Building an Opt-Out Model for Service-Level Consent in the Context of New Data Regulations.

The General Data Protection Regulation (GDPR) was introduced in 2018 to harmonize data privacy and security laws across the European Union (EU). It applies to any organization collecting personal data in the EU. To date, service-level consent has been used as a proportionate approach for clinical trials, which implement low-risk, routine, service-wide interventions for which individual consent is considered inappropriate. In the context of public health research, GDPR now requires that individuals have the option to choose whether their data may be used for research, which presents a challenge when consent has been given by the clinical service and not by individual service users. We report here on development of a pragmatic opt-out solution to this consent paradox in the context of a partner notification intervention trial in sexual health clinics in the UK. Our approach supports the individual's right to withhold their data from trial analysis while routinely offering the same care to all patients.