When oversight of the Ethical Review Act was tightened in 2020, the Ethics Review Appeals Board, ÖNEP, was given sole responsibility for exercising it. The work began immediately and led to 20 recommendations for prosecution of researchers in two years.
In the previous 16 years since the Act had come into force, only two cases had been reported for prosecution by ÖNEP’s predecessor, the Central Ethical Review Board, CEPN. The prosecutor dropped both cases because the suspected violations had become time-barred.
The other authorities that shared regulatory responsibility at the time – the Health and Social Care Inspectorate, the Swedish Medical Products Agency and the Swedish Data Protection Authority – did not file any charges.
Then the Macchiarini scandal shed the spotlight on the Ethical Review Act. The broad view was that there was probably no lack of ethical violations within the research community, but that the regulatory system was not working.
When ÖNEP took over the active regulatory role, it was on the basis of ethical review legislation with stricter penalties, a longer statute of limitations and the criminalisation of gross negligence. ÖNEP’s aim was to invest both in preventive work, by being out among researchers and informing them about the Ethical Review Act, and in its regulatory role.
On 11 March 2020, the corona pandemic was officially declared. This made it difficult for ÖNEP to meet researchers in the field, but not to carry out its regulatory role by assessing randomly selected research projects. It focused on research areas within the social sciences and humanities, where ÖNEP had received indications that there was less knowledge about the legislation.
Criticism of the regulatory function grew as the prosecution recommendations began to trickle into researchers’ e-mail inboxes and the far-reaching consequences for researchers became clear. ÖNEP also came to the conclusion that the only weapon in its regulatory armoury – prosecution – was too powerful for less serious cases and that this damaged people’s belief in the regulatory process. In 2022, ÖNEP therefore stopped conducting random checks of research projects.
“We decide ourselves how to conduct our self-initiated inspections and are now focusing entirely on information instead,” says ÖNEP’s Administrative Director, Jörgen Svidén.
Jörgen Svidén
Administrative Director, ÖNEP
He welcomes the review of the Ethical Review Act. In the review’s directives, ÖNEP was pleased to see that its request to the government to look at what less drastic sanctions the regulatory authority could apply has been acknowledged.
But Svidén believes that the Board’s regulatory function will continue to cause debate. He thinks that even if the Board had been able to simply issue criticism in the case of small ethical breaches right from the start, the most highly publicised cases would still have ended up in the hands of the Prosecution Authority.
For example the rapist studies in Lund, the doctoral candidate project in Örebro, and the covid tests in Uppsala. (You can read more about these cases at universitetslararen.se). In the first case, the prosecutor decided against prosecuting because there was no intent, and any crime related to gross negligence had become time-barred; the second case was dropped because there was no intent, and gross negligence could not be proved.
The third case resulted in acquittal in the district court. In all three of these cases, it was reports submitted to ÖNEP that led it to investigate. Most of ÖNEP’s cases that have led to criminal charges have followed the same pattern: 15 cases. Of ÖNEP’s self-initiated cases, six have so far led to prosecution recommendations.
The threat of prosecution has raised awareness in the research community about the scope of the Ethical Review Act. It has also become apparent that it has been fairly common practice in certain areas of research that ethical review has not been applied for to the extent required by law. More researchers need to apply for ethical approval than was previously understood.
The Ethical Review Authority, EPM, is now working to adapt the application form to different research areas and levels of complexity to make it easier for those who apply. “We are also reviewing the ethical review procedure so that our decision makers can devote the right amount of time to each application, depending on the degree of complexity and the risks in the research that is being planned,” says Johan Modin the Director of EPM.
“The law needs to have reasonable limitations that are appropriate for research that is associated with privacy breaches,”
Johan Modin
Johan Modin
Director, EPM
He believes that a simplified application procedure for research with limited risks could be an effective way forward for the ethical review system.
“We also see that the law needs to have reasonable limitations that are appropriate for research that is associated with privacy breaches,” says Modin.
The current legislation already gives EPM the authority to issue regulations on exemptions from the Ethical Review Act. Before 2019, the Swedish Research Council had this authority. Why has it not been used?
EPM has been of the opinion that it needs to wait for the government’s lead on the matter, says Modin. In the Government Bill that proposed the most recent changes to the Act in 2020, the previous government announced that it intended to review whether exceptions should be made under this authorisation. This was a result of criticism from a jurisprudential perspective.
“At present, Swedish law does not have any other protective measures than ethical review for the processing of sensitive personal data in research. That would be needed in order to make such exceptions,” says Modin.
He also points out that there will always be demarcation issues. If, for instance, openly available sensitive personal data is excluded completely, what are the consequences in a context where young people share a lot of information about their lives and their opinions on social media?
To better help researchers navigate today’s ethical review system, EPM is developing a new set of guidelines. At the same time, both EPM and ÖNEP continue to follow legal developments in the field, but believe that prosecutors’ decisions and the one district court verdict so far have not offered much that is new in this regard.
The Swedish Authority for Privacy Protection, IMY, is important when it comes to the application of GDPR requirements regarding the processing of personal data in research. In June, for example, IMY confirmed that researchers who happen to collect sensitive personal data among their material can continue their research without ethical review as long as that data is removed.
Two key issues that both EPM and ÖNEP believe are missing from the directives for the latest review of the Act are related to the scope for allowing privacy-sensitive research in emergency situations.
This is partly about being able to commence research in crisis situations, for example earthquakes, pandemics or the outbreak of war, and partly about being able to conduct research on people in the event of, for example, cardiac arrest.
“We are concerned that certain research that is vital for many people cannot be conducted in Sweden, and that we therefore have to rely on other countries’ research in the field,” says Johan Modin.