Overly strict interpretation of the data protection law is hampering epidemiological research (the study of the causes, distribution, and control of disease in populations), argue researchers in this week's British Medical Journal.
The UK Data Protection Act 1998 is intended to accommodate medical research. The law allows personal information to be used and disclosed without explicit consent, subject to certain safeguards, when it is impractical to obtain consent and an important public interest is at stake.
Despite this, some data controllers continue to interpret the law in a restrictive way, write the authors.
They describe how such interpretation of the law currently threatens a planned study of UK military personnel who served in Bosnia so much that if it were to proceed, the results are likely to be too small and biased to reach useful conclusions.
They argue that adverse events or detriment from participation in epidemiological research are extremely rare and they call for a less rigid policy towards data sharing in this type of research.
"We are not arguing that epidemiological research should always proceed without consent. But it should be allowed to do so when the privacy interference is proportionate," they write. "Regulators and researchers need to improve their ability to recognise these situations and adjust their approach."