial consent obtained or (b) there should be a separate request made for consent to the specific data re-use.
User consent for real-world data
Health services and public health research also make use of routinely collected data (i.e., real-world data) for purposes like quality improvement, safety monitoring, public health surveillance, and population health strategies. Public and private sector research organisations make use of real-world data to improve the understanding of diseases, and to develop and evaluate new treatments and other care interventions.
If these kinds of research include the use of personal health data, whether the data is fully identified or pseudonymised, the 2016 European General Data Protection Directive (GDPR) requires that the data controller or data processor uses the data based on an entirely legitimate (legal) basis. This legitimate basis is often, but not always, informed consent obtained from each data subject.