Legal and Ethical Considerations
Cross-border AMR surveillance integration faces significant legal and ethical challenges around data privacy, sharing, and secondary use.
GDPR and Data Protection
The General Data Protection Regulation (GDPR) applies to all Nordic countries (EU members: Denmark, Finland, Sweden; EEA members: Norway, Iceland). Key implications:
- Individual-level health data requires strict handling
- Cross-border data sharing needs appropriate legal basis
- Starting with nationally aggregated, de-identified data avoids most GDPR complications (see Reporting of Aggregated Data)
- Long-term goal: develop a regulatory framework for raw anonymised data access
National Legislation
Each country has specific laws governing AMR data:
| Country | Key Legislation |
|---|---|
| Denmark | Danish Health Act, Act on Medicines |
| Finland | Communicable Diseases Act (1227/2016), Medicines Act (395/1987) |
| Iceland | Act on Health Security and Communicable Diseases (No. 19/1997) |
| Norway | Infectious Disease Control Act (1994), Medicines Act (1992) |
| Sweden | Communicable Diseases Act (2004:168), Health and Medical Services Act (2017:30) |
Secondary Data Use
Reuse of existing data for AMR research faces barriers:
- Legal restrictions on what data can be accessed and how it can be used
- Some countries require data generated within their borders to be analysed domestically
- Need for secure computing environments compliant with GDPR (certified HPC systems, secure storage)
- Tension between strict security requirements and researchers’ need for flexible, innovative tools
See Secondary Data Sources for more on available data types.
AI and Emerging Technologies
- EU regulations around AI use add complexity
- Federated machine learning may enable joint analyses without directly sharing sensitive data
- Restrictions on IT-owned infrastructure create gaps between security requirements and research needs