Fundamental Rights, the Normative Keystone of DPIA

Biobank Oversight and Sanctions Under the General Data Protection Regulation

This contribution offers an insight into the function and problems of the oversight and sanctions mechanisms outlined in the General Data Protection Regulation as they relate to the biobanking context. These mechanisms might be considered as meta-mechanisms—mechanisms relating to, but not consisting of, substantive legal principles—functioning in tandem to ensure biobank compliance with data protection principles. Each of the mechanisms outlines, on paper at least, comprehensive and impressive compliance architecture—both expanding on their capacity in relation to Directive 95/46. Accordingly, each mechanism looks likely to have a significant and lasting impact on biobanks and biobanking. Despite this comprehensiveness, however, the mechanisms are not immune from critique. Problems appear regarding the standard of protection provided for research subject rights, regarding the disproportionate impact on legitimate interests tied up with the biobanking process—particularly genomic research interests—and regarding their practical implementability in biobanking.