In this article
The introduction of theClinical Trial Information System (CTIS) has ushered in a new era of transparency and efficiency in the realm of clinical trials. However, with this advancement comes the paramount responsibility of ensuring data privacy. This article delves into the impact of CTIS on data privacy for clinical trial sponsors and outlines the necessary steps to ensure compliance with the new clinical trial regulation that birthed the CTIS platform.
Prelude: The CTIS has been introduced under the Clinical Trial Regulation (EU) 536/2014, referred to as the "CTR". This regulation changes how clinical sponsors submit their trial results. Additionally, the CTR, as noted in Annex 1D.17(ak) and subsequent sections, mandates that sponsors include in their study protocols measures for data protection compliance, ensuring personal data confidentiality, and addressing data breaches. Therefore, adherence to the CTIS also demands that sponsors evaluate their responsibilities as dictated by theCTR.
Understanding the CTISFramework
The CTIS, established in accordance with Articles 80 and 81 of the Regulation (EU) No 536/2014, serves as a centralized platform for the submission of clinical trial-related information. From the initiation of clinical trial applications to ongoing supervision throughout the trial lifecycle, the CTIS plays a pivotal role. It's a collaborative effort involving the European Medicines Agency (EMA), UnionMember States, and the European Commission.
Data Privacy in theCTIS Landscape
The CTIS is designed with stringent data protection measures. Personal data, such as the names and contact details of principal investigators, are captured within the CTIS's secure domain. While certain details, like the list of principal investigators' names and contact details, are made public, other personal data remains confined to the secure domain.
Moreover, the CTIS ensures that documents meant for public viewing do not contain personal data. For instance, the names (but not signatures) of the sponsor and coordinating investigator signatories of the clinical study report remain visible in the report loaded into the database, but other personal data is kept confidential2.
Compliance with Data Protection Regulations
The processing of personal data within the CTIS is grounded in the public interest. The EMA, MemberStates, European Commission, and clinical trial sponsors are joint controllers in the CTIS, bound by legal obligations to collect and upload relevant documents.The data centers used forCTIS are located within the EU, specifically in the Netherlands, Ireland, andGermany.
Ensuring Data Privacy:Steps for Clinical Trial Sponsors
- Understand the CTIS Framework: Familiarize yourself with the CTIS's structure and its data protection measures. Recognize the distinction between data in the CTIS's secure domain and data made public.
- Ensure you draft a GDPR compliance statement in line with local European regulations. This is specified in the "Compliance with Regulations" section and within the Documents section of Part II of the sponsor's dossier.
- Stay Updated with Regulatory Changes: Regularly review the guidelines and recommendations provided by the EMA and other relevant bodies. Recently the EMA has revised its transparency rules for example.
- Engage in Transparent Communication: Inform all stakeholders, including trial participants, about the data being collected, its purpose, and the measures in place to protect their privacy.
- Implement Robust Data Protection Measures: Employ state-of-the-art encryption and other security measures to safeguard data. Regularly audit and update these measures to counter evolving threats.
- Train Your Team: Ensure that everyone involved in the clinical trial is well-versed with the CTIS's data protection protocols and understands the importance of data privacy.
- Before making any data updates on the platform, consider the distinction between public and non-public publications. Ensure you review the anonymization process, especially if it has been entrusted to your CRO.
The CTIS represents a significant stride forward in the clinical trial landscape, offering transparency and efficiency. However, with its advent, the onus of ensuring data privacy has become even more pronounced. By understanding the CTIS framework and implementing robust data protection measures, clinical trial sponsors can navigate this new landscape confidently and compliantly.
To delve deeper, here are some valuable resources to better understand the data protection requirements as outlined in the CTR and CTIS:
Sign up for our newsletter
We like to keep our readers up to date on complex regulatory issues, the latest industry trends and updated guidelines to help you to solve a problem or make an informed decision.
Scalable Extraction of Training Data from (Production) Language Models
A research study identifies vulnerabilities across various types of Language Models, ranging from open source (Pythia) to closed models (ChatGPT), and semi-open models (LLaMa). The vulnerabilities in semi-open and closed models are particularly concerning due to the non-public nature of their training data.
CNIL's Recommendation : AI Providers & Legal Responsibilities
The French Data Protection Authority, the Commission Nationale de l’Informatique et des Libertés (CNIL) published a guide about the legal qualification of AI System providers.