In the absence of strong intellectual property rights to protect data and databases in the United States, data-sharing agreements work best if they are part of a broader agreement among research partners. An individual agreement on data sharing is not intended to supplant the greater agreement between the partners, but to complement and support a particular aspect of the broader agreement. For a detailed overview of the role of a data-sharing agreement in a larger project among research partners, see Data Sharing: Paige Backlund Jarquin MPH, Colorado Clinical and Translational Sciences Institute – Rocky Mountain Prevention Research Center. Ideally, these additional concerns should be taken into account in the data exchange agreement, in order to facilitate clear communication and, if necessary, provide additional safeguards: the European Centre for Disease Prevention and Control (ECDC) identifies, assesses and communicates the risks to human health associated with infectious diseases. It collects, analyses and disseminates surveillance data on 52 diseases from 31 countries in a database called the European Surveillance System (TESSy). Access to data is regulated and is only made available to third parties upon request and authorization. Since countries have the primary legal authority over activities within their borders, they are responsible for the implementation of the International Health Regulation (2005), the main international health law. However, there is no enforcement mechanism to ensure compliance with the rules. Another relevant area is international human rights law, which contains a well-established approach to balancing respect for individual rights with other important interests. For example, the International Covenant on Civil and Political Rights requires states to respect the right to privacy, while recognizing that states may waive the right to privacy for public health reasons. Cross-border transmission of public health surveillance data has legal consequences if the nature of the data shared is protected by national or international law. For example, there is a disaggressed data that contains confidential or personal information.

Aggregated and anonymized data are less subject to legal restrictions, provided the data is made anonymous to acceptable standards. Informal agreements do not mean that the need to respect the rights and interests of all parties involved is reduced in one way or another. Unless there are compelling reasons for an oral agreement, written agreements should always be used. Risks associated with different types of agreements should be identified and taken into account when deciding what to use. It is important to recognize that the process of establishing data exchange agreements between countries, as well as the nature of the data that is shared and the agencies that share the data together, are different. In 1998, the European Commission already formalised disease surveillance networks funded as pilot projects. As a result, these informal networks have developed and been standardized, and specific reporting datasets have been adopted. They were eventually admitted to the CEPCM.

EU legislation ensures that data is exchanged transparently, although Member States have expressed reservations about the publication of the data before national authorities have had the opportunity to analyse and use the data for scientific publications. These concerns have been partially dispelled by allowing late notification of certain datasets and anonymization of economically sensitive data (e.g. B, data on infections in the health sector). TESSy data is also limited by EU data protection legislation, which shapes ECDC`s data access policy. However, Member States interpret EU legislation on the processing of personal data in different ways, with countries transmitting different types of data to ECDC.