Optimising cohort data in Europe

(Wolfson et al., 2010) and ViPAR (Carter et al., 2016) are all software infrastructures for distributed analysis that facilitate the direct analysis of repository data from multiple studies simultaneously without sacrificing confidentiality or other data use restrictions. y y Governance structures to coordinate public and private interests. This suggests the option of creating sustainable governance structures, potentially international in scope that can act both as a neutral data custodian and intermediary between competing or uncoordinated interests of relevant stakeholders, including researchers, health practitioners, governments, and individual citizens in their role as data sources. The primary role of these structures would be to transparently decide on how best to coordinate these interests, either on a case-by-case basis or as a matter of policy. In relation to legal issues, the legal situation remains unclear and unclarity in this context poses a challenge for the future. As preliminary general measures we recommend: y y To define adaptive, ''global'' codes of conduct in order to clarify interpretations of the current EU legal framework. y y To develop interoperable, semantically coherent concepts and outcome measures for data sharing that could be understood by all the stakeholders involved. y y To clearly outline the roles and associated obligations of data processors and data controllers from the onset of the research project. y y To adopt soft law features at the beginning of the research project while gradually adding ''hard law'' features as the project goes on. y y To begin an inclusive discussion and evaluation in order to clarify ambiguous aspects of the GDPR. We also recommend using registered data access models. Namely, in relation to Article 89 of the GDPR, the policy in EU countries for controlled access models is generally to rely on legally binding data access agreements overseen by DACs (Data Access Committees - DACs). However, DACs often do not possess adequate oversight tools for monitoring potential breaches in data access agreements (Shabani et al., 2021). The registered access model requires several steps (i.e. authentication, authorisation and attestation) but data users do not have to sign a data access agreement in a paper-based format with DACs (online agreements with DACs are sufficient). This is a significant advantage over the controlled model whose mode of operation is administratively and technically burdensome (Slokenberga et al., 2021). The limitations of controlled governance models are increasingly compensated by technical solutions such as federated networks (Keane et al., 2021). Such networks generally include linked databases, which provide a secure, real-time environment for data access and use. Another related possibility is to support DACs overview with automated review tools.