Abstract
This chapter describes the Finnish regulatory landscape concerning primarily non-interventional biomedical research and in particular the rights of study subjects from the data protection point of view. The GDPR is just one of many pieces of legislation affecting the rights of individuals, and it allows for significant variation between the EU Member States. Finnish law relating to biomedical research has materially changed in recent years and some changes are still pending. Overall, the legislator has aimed at enhancing opportunities for responsible research and enabling research-related innovation ecosystems, but also implemented quite strict limitations for data processing in balance. It is yet too early to evaluate the effects of the legislatory changes. The chapter is therefore mainly descriptive.
You have full access to this open access chapter, Download chapter PDF
Similar content being viewed by others
1 Introduction
Finland has several advantages over others in relation to biomedical research, such as nationwide tissue sample collections, primarily public health care with electronic health records and other national registers accessible for research, and the national identification number by which it is possible to link information from different sources. The Finnish genome is particularly interesting for research because of the population bottleneck.Footnote 1 The Finnish people are generally positive towards research,Footnote 2 and the legislation provides the required structure to enable it. In recent years, Finland has materially renewed its legislation concerning biomedical research and this work is still ongoing. A central piece of new legislation is the Biobank Act, which became effective in September 2013 but is now subject to change, partly due to the GDPR. The new Data Protection Act, which complements the GDPR, entered into force in January 2019. The most recent addition is the Act on the Secondary Use of Social and Health Care Data, gradually becoming effective from May 2019.Footnote 3 Data protection and data security have been central themes in the legislative process and as a result the law has in some parts become quite restrictive, while at the same time creating new opportunities. The balance of the legislative measures and different rights and freedoms and the actual effects of legislation warrant keen monitoring.
2 Biobank Infrastructure and Regulatory Environment
2.1 Biobank Infrastructure
In June 2020, Finland has eleven registered biobanks. The term biobank in this context refers only to sample and data collections regulated under the Finnish Biobank Act.Footnote 4 Seven biobanks are hospital based, six of these are operated by public hospital districts and one by a private health care provider. The Finnish National Institute of Health and Welfare (THL) and the University of Oulu operate biobanks for collections accumulated in cohort studies. The Finnish Red Cross operates two biobanks, the blood service biobank and the haematological biobank. The biobanks control the research use of millions of samples primarily taken for diagnostic or research purposes, as well as associated data.Footnote 5 They also collect samples and data particularly so that the biobanks can be provided to researchers. The public hospital biobanks have large collections, collected especially from secondary and tertiary care patients, while the private hospital serves several hundred thousand occupational health clients with their particular patient profiles and obtains samples from them, among others. THL and the University of Oulu have high quality cohort collections and the Red Cross provides access to blood donor material and hosts a haematological diseases specialised sample collection together with detailed patient data.
The Biobank Act enables research use of samples and/or associated data without the need to (re)consent for each research project. The large numbers of Finnish biobank samples can be enriched with associated longitudinal patient and other data, including diagnosis, laboratory values, imaging data and medication details, for example. More and more genomic data is accumulating and can also be obtained at request from the samples.Footnote 6 The public biobank operators have established the Finnish Biobank Cooperative (FINBB) for national coordination and centralised access to the Finnish collections.Footnote 7
In addition to the registered biobanks established to support research, there are numerous sample and data collections not referred to as biobanks. Also from some of them it is possible to obtain material for research under other legislation than the Biobank Act. These additional collections include, for example, health care sample archives not included within the current biobanks and collections assembled in individual research projects. With regard to data, there are several health and social care registers from which data is available for scientific research on application.
2.2 An Overview of the Legal Framework
The essential legislation controlling biobanks and access to samples and/or data in Finland are the GDPR, the Biobank Act, the Data Protection Act,Footnote 8 the Act on the Secondary Use of Social and Health Care Data (Secondary Use Act),Footnote 9 and the Act on the Medical Use of Human Organs, Tissues and Cells.Footnote 10 Interventional research is governed primarily by the Medical Research Act,Footnote 11 which is pending changes due to the EU Clinical Trials RegulationFootnote 12 and the EU Regulations on Medical Devices,Footnote 13 with a new Act on clinical trials in draft. Other relevant legislation includes the Act on the Status and Rights of PatientsFootnote 14 and the Act on the Openness of Government Activities.Footnote 15 Table 1 sketches an overview of what the national acts govern, but it is to be noted that several of the acts can become applicable in the same study, for example, a pharmaceutical trial where potential participants are screened based on biobank samples and data.
The Finnish Medicines Agency FIMEAFootnote 16 is responsible for administering the national biobank register and for supervising and monitoring biobanks under the Biobank Act. It has powers to remove biobanks from the register, which effectively means revoking their licence to operate, and to overrule individual decisions made by the biobank operators. In addition, the national data protection authority, the Office of the Data Protection Ombudsman, has the rights provided under the data protection regime in relation to personal data processing.
There are two initiatives for new legislation in preparation which could materially affect access to samples and data for research:
-
1.
A new Biobank Act is in drafting to replace the existing one. It is expected to update the legal bases of personal data handling. Access to data may in part be moved under the Secondary Use Act.
-
2.
A Genome Act is in drafting. The draft includes requirements for health care providers and biobanks to store genomic data in a genome centre, which will be a new expert organisation and public authority established within the THL.
2.3 Legal Foundation for Processing Personal Data in Biobanks and Biobank Research
The current Biobank Act relies on two mechanisms for bringing samples and associated data to biobanks: a broad biobank consent (Section 11) and, as an alternative for older diagnostic or research collections, a personal or public notification process with an opt-out possibility (Section 13). Data related to the collected or transferred samples can also be stored in the biobank (Section 14).Footnote 17 The Biobank Act gives biobanks the right to maintain records on the samples and related information, including personal data (Sections 20–23). Once legally obtained, the biobank operator can provide access to the collections for research projects within the scope regulated by the Biobank Act, which is research utilising the biobank samples or data for the purposes of promoting health, understanding the mechanisms of disease or developing products and treatment practices used in health and medical care. Research can be academia- or industry-driven. Scientists can obtain additional data from other registers where necessary for their scientific research project, for example, socio-economic data or reimbursement data on prescribed medicines from the Social Insurance Institution of Finland (KELA).
Access to biobank samples or data is always based on a case by case decision for each research project in accordance with Sections 26 and 27 of the Biobank Act. The research proposal must correspond to the biobank’s registered research area. The proposal must also meet all legal requirements for the type of research in question and the criteria and conditions established for sample processing, some of which may also be set by the biobank. The recipient personnel must hold appropriate professional and academic qualifications for processing the samples and information, and access must be related to their occupational duties. A material transfer agreement must be concluded between the biobank and the recipient, including also an obligation to make research results public.
To obtain access, in accordance with Section 27 the applicant must provide a research plan, an ethical evaluation and an account of the planned processing. The biobank may reject access (only) if justified based on (1) the biobank’s research area and other criteria for access, (2) the need to secure intellectual property rights related to earlier research to complete ongoing research projects or to preserve the samples or collecting samples, (3) reasons pertaining to data protection, or (4) reasons pertaining to research ethics.
In the area of processing personal data for scientific research, Finnish law enables other available legal bases, not just consent, and in particular makes use of GDPR Article 6.1 subparagraph e and the Article 9.2 subparagraphs i and j. This is expected to extend to interventional studies where traditionally consent has been the legal basis for processing, together with consent for physical or psychological intervention.Footnote 18 This direction seems warranted as GDPR-governed consent increasingly seems like an unstable and in many circumstances unattainable premise for processing personal data in research, considering especially the right to withdraw at any time, which potentially greatly affects the research project and the validity of its results, and the demands for circumstances in which a valid consent can be obtained.Footnote 19
3 Individual Rights and Safeguards Related to Data Protection
Individuals have rights and safeguards under the GDPR as well as under national law, which in part also provides limitations to the rights established in the GDPR. Scientific research has a special status in the GDPR and nationally. In Finland, biobanking itself is not considered to be within the scientific research provisions, such as those in the GDPR Article 89, but scientific research based on biobank material naturally is.
The Biobank Act Section 39 stipulates that everyone has the right to request and receive information from the biobank on:
-
(i)
whether or not samples concerning them are being stored in a biobank,
-
(ii)
the criteria based upon which the samples are stored (meaning consent or the personal or public announcement process with an opt-out possibility),
-
(iii)
the source of data concerning them, and
-
(iv)
the recipients who have obtained samples taken from them and of the associated data.
In addition, Section 39 provides sample donors the right to, at their request, receive health-related information determined from their sample. When the biobank provides this information, it must also provide an opportunity to the donors to receive an account of the significance of the information. The biobank can charge an at-cost fee for providing this account.
In addition to the rights provided in the Biobank Act, the data subjects’ rights under the GDPR will apply, for example, the right to obtain a copy of all of their personal data. However, the Data Protection Act Section 34 provides some exemptions to this right. This allows the data controller to withhold data, for example, if providing the data could seriously endanger the health of the data subject or his or her care or the rights of the data subject or some other party.Footnote 20
The GDPR rights of rectification (Article 16), to data erasure (right to be forgotten, Article 17) and to restrict (Article 18) and object to processing (Article 21) will also remain more or less intact concerning processing within biobanks, but under the Data Protection Act they can be derogated from for scientific research, as will be discussed further on. The Biobank Act Section 12 states that the biobank consent can at any time be withdrawn, changed or restricted. However, data sets already formed for a particular research project and information contained within research results may continue to be used for the purposes of biobank research in accordance with the Act. In practice, any data set formed but not provided to researchers would be modified to remove data from any person withdrawing their consent. However, it may not always be possible to do the same for data sets already provided or used for research and there are legal bases for continued processing, such as scientific research in the public interest under the GDPR and the Data Protection Act.
The right to data portability (GDPR Article 20) may apply to at least some of the data stored in the biobanks, namely the data provided by the data subjects themselves under consent, if any. The extent of what should be considered data provided by the data subjects themselves is not entirely clear.Footnote 21
With regard to decision-making concerning the data subject, including also any automated decision-making (GDPR Article 22), the Biobank Act Section 19 states that access to biobank samples or data may not be granted, and that they may not be used, for the purpose of criminal investigations or in administrative or any other decision-making concerning the sample donor. The section also specifically bans use for the purposes of determining the person’s ability to work and any decision-making of credit and insurance institutions.
As for safeguards, in accordance with the Biobank Act Section 16 the biobank samples and data must be pseudonymised by a code replacing direct identifiers, and the code key must be stored separately. There are also requirements for biobank information systems, which must be safe and enable verification of any re-identification event. When samples or data are provided to research projects, they must normally be coded again with a secondary, project specific code. The biobank may exceptionally provide identifiable material if, for example, this is necessary to link additional data from outside of the biobank to the sample donor material. In this case, the data controller who obtains the identifiable material must pseudonymise the combined material with a code provided by the biobank before providing (or using) it for the research project.
Accordingly, researchers who receive material from biobanks will in most cases not have access to any identifying information so although the data could still include personal data, the exemptions under GDPR Article 11 apply. In addition, the Finnish Data Protection Act provides for exceptions to the data subject rights in scientific research in accordance with GDPR Article 89. Under Section 31 of the Data Protection Act, GDPR Articles 15, 16, 18 and 21 can be derogated from if needed provided that 1. processing is based on an appropriate research plan, 2. a particular person or group is responsible for the research, and 3. personal data are handled and transferred only for historical or scientific research or other compatible purposes and unauthorised disclosures are prevented. If processing involves health data or other special category data or GDPR Article 10 data, then as an additional safety measure the researchers must either 1. perform a GDPR Article 35 compliant data processing impact assessment, which is then to be provided to the data protection ombudsman prior to processing, or 2. comply with GDPR Article 40 compliant code of conduct, which appropriately takes into account the derogations from data subject rights.
The new Secondary Use Act is not applied to biobank (samples or) data.Footnote 22 However, the Secondary Use Act will govern access to many types of information often combined with biobank samples and data, like additional clinical data or data on pharmaceutical prescriptions and use. When these data are required from one public social or health care service provider (and data controller), that service provider will decide over permissions to the data. When data are required from more than one public social or health care service provider, or from any private social or health care service provider, the new public administrative authority Findata will act as a centralised permissions office for an access request.Footnote 23 Findata will also collect and combine data from the original registers and provide the combined data set to the researchers.Footnote 24 Subject to the Secondary Use Act, the data will be available for researchers only within Findata’s secure processing environment, or exceptionally at Findata’s permission another secure processing environment certified by an approved certification agency unless the data are aggregated statistics to ensure their anonymity—a limitation which may prove challenging in some research projects.Footnote 25 The data processing environment requirement also seems to mean that any data to be combined and analysed together with the data made available under the Secondary Use Act will need to be brought into that environment.Footnote 26 Another new requirement is that Findata will have control over the publication of results obtained based on the register data to ensure their anonymity. It can either anonymise the results itself or leave this to be done by the researchers, in which case the researchers must provide their anonymised results to the authority afterwards.Footnote 27
4 Law in Context: Individual Rights and Public Interest
The Biobank Act increased the transparency of use of tissue and data for research and introduced new informational rights to sample donors.Footnote 28 The system is based on consent and an alternative opt-out mechanism with information made individually or publicly available. With the strict requirements for obtaining a valid consent, and potentially also the restrictions to how broad the consent for data processing can be, consent will become less useful as a legal basis for biobanks and research related purposes in general. This could appear to be against basic medical research ethics requirements but processing based on the law properly enacted, with transparency and real possibilities to influence, should not be ethically questionable and it does not affect the need to obtain consent for interventions. It is expected that in the new Biobank Act the legal bases for biobank activities will be processing in substantial public interest in accordance with GDPR Articles 6(1)(e) and 9(2)(g). Interventions to obtain samples would still require consent but this would not extend to data processing. This may somewhat reduce sample donor control in comparison to the current situation where processing is at least in part based on a broad biobank consent, but with the consent for interventions, safeguards and other data subject rights, the various rights and interests seem balanced.
The measures adopted in the new Secondary Use Act to protect the data extend beyond the GDPR requirements and contradict its objective to enable the free movement of data in Europe. Limitations related to the publication of results interfere with the autonomy and freedom of science protected under Section 16 of the Constitution of Finland and Article 10 of the EU Charter of Fundamental Rights and may raise concerns about appropriate reporting of scientific findings. Impacts of the Act will in practice depend largely on the resources, efficiency and mindset of the new permissions authority Findata. It is hoped major improvements will arise from the Act based on the new centralised permissions and data collection process, the new requirements for social and health care service providers to have their data available and also from new supporting services. Data from different social and health care registers were available for researchers before this Act but often access was decided by several different data controllers and their decisions on the same research proposal could vary. The application processes could also be prohibitively long and there were not always sufficient services with which to actually compile the data from the many information systems of the data controllers.
Individual rights and public interests are sometimes seen as opposites but these tensions can be exaggerated. Firstly, biobanking or research can often be both in the public and in the private interest. A biobank sample may prove valuable for a person’s health care later in life or an incidental finding from research may provide important, actionable information. It could even be perceived as a patient right to be able to participate in biobanking and research. Secondly, research itself is typically not directed at individuals but at statistical, generalizable phenomena. In many cases research is performed without any need, right or reasonable chance to access identifiers and without the right to use the data to affect the data subjects. Few seem to have major concerns over blood donations for health care purposes, even though it also requires precise health information on the donor, and biobanking has several parallels to it. Some of the perceived tensions could be caused by obscurity which may relate to the origin of or rationale for the right to the protection of personal data and to seeing this right as one form of property right. But data are not owned, and where there are rights then those rights may be spread between various persons and over each copy of each datum, making personal control an illusion.Footnote 29
5 GDPR Impact and Future Possibilities for Biobanking
The GDPR seems to have brought about a move from consent as a legal basis of processing towards processing legitimised by the law as serving a public interest. This may be beneficial for research and clarify the legality of research projects. However, consent is still a possible basis for processing, and where it is used the GDPR Recital 33 recognises a ‘broad consent’ and this may expand current national interpretations of the borders of the consent when all information about the research is not available at the time of consenting. The GDPR Recital 159 on the other hand may expand the current national interpretation of what is considered scientific research, clearly including also technological development, and demonstration and applied research, not just academic fundamental research, for example. Consent could also be used as a form of safeguard, even if not a legal basis, though this might be confusing to the data subjects (and the controllers).
In general, the GDPR may bring better practices to data protection in research, although in health research awareness has probably been on a high level for some time because of the confidential nature of health data and the research often being pursued by health care professionals. The heightened awareness of data protection issues and uncertainty on how best to comply may have led to unnecessarily excessive measures to protect data, for example, in the case of the Secondary Use Act. The GDPR continues to recognise scientific research as a special processing purpose, even if not in itself a legal basis for research, and to further clarify what should be considered scientific. However, the GDPR fails to support the European research area by properly harmonising data protection rules. All central provisions from legal bases to data subject rights can be affected by national legislation or the lack of it, especially so in the field of scientific research, which makes cross-border collaboration challenging. The data protection regime continues to be a complex combination of EU and national rules, and understanding the rights and requirements continues to be a challenge for authorities, controllers, processors and data subjects alike.
6 Conclusions
Finland continues to develop its comprehensive legislatory environment for biobanks and research use of tissue and data in a complex European and international setting. It has made use of the GDPR Article 89 to enable derogation from some data subject rights for scientific research but also implemented strict safeguards extending even over non-personal data. While the aims are to enable and facilitate, new types of restrictions have also been enacted, some beyond the requirements of the GDPR and even contrary to its objective to enable the free movement of data. The eventual success and the effects of the new legislation on research and innovation as well as on the rights and freedoms of data subjects should be monitored carefully. However, with its biobanks and other research infrastructures, new legislation, new support services and continuously improving information systems, Finland is well positioned to support and deliver efficient, legal, ethical and high quality research. An area perhaps requiring more careful attention is proper international regulatory alignment.
Notes
- 1.
See, for example, Kääriäinen et al. (2017).
- 2.
For a critical review, see Snell and Tarkkala (2019).
- 3.
See, for example, Southerington et al. (2019).
- 4.
Code 688/2012.Unofficial translation available at www.finlex.fi/fi/laki/kaannokset/2012/en20120688_20120688.pdf.
- 5.
The biobank register is available at www.valvira.fi/terveydenhuolto/toimintaluvat/biopankit. See also www.biopankki.fi/en/finnish-biobanks/ for information on each biobank.
- 6.
A large amount of genomic data from biobanks samples has accumulated, for example, in the FinnGen study (www.finngen.fi/en) and has been made available for further studies. See, for example, Palotie (2018).
- 7.
- 8.
Code 1050/2018. www.finlex.fi/fi/laki/alkup/2018/20181050.
- 9.
Code 552/2019. www.finlex.fi/fi/laki/alkup/2019/20190552.
- 10.
Code 191/2001. Unofficial translation available at www.finlex.fi/fi/laki/kaannokset/2001/en20010101_20130277.pdf.
- 11.
Code 488/1999. Unofficial translation available at www.finlex.fi/en/laki/kaannokset/1999/en19990488.pdf.
- 12.
Regulation 2014/536. eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32014R0536.
- 13.
Regulations 2017/745 and 2017/746. eur-lex.europa.eu/legal-content/EN/TXT/?qid=1559211487967&uri=CELEX:32017R0745 and eur-lex.europa.eu/legal-content/EN/TXT/?qid=1559211487967&uri=CELEX:32017R0746.
- 14.
Code 785/1999. Unofficial translation available at www.finlex.fi/en/laki/kaannokset/1992/en19920785_20120690.pdf.
- 15.
Code 612/1999. Unofficial translation available at www.finlex.fi/en/laki/kaannokset/1999/en19990621.pdf.
- 16.
- 17.
Based on guidance from the supervisory authority Valvira and the data protection ombudsman (available at www.valvira.fi/terveydenhuolto/toimintaluvat/biopankit), this data can include generic information on the sample donor (like identification data, dates of birth and death, cause of death), information related to the sample (like type, date stamps, diagnostic information, DNA analyses, etc.), health information closely related to the sample donor (relevant diagnoses, medication, treatments obtained etc.) and research results related to the sample (results from research to which samples were provided). Based on this, biobanks have accumulated fairly broad clinical data collections from which they can provide data with (or even without) samples for research. Based on discussions with the Ministry of Social Affairs and Health, this may change with the new biobank act. Decisions concerning the majority of the data would be taken in accordance with the Secondary Use Act instead of the Biobank Act.
- 18.
For appropriate legal bases in clinical trials, see the EU Commissions Question and Answers on the interplay between the Clinical Trials Regulation and the GDPR, ec.europa.eu/health/sites/health/files/files/documents/qa_clinicaltrials_gdpr_en.pdf.
- 19.
See Guidelines on Consent under Regulation 2016/679 (wp259rev.01), endorsed by the European Data Protection Board. Basing data processing on the law rather than consent seems unproblematic and warranted from the legal point of view, but for those emphasising data subject control or the so-called right of informational self-determination, a concept introduced by the German Bundesverfassungsgericht in 1983, the strict limitations for the possibilities to validly consent, which make it necessary to restrict, even exclude, self-determination by law to enable necessary processing, may seem less desirable. For an overview of the 1983 decision and the newly invented right, see, for example, Hornung and Schnabel (2009).
- 20.
The Data Protection Act makes use of the possibility provided in the GDPR article 23 to nationally derogate from any of the GDPR articles on data subject rights.
- 21.
See, for example, Chassang et al. (2018).
- 22.
This is actually not evident from the Act itself but based on discussions with officials at the Ministry of Social Affairs of Health who plan to clarify this in the renewed Biobank Act being drafted. The scope of the Secondary Use Act is defined by different sections of the Secondary Use Act, in particular Section 2 ‘Scope’ referring to Sections 1 ‘Objectives’, 6 ‘Authorities and organisations responsible for services and data collection limitations’ and 7 ‘Exceptions concerning statistics authorities’. In addition to what can be deduced from these sections, the Act governs access to private health and social care providers’ personal data records for secondary purposes (see Sections 35 and 44 in particular).
- 23.
See Section 44 for division of powers.
- 24.
Section 5 and 14.
- 25.
Consider for example EU or multinational research projects which would like to control and analyse their data combined from different countries.
- 26.
Some requirements for the secure environments are described in sections 17–24. The Act places major expectations for the secure data environments, which will need to be able to facilitate research on any kind of data in many different formats, medical imaging formats, text, video, audio, genomic data formats, etc., combine them from various sources, include the required analytics tools and provide a user-friendly remote access interface.
- 27.
Section 52. Data protection and security concerns were considered so critical that the centralised permissions authority was given exclusivity over anonymisation of data. Anonymised data were considered as data with residual risk of re-identification as opposed to aggregated statistics, also exclusively produced by the permissions authority and presumed absolutely anonymous. Despite the centralised anonymisation to ensure adequate anonymity, even anonymised data obtained under this Act cannot be handled freely but only in certified secure environments and only aggregated statistics can be handled elsewhere (even though in reality also statistics can reveal information about identifiable persons when complemented with other data). The concern over publications arose fairly late in the process and the argumentation for increased control was that even when the research data are well secured, publication of the results could reveal identifiable data. This was apparently considered an unbearable risk that needed to be avoided, although there is evidence that when discussing the act in session, the parliament or at least some of the MPs did not actually realise that the restrictions to the right to publish scientific results were actually included in the final proposal they decided on—See MP Puska’s statement from March 6th 2019 plenary session, www.eduskunta.fi/FI/vaski/Puheenvuoro/Sivut/PUH_171+2018+5+1+1.aspx. For the travaux preparatoires and expert opinions collected during the parliamentary process, see www.eduskunta.fi/FI/vaski/KasittelytiedotValtiopaivaasia/Sivut/HE_159+2017.aspx.
All in all, the parliament seems to have aimed at absolute universal anonymity, going far beyond the requirements of the GDPR for data not to be considered as personal data and discarded considerations for balance between fundamental rights. This could present a major threat to the freedom and autonomy of science and also for other justified uses of social and health care data. For example, there is probably no way of irrevocably, universally anonymising X-ray (or similar) images so that no-one, in no circumstances, could even in theory identify anyone from them. Yet sharing this kind of data is customary, necessary and presumably in most cases of little or no actual risk to anyone’s rights or freedoms, or at least represents a good balance between different rights and interests.
- 28.
- 29.
Expanding on these themes is beyond the scope of this book. Cf. Koops (2014) who states that the aim to give individuals control over personal data is a delusional fallacy.
References
Chassang G, Southerington T, Tzortzatou O, Boeckhout M, Slokenberga S (2018) Data portability in health research and biobanking: legal benchmarks for appropriate implementation. Eur Data Protect Law Rev 4(3):296–307
Forsberg J (2013) Finsk biobankslag till fördel för alla. Uppsala Universitet
Hornung G, Schnabel C (2009) Data protection in Germany I: the population census decision and the right to informational self-determination. Comput Law Secur Rev 25(1):84–88
Kääriäinen H, Muilu J, Perola M, Kristiansson K (2017) Genetics in an isolated population like Finland: a different basis for genomic medicine? J Community Genet 8(4):319–326, Published online 2017 Jul 20. https://doi.org/10.1007/s12687-017-0318-4
Koops B-J (2014) The trouble with European data protection law. Int Data Priv Law 4(4):250–261
Palotie A (2018) FinnGen-tutkimus luo perustaa genomitiedon hyödyntämiseksi terveydenhuollossa: Lähes joka kymmenes suomalainen osallistuu. Duodecim 134(16):1545–1547
Snell K, Tarkkala H (2019) Questioning the rhetoric of a ‘willing population’ in Finnish biobanking. Life Sci Soc Policy 15:4. https://doi.org/10.1186/s40504-019-0094-5
Soini S (2013) Finland on a road towards a modern legal biobanking infrastructure. Eur J Health Law 20(3):289–294
Southerington T, Vainio S, Pitkäranta A (2019) Biopankkilainsäädännön muuttuva kenttä: uhkat ja mahdollisuudet. Duodecim 135(10):973–974
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, duplication, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, a link is provided to the Creative Commons license and any changes made are indicated.
The images or other third party material in this chapter are included in the work’s Creative Commons license, unless indicated otherwise in the credit line; if such material is not included in the work’s Creative Commons license and the respective action is not permitted by statutory regulation, users will need to obtain permission from the license holder to duplicate, adapt or reproduce the material.
Copyright information
© 2021 The Author(s)
About this chapter
Cite this chapter
Southerington, T. (2021). Access to Biomedical Research Material and the Right to Data Protection in Finland. In: Slokenberga, S., Tzortzatou, O., Reichel, J. (eds) GDPR and Biobanking. Law, Governance and Technology Series, vol 43. Springer, Cham. https://doi.org/10.1007/978-3-030-49388-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-49388-2_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-49387-5
Online ISBN: 978-3-030-49388-2
eBook Packages: Law and CriminologyLaw and Criminology (R0)