Table 1.

Identified challenges related to international data transfers, solutions currently explored, remaining challenges, and proposed solutions to these challenges.

Challenges	Explored solutions	Remaining challenges	Suggested solutions
Lack of adequacy decision by the European Commission	Creation of clear rules for the adequacy assessment procedure	Blanket adequacy decisions easily disregard sectoral differences in applicable data protection rules	Adopt specific health research sector adequacy assessments to take into account specific trade-offs among rights, appropriate technical measures, and long-standing compliance efforts within the sector, including administrative measures
Data anonymization and privacy-preserving data security measures are promoted as the only solutions to data protection concerns	Nonapplication of data protection rules and instead use substitute measures to meet the adequacy standard	Loss of information content of data for scientific research, anonymity of data is context dependent, and substitute measures for protection can be circumvented	Emphasize the contextual anonymity of data, for example, when the context is not changed during data processing (eg, by allowing data to be visited)
Missing codes of conduct and certification mechanisms	Bottom-up sector-specific concretization of data protection rules and appropriate supplementary security measures	Current solutions that are not relevant to the context of genomic research or are not relevant for international data transfers [32]; fundamental rights issues raised	Link the development of codes of conduct with the sectoral adequacy assessment and the development of certification mechanisms with supplementary technical measures for international data transfers