The European Medicines Agency (“EMA”) recently set up a task force, along with the national competent authorities in the EEA, to analyze how medicines regulators in the EEA can use big data to better develop medicines for humans and animals. This follows a workshop in November last year to identify opportunities for big data in medicines development and regulation, and to address the challenges of their exploitation. “Big data” in the healthcare sector is the sum of many parts, which include the records of a multitude of patients, clinical trial data, adverse reaction reports, social media commentary and app records. Several projects have been set up across the EU to aggregate and analyze such data, which are explored by the European Commission in its December 2016 Study on Big Data in Public Health, Telemedicine and Healthcare. The EMA has recognized that “the vast volume of data has the potential to contribute significantly to the way the benefits and risks of medicines are assessed over their entire lifecycle.”

So who will make up the new EMA task force and what are its objectives?

The task force comprises staff from several medicine regulatory agencies in the EEA and will be chaired by the Danish Medicines Agency. It’s first actions will be carried out over the next 18 months and they include:

  • Mapping sources and characteristics of big data.
  • Exploring the potential applicability and impact of big data on medicines regulation.
  • Developing recommendations on necessary changes to legislation, regulatory guidelines or data security provisions.
  • Creating a roadmap for the development of big data capabilities for the evaluation of applications for marketing authorizations or clinical trials in the national competent authorities.
  • Collaborating with other regulatory authorities and partners outside the EEA to consider their insights on big data initiatives. News of the task force comes on the back of the update that the UK data protection regulator, the Information Commissioner’s Office (“ICO”), made to its 2014 publication on big data, artificial intelligence, machine learning and data protection, early last month. The publication pulls out the distinctive considerations of the use of big data from a data protection perspective. Such considerations can include whether the collection of personal data goes above and beyond what is needed for specific processing activities, whether processing activities are made clear to individuals, and how new types of data can be used. In light of the increasingly imminent General Data Protection Regulation, as discussed in our previous post, the ICO includes practical guidance for organizations to process big data in a way that is compliant with the new rules. Healthcare and other organizations looking to process big data will need to ensure that they carry out suitable privacy impact assessments and implement a range of protective measures, such as auditable machine learning algorithms, anonymization and comprehensive privacy policies. Guidance on profiling is also likely to follow

We’ll be keeping an eye on the work of the new task force, as well as any further practical guidance that comes from data protection regulatory agencies. It is clear that organizations will need to get the balance right between potentially hugely speeding up research and innovation by using big data, and adhering to the regulatory obligations that are attached.