Miranda is a Researcher in Law within HeLEX. Her work mostly focuses on privacy, confidentiality and data protection in health and life sciences research. She has a particular interest in how the law characterises anonymity, and how the concept of ‘reasonableness’ applies to Big Data practices.  

Her current work centres on the Governing Biomodification project: mapping the laws, standards and policies which collectively regulate new ‘biomodifying’ technologies such as gene editing. This project is funded by the Leverhulme Trust to provide an evidence base for appropriate, flexible and socially responsive governance in the biotechnology sector. She also helps to lead a Legal and Ethical work package in the Horizon 2020 project EU-STANDS4PM, which is seeking to provide standards for in silico modelling within personalised medicine. She provides ongoing support to the DIabetes REsearCh on patient straTification (‘DIRECT’) consortium, and has done some consultancy work on research council projects. 

Miranda joined HeLEX in 2017, working as part of the Administrative Data Research Network. She qualified as a barrister in 2014 and practised within a healthcare specialist team, providing advice and representation to the NHS on a range of patient-related issues. Much of her work as a barrister was in a mental health context, involving patients with fluctuating mental capacity. She retains an interest in healthcare law


Displaying 1 - 9 of 9. Sorted by year, then title.
Filter by
  • K L Mansfield, J E Gallacher , M Mourby and M Fazel, 'Five models for child and adolescent data linkage in the UK: a review of existing and proposed methods' (2020) 23 BMJ Evidence-Based Mental Health
    DOI: 10.1136/ebmental-2019-300140
    Over the last decade dramatic advances have been made in both the technology and data available to better understand the multifactorial influences on child and adolescent health and development. This paper seeks to clarify methods that can be used to link information from health, education, social care and research datasets. Linking these different types of data can facilitate epidemiological research that investigates mental health from the population to the patient; enabling advanced analytics to better identify, conceptualise and address child and adolescent needs. The majority of adolescent mental health research is not able to maximise the full potential of data linkage, primarily due to four key challenges: confidentiality, sampling, matching and scalability. By presenting five existing and proposed models for linking adolescent data in relation to these challenges, this paper aims to facilitate the clinical benefits that will be derived from effective integration of available data in understanding, preventing and treating mental disorders.
  • J Bell , S Aidinlis, H Smith and M Mourby, 'Balancing Data Subjects’ Rights and Public Interest Research: Examining the Interplay between UK Law, EU Human Rights Law and the GDPR' (2019) 5 European Data Protection Law Review 43
    DOI: 10.21552/edpl/2019/1/8
    The EU General Data Protection Regulation (‘GDPR’) seeks to balance the public interest in research with privacy rights of individuals, in particular, through research exemptions and safeguards set out in Article 89. While this affords Member States limited opportunities to modify the application of the GDPR at a national level, including for data processing that is necessary for the performance of a task carried out in the public interest, it is necessary for national approaches to conform with Article 89 safeguards where appropriate. One development of interest to the research community in the UK is a statutory power for public authorities to disclose administrative data for research under the Digital Economy Act 2017 (DEA). This article uses the DEA as a case study for analysis of the GDPR provisions governing processing of data for research purposes—including de-identification—and draws on human rights norms and jurisprudence to interpret the broad requirement for ‘appropriate safeguards’ for the ‘rights and freedoms of the data subject’ under Article 89. This analysis is important for data controllers seeking to meet their obligations under the UK framework and for those in other EU Member States considering the development of similar national provisions for data processing for research purposes.
  • M Mourby, H Gowans, S Aidinlis and H Smith , 'GOVERNANCE OF ACADEMIC RESEARCH DATA UNDER THE GDPR— LESSONS FROM THE UK' (2019) 9 International Data Privacy Law 192
    DOI: 10.1093/idpl/ipz010
    The General Data Protection Regulation (GDPR) includes a new power for Member States to pass exemptions for the purpose of ‘academic expression’. This may appear to provide greater freedom to researchers working under the new EU data protection regime. Using the UK as a case study, however, it is evident that even a full exercise of the academic derogation is likely to be limited by the GDPR’s requirement of necessity, and by privacy rights wherever they are engaged. Ultimately, the GDPR provisions applicable to universities as public authorities are likely to have greater impact on academic data processing in public institutions; a shift which is not conducive to greater freedom in research data processing.
  • M Mourby, J Doidge , K Jones and S Aidinlis and others, 'Health Data Linkage for UK Public Interest Research: Key Obstacles and Solutions' (2019) 4 International Journal of Population Data Science 9
    Analysis of linked health data can generate important, even life-saving, insights into population health. Yet obstacles both legal and organisational in nature can impede this work. We focus on three UK infrastructures set up to link and share data for research: the Administrative Data Research Network, NHS Digital, and the Secure Anonymised Information Linkage Databank. Bringing an interdisciplinary perspective, we identify key issues underpinning their challenges and successes in linking health data for research. We identify examples of uncertainty surrounding legal powers to share and link data, and around data protection obligations, as well as systemic delays and historic public backlash. These issues require updated official guidance on the relevant law, approaches to linkage which are planned for impact and ongoing utility, greater transparency between data providers and researchers, and engagement with the patient population which is both high-profile and carefully considered. Health data linkage for research presents varied challenges, to which there can be no single solution. Our recommendations would require action from a number of data providers and regulators to be meaningfully advanced. This illustrates the scale and complexity of the challenge of health data linkage, in the UK and beyond: a challenge which our case studies suggest no single organisation can combat alone. Planned programmes of linkage are critical because they allow time for organisations to address these challenges without adversely affecting the feasibility of individual research projects.
  • J Bell, S Wallace, M Mourby and H Gowans, 'Lawful Disclosure of Administrative Data for Research Purposes in the UK' (2019) The Journal of Data Protection and Privacy
  • M Morrison, M Mourby, A Bartlett and E Bicudo , 'Reshaping the landscape of science and medicine' (2019) Science Impact Ltd
    DOI: 10.21820/23987073.2019.1.63
    Developments in biomedical innovation today can be seen in areas such as robotics, digital systems or new imaging techniques - and increasingly in areas marked by highly sophisticated forms of medical biology and biotechnology that involve altering 'natural' biological processes. Three key developments form the focus for this project: the arrival of 'gene-editing' whose goal is to understand and remove disease-related mutations, the creation of induced pluripotent stem cells that can be controlled to create different types of tissue for cell therapy, and the emergence of 3D printing of biological material which aims to create novel structures for bodily repair and renewal. These developments can all be described as 'biomodifying technologies', that is, those that modify living biological tissue in novel and increasingly patient-orientated and customised ways. Not only do these technologies challenge existing governance frameworks in terms of standards for safety, quality control, and traceability of biological materials, equally and perhaps more importantly, they are 'gateway' technologies with wide-ranging applications, significant commercial engagement and high levels of transferability, which open up far-reaching possibilities. We need to understand and anticipate such developments if we are to build an informed and constructively critical social science of biomedical innovation today. More broadly, this contributes towards the ESRC's core priority and delivery plan aim of supporting research that can promote economic growth and development, and to do so in a way that is based on robust, engaged social science that maps and analyses the implications of innovation. The project will use a mixed methods approach for UK fieldwork combining documentary analysis of various literatures, including the academic and grey literatures, with qualitative semi-structured interviews with a range of key stakeholders in each of the fields being studied. These include scientists working in academic laboratories, representatives of SMEs, patient groups, research agencies, regulators, and senior staff in important service organisations (e.g. biobanks). Secondary data from other European, US and East Asian sources will also be secured. The project will result in data, academic papers and policy reports that will offer the first comprehensive social science analysis of these major developments in biomedicine.
  • M Mourby, E Mackey, M Elliot and H Gowans and others, 'Are 'Pseudonymised' Data Always Personal Data? Implications of the GDPR for Administrative Data Research in the UK' (2018) 34 Computer Law & Security Review 222
    There has naturally been a good deal of discussion of the forthcoming General Data Protection Regulation. One issue of interest to all data controllers, and of particular concern for researchers, is whether the GDPR expands the scope of personal data through the introduction of the term ‘pseudonymisation’ in Article 4(5). If all data which have been ‘pseudonymised’ in the conventional sense of the word (e.g. key-coded) are to be treated as personal data, this would have serious implications for research. Administrative data research, which is carried out on data routinely collected and held by public authorities, would be particularly affected as the sharing of de-identified data could constitute the unconsented disclosure of identifiable information. Instead, however, we argue that the definition of pseudonymisation in Article 4(5) GDPR will not expand the category of personal data, and that there is no intention that it should do so. The definition of pseudonymisation under the GDPR is not intended to determine whether data are personal data; indeed it is clear that all data falling within this definition are personal data. Rather, it is Recital 26 and its requirement of a ‘means reasonably likely to be used’ which remains the relevant test as to whether data are personal. This leaves open the possibility that data which have been ‘pseudonymised’ in the conventional sense of key-coding can still be rendered anonymous. There may also be circumstances in which data which have undergone pseudonymisation within one organisation could be anonymous for a third party. We explain how, with reference to the data environment factors as set out in the UK Anonymisation Network's Anonymisation Decision-Making Framework.
  • M Mourby and H Smith , Engagement and Co-Design: Routes to Lawful Research?, paper presented at Administrative Data Research Conference
    The `deficit' model of engagement, which educates the public about research, has been subject to increasing criticism, as if people's attitudes arise from ignorance which should be corrected. Nevertheless, a number of attempts to understand public views on the use of Administrative Data for research have used informative models. We refer to the findings of an exploratory study of individual attitudes towards Administrative Data Research, which indicate that views and norms around ADR are incipient and ambivalent, especially when compared to perceptions of `conventional' medical research. We consider the legal obligations administrative data controllers have to shape reasonable expectations in light of this uncertainty. Engagement which informs the public about research does have value. It indicates what the attitudes of the public might be, were certain facts about research more commonly known, and thus underscores the importance of public information campaigns. However, this work cannot provide an accurate representation of public opinion as a whole in the absence of wider dissemination of information across society. There will inevitably be a number of facets to public engagement: information, representation and transparency. Each of these will correlate differently with data controllers' legal obligations, and it is essential to understand these connections.
  • M Mourby, S Aidinlis and H Smith , 'THE DATA PROTECTION BILL - VIRTUES OUT OF NECESSITY?' (2017) New Law Journal
    A number of claims have been made for the Data Protection Bill, as it serves a number of purposes—modernisation, ensuring data flows post-Brexit, and exercising derogations under the GDPR to create a more ‘nationalised’ law.

Research projects