BIOPRESERVATION AND BIOBANKING REVIEW ARTICLE

Volume 15, Number 5, 2017

ª Mary Ann Liebert, Inc.
DOI: 10.1089/bio.2017.0045

Oversight of Genomic Data Sharing:

What Roles for Ethics and Data Access Committees?

Mahsa Shabani,1 Edward S. Dove,2 Madeleine Murtagh,3 Bartha Maria Knoppers,4 and Pascal Borry1
Downloaded by GRIFFITH UNIVERSITY from online.liebertpub.com at 09/05/17. For personal use only.

Discussions regarding responsible genomic data sharing often center around ethical and legal issues such as the
consent, privacy, and confidentiality of individuals, families, and communities. To ensure the ethical grounds
of genomic data sharing, oversight by both research ethics and Data Access Committees (DACs) across the
research lifecycle is warranted. In this article, we review these oversight practices and argue that they reveal a
compelling need to clarify the scope of ethical considerations by oversight bodies and to delineate core elements
such as ‘‘objectionable’’ data uses. Ethical oversight of genomic data sharing would be considerably improved
if the relevant ethical considerations by research ethics and DACs were coordinated. We therefore suggest
several mechanisms to achieve greater clarification of ethical considerations by these committees, as well as
greater communication and coordination between both to ensure robust and sustained ethical oversight of
genomic data sharing.

Keywords: data sharing, governance, oversight, ethics committees, data access committees

Background and government research agencies should actively dissem-

inate information on research data policies to individual

R esearchers are increasingly asked to share the re-

sults of genomic studies to ensure the optimal (re)use of
data by users across the world and to strengthen the statis-
tical power of data. Discussions regarding responsible ge-
nomic data sharing often center around ethical and legal
issues such as the consent, privacy, and confidentiality of
individuals, families, and communities and the adequacy of
governance mechanisms to monitor and manage access to
data. Although sharing deidentified (anonymized) or key-
coded genomic data of individuals could mitigate these
concerns, it has been argued that these data security tech-
niques do not obviate the need for key actors to govern the
legitimate use of downstream data uses.1
This is reflected in various policy statements and guide-
lines that recommend that data stewards and/or custodians
(who may also be the data producers) and (downstream)
data users obtain appropriate ethical, legal, and institutional
permissions before sharing and using data, based on the
ethical principle of respecting the privacy of individuals and
the dignity of communities. As the recent Organization for
Economic Co-operation and Development (OECD) Princi-
ples and Guidelines for Access to Research Data from
Public Funding (2017) reiterate, ‘‘Research organizations
researchers, academic associations, universities, and other
stakeholders in the publicly funded research process.’’ Per-
missions to data sharing and access are typically granted by
competent bodies that assess the adequacy of data sharing
plans before data collection and sometimes also the ethical
acceptability of specific data access requests.
Typically, Research Ethics Committees (RECs) (also
known in some countries as Institutional Review Boards or
IRBs) are seen as the competent body to prospectively as-
sess the ethical acceptability of data sharing plans. The
guidelines adopted by National Institutes of Health (NIH)-
designated data repositories (as described in the NIH Genomic
Data Sharing Policy, 2014) and the European Genome-
phenome Archive (EGA)—two major data sharing platforms—
exemplify this approach. Accordingly, data submitters to the
NIH-designated data repositories such as the database of
Genotypes and Phenotypes (dbGaP) are asked to provide
an Institutional Certification which indicates, among other
things, that an ethics review has been conducted by a re-
sponsible oversight body and that the body has granted a
favorable opinion toward the proposed plan for data sharing.2
Similarly, the EGA requires a letter from the representative of
the study, for example, the Principal Investigator, confirming

1
Department of Public Health and Primary Care, Center for Biomedical Ethics and Law, University of Leuven, Leuven, Belgium.
2
J. Kenyon Mason Institute for Medicine, Life Sciences and the Law, School of Law, University of Edinburgh, Edinburgh, United
Kingdom.
3
School of Population and Health Sciences, University of Newcastle, Newcastle upon Tyne, United Kingdom.
4
Centre of Genomics and Policy, McGill University, Montreal, Canada.

1
 2 SHABANI ET AL.

Table 1. Current Ethical Considerations in Assessment of Data Sharing Plans

by Research Ethics Committees
Genomic data
sharing platform Required documents/oversight body Points to consider
NIH-designated Institutional Certification indicating Ethics review Consistency with consent
data repository by RECs/IRBs, privacy boards and/or equivalent Conformity with applicable legislation
body before data submission has been conducted Risks for individuals and families
Group or population based risks
Adequacy of deidentification mechanisms
European Genome- A letter by the representative of the study (e.g., Consistency with consent or obtaining
Downloaded by GRIFFITH UNIVERSITY from online.liebertpub.com at 09/05/17. For personal use only.

phenome Archive Principal Investigator) confirming: ethical approval

Conformity with applicable legislation
NIH, National Institutes of Health; REC, Research Ethics Committee.

that any major ethical issues have been considered and ad-
dressed before depositing data (Table 1).
In addition to the requirement of a prospective ethics
review of data sharing plans by RECs, the nature of genomic
data sharing in the current era, which allows for global
downstream data uses, has led to calls for the establish-
ment of a new tier of oversight.3 This need mainly stems
from the fact that researchers cannot foresee all downstream
data access requests and uses from the outset of their initial
collection. To fill this gap in ethical oversight of the geno-
mic data sharing pipeline, Data Access Committees (DACs)
have been established in different research infrastructures to
assess and authorize data access requests.4
Despite the emergence of DACs to bridge the divide of
ethical oversight of initial data collection—governed largely
by RECs—and downstream data use, there are no interna-
tionally accepted access review guidelines for DACs. Re-
cent empirical research indicates, however, that many DACs
engage in similar core considerations.5 This includes veri-
fying the qualifications of the data users to ensure that they
are bona fide researchers and affiliated with a reputable
institution, which can be held responsible for the actions of
the data user. DACs also assess the consistency of proposed
data uses with particular restrictions on the data use, as
defined by the consents signed by participants or informa-
tion provided to those participants6,7; some studies prohibit
research for commercial gain or exploration of particular
research questions that are sensitive in nature and can lead
to stigmatization of participants, for example, the genetics
of intelligence. Some DACs may also require the data users
to obtain ethics approval from their home institution, which
leads to involvement of users’ home institution’s REC/IRB
in the ethical oversight of genomic data sharing. In addition,
some DACs evaluate scientific feasibility of the data access
requests when undertaking an access review assessment.4,5
It has been reported that such a review seeks to address three
main goals, namely, protecting the participant, protecting
the study, and protecting the researcher; responding to is-
sues of ethics, reputation, and trust, and intellectual prop-
erty, respectively.8
Regarding the first goal, namely protecting the partici-
pants and addressing the ethical issues, we can identify three
main ethical considerations for DACs when assessing data
access requests: ensuring ethically appropriate downstream
data uses, checking the consistency of the proposed data
use(s) with the consent forms from the original data col-
lection, and ensuring data use applicants have obtained the
relevant ethical-legal approvals (Table 2). This has been
informed by the results of an empirical study with DAC
members5 and a review of practices of a sample of DACs,9
among others, which provided insights into the current prac-
tices of DACs.
In this article, we discuss these three ethical consider-
ations in detail and highlight the associated concerns DACs
may encounter in fulfilling this task. We argue that despite
the development of overarching data sharing and access
policies such as the Framework for Responsible Sharing of
Genomic and Health-Related Data developed by the Global
Alliance for Genomics and Health10 and recommendations
prepared by the UK Expert Advisory Group on Data Ac-
cess,4 on the whole, DACs are left with little guidance on
how to undertake these ethical assessments in a consistent
and robust manner. Furthermore, ethical oversight of ge-
nomic data sharing would be considerably improved if the
relevant ethical considerations by DACs and RECs were to
be coordinated. We therefore suggest several mechanisms
to achieve greater clarification of ethical considerations by
RECs and DACs, as well as greater communication and
coordination between both to ensure robust and sustained
ethical research oversight of genomic data sharing across the
research lifecycle.
Ensuring ethically appropriate
downstream data uses
To obtain access to genomic datasets that are made
available through controlled-access mechanisms, applicants
Table 2. Current Ethical Considerations
in Assessment of Data Access Requests
by Data Access Committees
Oversight body Points to consider
NIH-designated central Ensuring appropriate
DACs downstream data uses
Institutions, consortia, Checking consistency of the
and small research downstream data uses with
groups’ local DACs the consent form and data
use limitations
Ensuring the pertinent ethics
and legal approvals have
been obtained
DACs, Data Access Committees.
 ETHICAL OVERSIGHT ON GENOMIC DATA SHARING AND ACCESS
complete a ‘‘data access request’’ form and submit it to the
relevant DAC. Templates of the request forms that are pro-
vided on the EGA website show that these forms may in-
clude questions about the description and aims of the
proposed study and also the relevant ethical issues that may
arise as a result of proposed research. One of the main rea-
sons for these questions is to ascertain the ethical accept-
ability and applicants’ awareness of the ethical and social
implications of their work, which may need to be addressed
by the DACs or which may bring the study into disrepute
and, thereby, damage trust relations with study participants.
The UK Expert Advisory Group on Data Access underscores
Downloaded by GRIFFITH UNIVERSITY from online.liebertpub.com at 09/05/17. For personal use only.
this issue as a point to consider for DACs in a 2015 report
on Governance of Data Access, which states: ‘‘There may
be grounds for refusing applications thought likely to bring
the main study into disrepute, for example, if the applicants
are attempting to investigate a contentious topic in a way
which cannot for scientific reasons be supported by the
available data.’’4 Therefore, according to this report, con-
cerns about the research agenda could constitute legitimate
grounds for DACs to refuse the data access requests.
Among the issues to consider within this question include
elucidating what would constitute an ‘‘objectionable’’ pro-
posed research use. Currently, examples of objectionable
research use that have been provided in the literature include
culturally or politically sensitive topics; ancestry studies in
a small isolated population; and correlating cognitive abil-
ity and education to race.11,12 Howevebr, lack of guidance
surrounding the definition and scope of ‘‘objectionable’’ pro-
posed data uses can lead to opaque or arbitrary interpretations
by DACs, resulting in uncertainty among all stakeholders
about the a contrario definition, namely what is considered
an ‘‘acceptable’’ research use, and eventually lead to in-
consistencies between DACs.
Some have suggested that data access review by a DAC
should prohibit any research that ‘‘may impact or harm
dignity of the human beings in a way that is undesirable or
unacceptable in a democratic society.’’13 To clarify these
terms, actual incidents of objectionable data uses that are
reported in previous studies could be consulted. For exam-
ple, Fullerton and Lee’s study provided instances of objec-
tionable research uses, in the absence of consent from the
research participants, namely genetic associations of ad-
diction, mental health, and brain size with certain social
identities. They concluded: ‘‘.it is not hard to imagine that
some contributing participants would regard as objection-
able research that attempts to correlate genetic variation with
social identity or geographic location or implies ethnic dif-
ferences in addiction, mental illness, or intelligence.’’12
Similarly, de Vries et al.’ study revealed the researchers,
funders, and REC members’ concerns regarding the risk of
‘‘ethnic stigmatization’’ that may arise from downstream
uses of the MalariaGEN project’s (a large genomic collab-
oration based in Africa, Asia, and Europe examining ma-
laria) data.11 Perceptions of the general public and research
participants themselves concerning objectionable research
uses should also inform the discussion.14 The implications
of morally objectionable research uses could extend far
beyond the individuals and concern social values; therefore,
gathering the viewpoints of the public on this matter seems
crucial. Moreover, objectionable data uses may vary across
populations and depend on cultural issues and contextual
factors, which need to be taken into consideration.
3
Currently, some DACs perceive ethical considerations as
a core component of data access review, whereas others
believe ethical considerations are best left to RECs—as their
name explicitly states.5 The latter approach aligns with the
practices of some DACs that only perform a ‘‘light-touch’’
review that seeks to identify only those applications deemed
controversial and then escalate them to a heightened level of
scrutiny, often involving a REC.7 Nevertheless, a clear re-
ferral procedure and a protocol to identify the relevant and
responsible REC to review such ‘‘controversial’’ applica-
tions have yet to be clearly described.
One key question that persists is whether all data access
requests should receive the same degree of scrutiny by
DACs. An argument could be made that only access re-
quests for so-called ‘‘high-risk data’’ should undergo a full
committee review by DACs, whereas requests for minimal-
risk data could receive a DAC review waiver or an expe-
dited review, as is done by RECs in many jurisdictions for
research studies presenting no material ethical issues. When
approving the data sharing plans in the beginning of the
studies IRBs/RECs could determine if the full data access
review by DACs is needed. Data may be considered high
risk when there is a higher possibility of reidentification of
the research participants or when the data concerns include
potentially stigmatizing genetic, phenotypic, behavioral, or
social traits.15,16 For example, higher levels of concern as-
sociated with sharing potentially stigmatizing data, such as
data from HIV-positive participants, have been reported in
the previous empirical studies.17
Checking the consistency of the downstream
data uses with underlying consent forms
The downstream data uses that result from sharing data
should be consistent with underlying consent forms or ethics
approvals. In other words, follow-up studies making use of
the data should be in accord with the permissions granted by
the data donor at the time of original collection. This aligns
with the principles of research ethics that endorse respecting
the wishes of research participants in the entire course of
conducting biomedical research, from the sample and data
collection to future downstream data uses.
DACs often take the responsibility of verifying the con-
sistency of data use proposals with underlying consent
forms and whether they run against any data use limitations
relating to the requested dataset(s). This is mainly because
recontacting research participants for a new consent for each
and every downstream data use (i.e., new research study) is
perceived as disproportionate and impracticable. In doing
so, DACs review the original consent form, which is ob-
tained for the purpose of data collection. However, this is
not always a straightforward task for DACs. Given that data
use limitations (e.g., use of data only for certain types of
research studies) may not be clearly articulated in under-
lying consent forms, careful interpretation is required at
times. For instance, the implications of data use limitations
on data use for commercial purposes are not always crystal
clear, nor is it always clear-cut what is a commercial versus
noncommercial purpose (particularly in modern academia).
Another example is related to uncertainties that could arise
from interpretation of data use limitations, when data use is
limited to a specific disease in the consent form, and the data
use applicants request to use data for a research on a closely
 4 SHABANI ET AL.
related disease or comorbidities, which are associated with
the initial disease. These problems are often intensified in
retrospective uses of previously collected data, where data
sharing and potential ethical implications for research par-
ticipants were not even considered at the time of data col-
lection, which may be many years previous.7
One can argue that interpretation of consent forms should
be grounded in an assessment of the reasonable expecta-
tions of research participants and informed by contextual
factors (e.g., the research setting and preferences of the in-
dividuals) tied to the initial data collection. However, DACs
may have limited to no knowledge about the research con-
Downloaded by GRIFFITH UNIVERSITY from online.liebertpub.com at 09/05/17. For personal use only.
text of the participants and original data collection beyond
what is written in the consent form. To inform the DACs,
collecting the research participants’ inputs is warranted. On
some occasions, the consent form may be inaccessible to
DACs because the data have been collected elsewhere, for
example, in a hospital, underlining the importance of at-
taching consent forms to datasets.
Consequently, DACs need to be assisted with adequate
tools and expertise in carrying out the task of interpretation
of consent forms, which may be delicate in certain cases; it
is expected that DACs may need to seek assistance from
external experts in handling such cases. One way to address
this problem could be to clearly record and standardize data
use conditions at the time of data collection. To this end,
Dyke et al. have suggested developing ‘‘consent codes’’
based on a structure for recording data use ‘‘categories’’ and
‘‘requirements’’ on the basis of existing consent provisions
for major genomic databases.18 Others, although, avoid ‘‘en-
coding complex data uses restrictions’’ in informed consent
models to reduce the need for ‘‘complex review process-
es.’’19 Yet complex review processes are more or less
the norm for many genomic data sharing projects, given the
breadth and depth of the studies and geographic scale of the
collaborative science.
Ensuring the pertinent ethical and legal
approvals have been obtained
Access by users to individual-level genomic data may be
conditioned upon obtaining appropriate legal and ethical
approvals from their home institution. The underlying ra-
tionale for such a requirement may lay in an initial data use
condition in the consent form, which requires new ethics
approval for any downstream data uses. For instance, Kaye
et al. report that the majority of cohorts from BioSHaRE-EU
(a pan-European research consortium that aims to facilitate
data sharing across multiple biobanks and databases) ‘‘re-
quire separate REC approval’’ from the data users.20
However, the experience of some DACs reveals that
making this a requirement in all instances could be prob-
lematic and disproportionate, leading to impediments in
knowledge production, a public good that may also be con-
sidered a reasonable expectation of the participants who
provide data. Several challenges are at play. First, verifying
the adequacy of the evidence provided of REC approval or
waiver could be challenging due to linguistic diversity, di-
versity of the forms, and diversity of ethical (or legal)
standards in different jurisdictions. Second, the necessity of
obtaining REC approval for each downstream data use is
questionable and, indeed, is not required in all jurisdictions.
The results of a study by Simpson et al. in the United States
revealed that there are different opinions concerning the
necessity of obtaining ethics approval for downstream data
uses. Accordingly, some requests to access and analyze data
from dbGaP must go through a full-board IRB review, while
others receive an expedited review or a waiver; still on other
occasions, applying for an IRB approval is not required.21
One can argue that if downstream data uses fall within the
scope of the prior consent or relevant authorization, then
obtaining secondary REC approval is not warranted, be-
cause it is disproportionate, in particular, when one con-
siders the significant delays that could result from meeting
multiple ethics requirements before data access.8 This ap-
proach resonates with a recent Recommendation (2016) 6 of
the Committee of Ministers of the Council of Europe on
research on biological material of human origin. Article 21
of the Recommendation stipulates that a requirement of re-
consent or authorization only needs to be met when the
proposed data uses fall outside the scope of prior con-
sent or authorization. Local jurisdictions have also adopted
this approach. For example, Quebec’s Réseau de médecine
génétique appliquée (RMGA) Consolidated Statement of
Principles from 2016 states: ‘‘The participant can give a
broad consent for a range of research projects. Research
projects within this range and consistent with the original
consent constitute a primary use of data and samples.’’22
Third, different perceptions about risks associated with
data sharing, such as reidentification and privacy breaches,
have been observed among REC members. Lemke et al.’
investigation on the views of REC members on broad ge-
nomic data sharing revealed that their perceptions toward
reidentification risks and the potential harms resulting from
privacy breaches vary considerably.23 The limited technical
expertise of REC members in the view of ‘‘the complexity
of current data-handling systems’’ may also challenge the
ethics review.24 The existing and well-documented incon-
sistency between RECs—although not unexpected—further
undermines efforts toward ‘‘mutual recognition’’ of ethics
review of international data-intensive research, which is
premised on avoiding duplicative reviews and conducting
a similar level of ethics scrutiny by all RECs.25 In itself,
mutual recognition does not argue against the need for
RECs to consider local context—that is, morals and cultural
practices within some defined ‘‘community’’—in some sit-
uations (e.g., consent practices). But we should exercise
some caution against this defense of local REC review;
indeed, one may argue that the charge of ‘‘local values’’ can
at times be as much rhetoric as reality—values that do not
derive so much from a community as from institutional and
subjective personality factors.26
In response to these limitations, some DACs consider the
applicants’ self-declaration in the Data Access Agreement
on meeting the ethical requirements of their home institution
(or relevant authority) as sufficient. Trust, it seems, backed
to some degree by the contractual agreement, governs many
of the relationships between DACs and data user applicants.
The Path Forward
Based on our assessment of extant practices and func-
tions of DACs and RECs, ethical oversight of genomic data
sharing by RECs and DACs should be better coordinated to
ensure robust and sustained oversight across the research
life cycle. Better coordination will prune the redundancies
 ETHICAL OVERSIGHT ON GENOMIC DATA SHARING AND ACCESS
between these two bodies and can provide confidence that
all steps before actual data sharing will have been scruti-
nized sufficiently.
Achieving this will require three mechanisms. First,
delineating the scope of ‘‘objectionable’’ data uses and
clarifying the requirements for obtaining secondary ethics
approvals from users’ home institutions through interna-
tional guidelines and policies seem necessary. Results of
our investigation of DAC reveal that they are not well
guided for this matter, and this could result in arbitrary and
inconsistent decisions. In addition, new tools and mecha-
nisms such as ‘‘consent codes’’ could facilitate reviewing
Downloaded by GRIFFITH UNIVERSITY from online.liebertpub.com at 09/05/17. For personal use only.
the consistency of the downstream data uses with the wishes
of research participants. Concurrently, self-assessment tools
could aid researchers to learn what types of ethical-legal
approvals are needed before data sharing.18
Regardless, DACs may still need to work with RECs
(those who approve the original data collection and data
sharing plans) when consistency of proposed data uses with
the underlying consent form is clouded with uncertainty.
Given that RECs are charged with ethically approving the
original data collection, consulting them—in the case of
any uncertainty about access—could be instructive. Thus, a
second mechanism is that RECs could be consulted when
proposed data uses are considered ethically objectionable by
DACs and when a further evaluation (or second opinion) is
needed. Currently, RECs and DACs deal with the ethical
considerations of data sharing separately in two silos—data
collection and then downstream data sharing—suggesting
that there is no established bridge of communication be-
tween these oversight bodies. To avoid gaps in ethical
oversight and better assure robust protection across the re-
search lifecycle, RECs and DACs must be seen as working
together. It should be noted that DACs and the RECs who
approve the original data collection or data sharing plans are
sometimes located in different institutions, making interac-
tion between them challenging and highlighting a need to
adopt suitable models of interaction between DACs/RECs.
Third, both of these oversight bodies should be armed
with adequate expertise to be able to fulfill the goal of robust
ethics assessment. Although accommodating broad exper-
tise in well-resourced DACs is feasible, in less-resourced
DACs with a small number of incoming data access re-
quests, this may not seem an immediate priority. Similarly,
RECs may fail to adequately consider the concerns associ-
ated with data sharing due to the lack of awareness or ex-
pertise in genomics, data-intensive science, data protection
regulation, and data ethics. As highlighted by Rothstein:
‘‘The increased scale of research and new computer tech-
nologies demand a more nuanced assessment of the risks
and benefits of research using a range of deidentified in-
formation and biological materials.’’1 In turn, such assess-
ments could assist in developing evidence-based guidelines
with a checklist of points to consider for both oversight
bodies to illuminate real risks and concerns associated with
cross-border data sharing. It is recommended that such a
document would provide further guidance for the over-
sight bodies on how to proceed when confronting un-
certainties in reviewing high-risk/sensitive data or when
there is an uncertainty regarding the ethical acceptability of
the proposed uses.
To date and too often, RECs and DACs act as though they
are in two separate worlds. Together, we believe that these
5
three recommendations will foster greater synergy in the
ethical oversight functions performed by RECs and DACs.
Both RECs and DACs have a critical role to play in pro-
tecting the rights and interests of data donors and promoting
the social value and public good of genomic data sharing.
Concurrently, coordinated and well-functioning oversight
bodies could address the requirements of adopting organi-
zational measures and safeguards when processing personal
data, including genomic data, as it is recently laid out by the
EU General Data Protection Regulation and under the re-
search exemption provisions (Article 89). Arguably, consent
or anonymization approaches toward governance of geno-
mic data sharing would be complemented in the light of the
strengthened role for DACs and RECs.
Recommendations
 What constitutes ‘‘objectionable’’ data uses and require-
ments for obtaining secondary ethics approvals from us-
ers’ home institutions should be delineated, in accordance
with national laws and international policies.
 When possible, communication between DACs and RECs
in assessment of controversial cases, or when there is
uncertainty in interpretation of consent forms, should be
facilitated.
 Data use limitations should be clearly recorded within
consent forms at the time of original data/sample collec-
tions.
 DAC and REC members should be equipped with ade-
quate expertise (including by providing them the ability to
seek advice from specialist referees) concerning the in-
formational risks associated with data-intensive research.
Author Disclosure Statement
No conflicting financial interests exist.
References
1. Rothstein MA. Is deidentification sufficient to protect
health privacy in research? Am J Bioeth 2010;10:3–11.
2. National Institute of Health. Genomic Data Sharing Policy.
2014. Available at: https://gds.nih.gov/PDF/NIH_GDS_
Policy.pdf (accessed August 28, 2016).
3. Kaye J, Heeney C, Hawkins N, et al. Data sharing in
genomics—Re-shaping scientific practice. Nat Rev Genet
2009;10:331–335.
4. Expert Advisory Group on Data Access. Governance of
Data Access. 2015. Available at: https://wellcome.ac.uk/
sites/default/files/governance-of-data-access-eagda-jun15.pdf
(accessed August 28, 2016)
5. Shabani M, Borry P. ‘‘You want the right amount of
oversight’’: Interviews with data access committee members
and experts on genomic data access. Genet Med 2016;18:
892–897.
6. Ramos EM, Din-Lovinescu C, Bookman EB, et al. A
mechanism for controlled access to GWAS data: Experi-
ence of the GAIN Data Access Committee. Am J Hum
Genet 2013;92:479–488.
7. Parker M, Bull SJ, de Vries J, et al. Ethical data release in
genome-wide association studies in developing countries.
PLoS Med 2009;6:e1000143.
8. Murtagh MJ, Turner A, Minion JT, et al. International data
sharing in practice: New technologies meet old governance.
Biopreserv Biobank 2016;14:231–240.
 6 SHABANI ET AL.
9. Shabani M, Knoppers BM, Borry P. From the principles of
genomic data sharing to the practices of data access com-
mittees. EMBO Mol Med 2015;7:507–509.
10. Knoppers BM. Framework for responsible sharing of ge-
nomic and health-related data. Hugo J 2014;8:3.
11. de Vries J, Williams TN, Bojang K, et al. Knowing who to
trust: Exploring the role of ‘ethical metadata’ in mediating
risk of harm in collaborative genomics research in Africa.
BMC Med Ethics 2014;15:62.
12. Fullerton SM, Lee SS. Secondary uses and the governance
of de-identified data: Lessons from the human genome di-
versity panel. BMC Med Ethics 2011;12:16.
Downloaded by GRIFFITH UNIVERSITY from online.liebertpub.com at 09/05/17. For personal use only.
13. El Emam K, Alvarez C. A critical appraisal of the Article
29 Working Party Opinion 05/2014 on data anonymiza-
tion techniques. International Data Privacy Law 2014. doi:
10.1093/idpl/ipu033.
14. Shabani M, Bezuidenhout L, Borry P. Attitudes of research
participants and the general public towards genomic data
sharing: A systematic literature review. Expert Rev Mol
Diagn 2014;14:1053–1065.
15. Ossorio PN. Bodies of data: Genomic data and bioscience
data sharing. Soc Res (New York) 2011;78:907–932.
16. National Institutes of Health. Points to Consider for In-
stitutions and Institutional Review Boards in Submission
and Secondary Use of Human Genomic Data under the
National Institutes of Health Genomic Data Sharing Policy.
2016. Available at: https://gds.nih.gov/pdf/GDS_Points_to_
Consider_for_Institutions_and_IRBs.pdf (accessed August
28, 2016).
17. Robinson JO, Slashinski MJ, Chiao E, et al. It depends
whose data are being shared: Considerations for genomic
data sharing policies. J Law Biosci 2015. doi: 10.1093/jlb/
lsv030
18. Dyke SO, Philippakis AA, De Argila JR, et al. Consent
codes: Upholding standard data use conditions. PLoS Genet
2016;12:e1005772.
19. Wilbanks J, Friend SH. First, design for data sharing. Nat
Biotechnol 2016;34:377–379.
20. Kaye J, Briceno Moraia L, Mitchell C, et al. Access gov-
ernance for Biobanks: The case of the BioSHaRE-EU co-
horts. Biopreserv Biobank 2016;14:201–206.
21. Simpson CL, Goldenberg AJ, Culverhouse R, et al.
Practical barriers and ethical challenges in genetic data
sharing. Int J Environ Res Public Health 2014;11:8383–
8398.
22. Réseau de médecine génétique appliquée (RMGA). State-
ment of Principles. 2016. Available at: www.rmga.qc.ca/
en/issues.html (accessed August 28, 2016).
23. Lemke AA, Smith ME, Wolf WA, et al. Broad data sharing
in genetic research: Views of institutional review board
professionals. IRB 2011;33:1–5.
24. Lowrance WW. Privacy, Confidentiality, and Health Re-
search. New York: Cambridge University Press; 2012: 60–61.
25. Dove ES, Townend D, Meslin EM, et al. Ethics review for
international data-intensive research. Science 2016;351:
1399–1400.
26. Klitzman R. The myth of community differences as the
cause of variations among IRBs. AJOB Prim Res 2011;2:
24–33.
Address correspondence to:
Mahsa Shabani, PhD
Department of Public Health and Primary Care
Center for Biomedical Ethics and Law
University of Leuven
Kapucijnenvoer 35, Box 7001
Leuven 3000
Belgium
E-mail: mahsa.shabani@kuleuven.be