P. 1
The Regulation of Privacy and Data Protection in the Use of Electronic Health Information

The Regulation of Privacy and Data Protection in the Use of Electronic Health Information

|Views: 115|Likes:
Published by rodrigur8036

More info:

Categories:Types, Reviews, Book
Published by: rodrigur8036 on Dec 03, 2012
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Section 72 of the Constitution of Iceland states: “The dwelling

shall be inviolable. House searching, seizure, and examination of letters
and other papers as well as any breach of the secrecy to be observed in
postal, telegraph, and telephone matters shall take place only under a
judicial order unless particular exception is warranted by Statute [166].

The Act on Protection of Individuals with regard to the
Processing of Personal Data regulates the processing of personal

Review of Regulatory Responses: National Initiatives in
European Countries Not Members of the European Union


information for government agencies and corporations enacted to
ensure compliance with the EU Directive [167]. The Act covers both
automated and manual processing of personal information. It also
covers video surveillance and limits the use of National Identification
Numbers. The Statistical Bureau of Iceland shall maintain a registry of
individuals not willing to allow the use of their names in product
marketing. It replaces the 1989 Act on the Registration and Handling on
Personal Data [168]. The Act is enforced by the Icelandic Data
Protection Commission (Datatilsynet). The Commission maintains the
registry of activities and can investigate and issue rulings. It can also
impose fines for non-compliance and can seek criminal sanctions. The
Authority can also prohibit or mandate the use of the National
Identification Numbers.

In December 1998, the Parliament approved a bill to create a
nationwide centralized health database to be used for genetic research
[169]. The Government gave an exclusive 12-year license for the
database to the American biotechnology company deCODE Genetics,
which will create a nationwide genetic database of the entire Icelandic
population based on 30 years of patients’ records. Patients were
originally required to opt out of the database by June 1999. After that
date, their information could not be removed. Pressed by criticism from
the EU, the Government enacted the Act on Biobanks on 13 May 2000

[170]. The act sets rules for the “collection, keeping, handling and
utilization of biological samples from human beings” to ensure

confidentiality and prohibit discrimination. The Act requires informed
consent from the person for the collection of samples. However, under

the Act “if samples have been collected for the purpose of clinical tests

or treatment, the consent of the patient may be assumed for the storage

of the biological sample in a biobank,” if the doctor gives general

information to the patient.

The Freedom of Information Act of 1996 (Upplysingalög)
governs the release of records [171]. Under the Act, individuals
including non-residents and legal entities, have a legal right to
documents without having to show a reason for the document. There
are exceptions for national security, commercial, and personal

Review of Regulatory Responses: National Initiatives in
European Countries Not Members of the European Union


Iceland is a member of the Council of Europe and has signed
and ratified the Convention for the Protection of Individuals with Regard
to Automatic Processing of Personal Data and has signed and ratified
the European Convention for the Protection of Human Rights and
Fundamental Freedoms. It is a member of the Organization for
Economic Cooperation and Development and has adopted the OECD
Guidelines on the Protection of Privacy and Transborder Flows of
Personal Data. Iceland is not an EU member state but has been granted
associate status.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->