Further use of data – how, why and for whose benefit?
On 14 March we organised a workshop for Connected Health cluster (led by Tehnopol) members on the topic of the further use of data. The event was the first in a series of workshops focussing on the use of health data. It covered two main areas: the legal acts regulating data use; and the future digital state. Information was also provided about the applied research centre which is currently being set up.
Discussions of the further use of data inevitably involve talking about the European Union’s General Data Protection Regulation (GDPR). The regulation is designed to ensure that our personal data are protected and that we know how they are being used.
From a legislative standpoint, what is the further use of data? Lise-Lotte Lääne, who oversees the fields of medicine and health care in the Estonian office of Sorainen, says that although the GDPR does not define the term directly, is does employ the term ‘further use’. There is more and more talk of data being collected for one purpose which is then sought to be used for another, which has led to the terms ‘secondary use’ and reuse’ also being adopted.
In the field of health we often speak of the use of ‘special category data’, which are also highlighted in the GDPR and which include health data. In their case there are more restrictions on the processing of personal data than there are for ‘ordinary’ kinds. There must be a legal basis for the processing of the data, arising from the GDPR.
Lääne says there are quite a few issues with the GDPR at the moment since a number of bottlenecks have emerged in its interpretation in the five years since it was adopted. If we start thinking about how to make data more easily accessible and usable for innovation purposes in Estonia, the entire process has to be carefully considered and a fresh eye cast over the GDPR.
In Estonia, the processing of data for research and statistics is regulated by the Personal Data Protection Act, which enables data to be processed for research purposes with certain protection measures being put in place. However, Lääne says that here too there are bottlenecks. The act was adopted in 2018 in accordance with the foremost knowledge available at the time, but today there are various ethics committees often with varying outlooks – so it is not rare for it to take up to 1.5 years before a company wishing to carry out research obtains all of the data it needs.
Lääne says that if we want to set up a data centre in Estonia that is established on transparent conditions and whose services are available to companies for research purposes at a fair price, we should consider the option of forming one central ethics committee to decide whether and how data may be used. Said committee should be independent, which is to say it should not operate as part of the data centre itself. This would enable both the number of ethics committees and the multiplicity of decisions to be reduced.
In general, Lääne feels that current legislation should be reviewed, since at present there is a large number of registers in regard to which it is difficult to grasp why they collect the data they do, how they guarantee the protection of personal data, where the data end up and for what purpose.
Lääne says an objective or vision whereby it would be possible in Estonia to amalgamate the data in various registers and make them more easily accessible would be very welcome, as it would also enable conclusions to be drawn by cross-referencing the data and some benefit to society to be produced in the final stages.
The digital state and applied research
Nele Nisu, the programme manager for the reuse of data with the Ministry of Economic Affairs and Communications, spoke at the workshop about the future of the digital state. With more data constantly being generated, she admitted that there is no escaping either data or their management. Innovation is needed, she said, otherwise we will ultimately be unable to cope with such a volume of data.
In order to reuse data it is important to know who holds the data and how high-quality it is. At present there is no central information point which individuals and companies could turn to in order to find out what data have been collected, who manages the data and how the data are used.
Nisu feels that there is great potential for the use of artificial intelligence and that both data management and innovation should be enhanced in this area.
Mart Toots, the head of development with the newly merged Enterprise Estonia and Kredex, closed out the day by discussing applied research and providing details of the centre dedicated to it which is currently being set up.
The applied research programme of Enterprise Estonia and Kredex supports the development of innovative products and enables new and significantly amended technologies, processes, products and services to be developed. The programme provides both consultation services and financial support for applied research. Applications will open again in autumn, with consultations to that end already being offered.
The aim of the applied research centre is to offer companies support services in order for them to be able to carry out knowledge-intensive product development. The centre is being established as part of AS Metrosert, to which it will add five areas of operations: biorefining; drone technologies; autonomous vehicles; hydrogen technologies; and health data.