Digital Dynamic Consent

A modern and dynamic citizen within the normal age range of 18-70 would today see a paper-based consent as old-fashioned. At the same time these persons would by all chance at any time carry their smartphone, a device that today is enabled to create a digital level-4 signatures by utilizing BankID on mobile.

This is a service delivered as a collaboration between the banking system and the governmental DiFi organization.

Additionally, GDPR does not ask for wide use of consent, but it requires insight into which consent was given when for any person that has given a consent. And GDPR also enforces the right to know, and the right to be forgotten. All these tree requirements; insight, right to know and right to be forgotten are more or less infeasible without a mean to get a glance into what consents have I given, to whom and when for any citizen in Norway. 


Solution 

TSD has, through BigMed utilized the self-service online questionnaire form (“Nettskjema”) to enable any researcher to build a consent form. The consent form may be equipped with any metadata that the researcher chose to enrich the form with. Subsequently TSD enables this form for a level-4 BankID signature. This signature is performed by the person who gives the consent using BankID or equivalent through the DiFi portal. This results in the following:

  • A digitally signed PDF ends up in the secure governmental email of the person who consents (70+% of the age group has this enabled), or their snail-mail for those without such a mailbox.
  • A copy of the consent is delivered to TSD, interpreted by the TSD consent system, and made visible for the correct PI and the person who consented.
  • The consent proves who signed what, when and how.
  • The person who consented may log in to the TSD consent portal (using BankID) to view all their consents, info about the consents, download consent PDF if wanted, revoke the consent or consent to new research or previously revoked consents. The full audit trail is kept and visible to this person.
  • The PI, and those entitled by her, may log in to (or from the command-line API) the TSD consent portal and at any time access the info about all consents that has been given to their research project (and their research project only). They may see the same audit-trail as the person who consented until this person explicitly asks to get all their history removed.


The consent system is accessible for all TSD-users at a small cost, and the consent portal for PIs will soon be made available in the TSD DMZ so that researchers that does not use the TSD system will anyhow be able to utilize the TSD consent system. 

Status:

Finished

Topics

Legal

Gard Thomassen

UiO USIT

TSD

+47 936 74 926

Send email

Portrait of Gard

Relevant Projects

Big data management for the precise treatment of three patient groups

Boy - with simplified mesh of his face illustrated.

This report is produced as part of the BigMed project to document and distribute knowledge accumulated in the first phase of the project, identifying the challenges and obstacles the project aims to address.

Trusted Variant eXchange

Newborn baby holding parents hands

Improving genetic variant interpretation through data sharing with trusted partners of choice.