In the first place an External Ethics Board was formed including relevant independent expertise to monitor the progress of the project. The Ethics Board will submit a report every year during the lifetime of the project. This project adheres to the General Data Protection Regulation (EU GDPR) and to the following rules:
- EU Directive 2004/23/EC of the European Parliament and of the Council of 31 March 2004 on setting standards of quality and safety for the donation, procurement, testing, processing, preservation, storage and distribution of human tissues and cells (OJ L 102, 7.4.2004, p48).
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119, 4.5.2016, p. 1)
- Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89)
- Guidelines on Consent under Regulation 2016/679 (wp259rev.01), Article 29 Working Party Guidelines on Transparency under Regulation 2016/679 (wp260rev.01), Article 29
- Working Party Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251rev.01), Article 29 Working Party Council of Europe Modernized Convention for the Protection of Individuals with Regard to the Processing of Personal Data, CM/Inf (2018) 15-final Handbook on European data protection law (2018 edition), European Union Agency for Fundamental Rights and Council of Europe, European Court of Human Rights, European Data Protection supervisor
- EU Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)
- EU Directive 2006/24/EC of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks