Miranda is a Researcher in Law within the Centre for Health, Law and Emerging Technologies ('HeLEX'). Her work mostly focuses on privacy, confidentiality and data protection in health and life sciences research.
Her current work centres on the BioGOV project: mapping the laws, standards and policies which collectively regulate new ‘biomodifying’ technologies such as gene editing. This project is funded by the Leverhulme Trust to provide an evidence base for appropriate, flexible and socially responsive governance in the biotechnology sector. She also helps to lead a Legal and Ethical work package in the Horizon 2020 project EU-STANDS4PM, contributing to standards for in silico modelling within personalised medicine. She provides ongoing support to the DIabetes REsearCh on patient straTification (‘DIRECT’) consortium, and has done some consultancy work on Research Council projects.
She joined HeLEX in 2017, working as part of the Administrative Data Research Network. Prior to this she practised as a barrister, providing advice and representation to the NHS on a range of patient-related issues. Much of her legal work was in a mental health context, involving patients with fluctuating mental capacity. She retains a broader interest in healthcare law
- Data sharing has long been a cornerstone of healthcare and research and is only due to become more important with the rise of Big Data analytics and advanced therapies. Cell therapies, for example, rely not only on donated cells but also essentially on donated information to make them traceable. Despite the associated importance of concepts such as ‘donor anonymity’, the concept of anonymisation remains contentious. The Article 29 Working Party’s 2014 guidance on ‘Anonymisation Techniques’ has perhaps helped encourage a perception that anonymity is the result of data modification ‘techniques’, rather than a broader process involving management of information and context. In light of this enduring ambiguity, this article advocates a ‘relative’ understanding of anonymity and supports this interpretation with reference not only to the General Data Protection Regulation but also to European Union health-related legislation, which also alludes to the concept. Anonymity, I suggest, should be understood not as a ‘technique’ which removes the need for information governance but rather as a legal standard of reasonable risk-management, which can only be satisfied by effective data protection. As such, anonymity can be not so much an alternative to data protection as its mirror, requiring similar safeguards to maintain privacy and confidentiality.DOI: 10.1136/ebmental-2019-300140Over the last decade dramatic advances have been made in both the technology and data available to better understand the multifactorial influences on child and adolescent health and development. This paper seeks to clarify methods that can be used to link information from health, education, social care and research datasets. Linking these different types of data can facilitate epidemiological research that investigates mental health from the population to the patient; enabling advanced analytics to better identify, conceptualise and address child and adolescent needs. The majority of adolescent mental health research is not able to maximise the full potential of data linkage, primarily due to four key challenges: confidentiality, sampling, matching and scalability. By presenting five existing and proposed models for linking adolescent data in relation to these challenges, this paper aims to facilitate the clinical benefits that will be derived from effective integration of available data in understanding, preventing and treating mental disorders.DOI: https://doi.org/10.1038/s41431-020-0607-ySomatic gene therapies may be authorised for marketing in the EU under the advanced therapy medicinal product regulation. These therapeutic compounds are sufficiently novel and complex in their potential effects to require specialist evaluation. However, the current definition of gene therapy medicinal products (‘GTMP’) risks excluding molecules which are not manufactured through techniques involving recombination. We consider the way, in which the ‘recombinant nucleic acid’ aspect of the GTMP definition is challenged by developments in gene-editing technology, and why a broader scope of GTMP regulation may be desirable.DOI: 10.1093/idpl/ipz010The General Data Protection Regulation (GDPR) includes a new power for Member States to pass exemptions for the purpose of ‘academic expression’. This may appear to provide greater freedom to researchers working under the new EU data protection regime. Using the UK as a case study, however, it is evident that even a full exercise of the academic derogation is likely to be limited by the GDPR’s requirement of necessity, and by privacy rights wherever they are engaged. Ultimately, the GDPR provisions applicable to universities as public authorities are likely to have greater impact on academic data processing in public institutions; a shift which is not conducive to greater freedom in research data processing.DOI: 10.21552/edpl/2019/1/8DOI: 10.21820/23987073.2019.1.63DOI: https://doi.org/10.23889/ijpds.v4i1.1093Analysis of linked health data can generate important, even life-saving, insights into population health. Yet obstacles both legal and organisational in nature can impede this work. We focus on three UK infrastructures set up to link and share data for research: the Administrative Data Research Network, NHS Digital, and the Secure Anonymised Information Linkage Databank. Bringing an interdisciplinary perspective, we identify key issues underpinning their challenges and successes in linking health data for research. We identify examples of uncertainty surrounding legal powers to share and link data, and around data protection obligations, as well as systemic delays and historic public backlash. These issues require updated official guidance on the relevant law, approaches to linkage which are planned for impact and ongoing utility, greater transparency between data providers and researchers, and engagement with the patient population which is both high-profile and carefully considered. Health data linkage for research presents varied challenges, to which there can be no single solution. Our recommendations would require action from a number of data providers and regulators to be meaningfully advanced. This illustrates the scale and complexity of the challenge of health data linkage, in the UK and beyond: a challenge which our case studies suggest no single organisation can combat alone. Planned programmes of linkage are critical because they allow time for organisations to address these challenges without adversely affecting the feasibility of individual research projects.DOI: 10.21820/23987073.2019.1.63Developments in biomedical innovation today can be seen in areas such as robotics, digital systems or new imaging techniques - and increasingly in areas marked by highly sophisticated forms of medical biology and biotechnology that involve altering 'natural' biological processes. Three key developments form the focus for this project: the arrival of 'gene-editing' whose goal is to understand and remove disease-related mutations, the creation of induced pluripotent stem cells that can be controlled to create different types of tissue for cell therapy, and the emergence of 3D printing of biological material which aims to create novel structures for bodily repair and renewal. These developments can all be described as 'biomodifying technologies', that is, those that modify living biological tissue in novel and increasingly patient-orientated and customised ways. Not only do these technologies challenge existing governance frameworks in terms of standards for safety, quality control, and traceability of biological materials, equally and perhaps more importantly, they are 'gateway' technologies with wide-ranging applications, significant commercial engagement and high levels of transferability, which open up far-reaching possibilities. We need to understand and anticipate such developments if we are to build an informed and constructively critical social science of biomedical innovation today. More broadly, this contributes towards the ESRC's core priority and delivery plan aim of supporting research that can promote economic growth and development, and to do so in a way that is based on robust, engaged social science that maps and analyses the implications of innovation. The project will use a mixed methods approach for UK fieldwork combining documentary analysis of various literatures, including the academic and grey literatures, with qualitative semi-structured interviews with a range of key stakeholders in each of the fields being studied. These include scientists working in academic laboratories, representatives of SMEs, patient groups, research agencies, regulators, and senior staff in important service organisations (e.g. biobanks). Secondary data from other European, US and East Asian sources will also be secured. The project will result in data, academic papers and policy reports that will offer the first comprehensive social science analysis of these major developments in biomedicine.DOI: https://doi.org/10.1016/j.clsr.2018.01.002There has naturally been a good deal of discussion of the forthcoming General Data Protection Regulation. One issue of interest to all data controllers, and of particular concern for researchers, is whether the GDPR expands the scope of personal data through the introduction of the term ‘pseudonymisation’ in Article 4(5). If all data which have been ‘pseudonymised’ in the conventional sense of the word (e.g. key-coded) are to be treated as personal data, this would have serious implications for research. Administrative data research, which is carried out on data routinely collected and held by public authorities, would be particularly affected as the sharing of de-identified data could constitute the unconsented disclosure of identifiable information. Instead, however, we argue that the definition of pseudonymisation in Article 4(5) GDPR will not expand the category of personal data, and that there is no intention that it should do so. The definition of pseudonymisation under the GDPR is not intended to determine whether data are personal data; indeed it is clear that all data falling within this definition are personal data. Rather, it is Recital 26 and its requirement of a ‘means reasonably likely to be used’ which remains the relevant test as to whether data are personal. This leaves open the possibility that data which have been ‘pseudonymised’ in the conventional sense of key-coding can still be rendered anonymous. There may also be circumstances in which data which have undergone pseudonymisation within one organisation could be anonymous for a third party. We explain how, with reference to the data environment factors as set out in the UK Anonymisation Network's Anonymisation Decision-Making Framework.DOI: https://doi.org/10.23889/ijpds.v3i2.516The `deficit' model of engagement, which educates the public about research, has been subject to increasing criticism, as if people's attitudes arise from ignorance which should be corrected. Nevertheless, a number of attempts to understand public views on the use of Administrative Data for research have used informative models. We refer to the findings of an exploratory study of individual attitudes towards Administrative Data Research, which indicate that views and norms around ADR are incipient and ambivalent, especially when compared to perceptions of `conventional' medical research. We consider the legal obligations administrative data controllers have to shape reasonable expectations in light of this uncertainty. Engagement which informs the public about research does have value. It indicates what the attitudes of the public might be, were certain facts about research more commonly known, and thus underscores the importance of public information campaigns. However, this work cannot provide an accurate representation of public opinion as a whole in the absence of wider dissemination of information across society. There will inevitably be a number of facets to public engagement: information, representation and transparency. Each of these will correlate differently with data controllers' legal obligations, and it is essential to understand these connections.A number of claims have been made for the Data Protection Bill, as it serves a number of purposes—modernisation, ensuring data flows post-Brexit, and exercising derogations under the GDPR to create a more ‘nationalised’ law.