Principles and rules are omnipresent; they feature within every aspect of our lives. From a regulatory perspective, they are indispensable tools through which behaviour can be regulated. A plethora of legislative provisions and guiding principles are perpetually thrust upon us from legislators, professional bodies, and organisations attempting to govern the ways in which we live. When new regulations are introduced, whether in the form of principles and/or rules, what is most often the topic of analysis is the content which they carry rather than consideration of their appropriateness as regulatory mechanisms for achieving a desired end.
Significant contributions have been made towards understanding the nature and utility of principles, often eminating from legal jurisprudential literature where their respective merits and limitations have been layed out, most notably by influential authors such as Herbert Hart, Ronald Dworkin, and Joseph Raz. Robert Alexy has also considered the nature of and (purported) distinctions between rules and principles. Whilst Alexy argues that both rules and principles are norms, they are, he contends, qualtitatively different. Rules, according to Alexy are either valid or not. In contrast, principles are optimization requirements which can be fulfilled to varying degrees. 
Other more recent contributions on rules and principles, specifically around ‘regulation’, have come from authors such as Julia Black, who has discussed the need for a shift from rule to principle-based-regulation (PBR). And, while Black’s discussions take place within the context of the UK financial sector, PBR has also been transplanted to other disciplines, including the health setting. Within bioethics, principle-based decision-making is consistently evoked when justifying a given stance on an ethical dilemma, with Beauchamp and Childress’s Four Principles frequently forming the framework within which such debates take place. The latter authors have sought to defend the value of their principlist approach against criticisms around the vague and abstract nature of principles. Despite these important contributions around how we conceptualise principles and how we might use them in regulation, we have thus far predominantly focussed our attention on the content of such principles, or on whether one principle is more helpful than another principle or other principles, or whether a principle is more useful than a rule (or vice versa) for regulatory decision-making purposes. Whilst this article draws upon some of the key literatures mentioned above, the purpose of the discussion here is not to consider the long-standing debates about how to distinguish rules and principles. Rather, it will consider the nature of principles which may, in turn, shed light on those other debates.
There has been a lack of adequate reflection upon the different and yet complementary functions which principles in particular might offer us as regulatory tools, and this paper strives to explore some of these functions. Reflecting upon the contributions of principles separately from the distractions of trying to argue whether they are ‘better’ or ‘worse’ than rules, and, instead, considering them as complimentary to rules can also be of real value to contemporary governance.
Better understanding the relationship between principles and rules can aid regulators in adopting regulatory approaches which make the most of both, as co-existing within a complementary, symbiotic relationship whereby each can tend to the regulatory gaps which the other leaves. Thus, the contribution of this paper lies in taking us beyond discussions which have preceded it: discussions which lack reflection of the range of functions of principles and how they can be used alongside rules. Hitherto, we have tended to dichotomise rules and principles-based regulation. This paper takes a first step in transporting us away from dichotomy and towards harmony, advancing a more constructive, complementary approach of principles and rules within regulation. Understanding the different functions (and limitations) of principles can encourage regulators not only to design, but also to employ them in an efficient and appropriate manner. This can enable ‘conscious’ use of principles.
The discussion in this article takes place against the backdrop of health research regulation, albeit that the arguments and ultimate conclusions are of wider application. This field of enquiry provides a perfect example of the challenges that come with regulating a complex and constantly evolving landscape; it is one which implicates a diverse range of stakeholders who must negotiate an extensive range of legislative and ethical considerations. Particular challenges emerge because of the rapid pace at which new health technologies continue to develop, the inability of the law to keep up, and the new ethical and legal dilemmas that consequently arise.
The first part of this paper briefly deals with definitions of principles and rules. Next, the prevalence of principles within health research regulation is considered, highlighting why this specific area of regulation is particularly complex. The discussion also illustrates the need to consider principles and rules as complementary, rather than mutually-exclusive, or even antagonistic, regulatory tools. Finally, the point is made that no matter how well or ‘consciously’ employed, principles (and rules) cannot tend to all of the challenges of regulation: Great importance lies in engendering a culture of confidence, trust and engagement with key stakeholders. A reimagining of regulatory approaches through better understanding principles, as laid out within this paper, can, however, take us some of the way.
2. Principles, rules and grey areas : a brief introduction
Principles can mean different things to different people in different contexts. The need to ‘unpack’ these different understandings, and the consequences of adopting one meaning over others is central to the contribution of this piece. It becomes evident from this paper that the different purposes that principles can serve further highlights the nuances that exist within the different dimensions of what we refer to as ‘principles’. It is argued that what a principle ‘is’ is inextricably linked to what principles can be called upon to do. Defining principles from the outset is a difficult undertaking, but, nonetheless one which is briefly considered in order to frame the discussion.
An intentionally broad definition of ‘principle’ or ‘principles’ has been adopted within this paper. This is due to the fact that, as stated above, ‘principle’ can mean different things to different people.  This is not only in terms of interpreting the content of principles, but equally at a more abstract level with regards to what a principle ‘is’. A principle can constitute an ethical value for consideration, such as the principle of beneficence, which, in the medical context, implies that actions taken by physicians should benefit their patients. Alternatively, a principle can be conceptualised as a legal principle. For example, the precautionary principle commonly appears within discussions around research and risk:
“At its most basic, the precautionary principle is a principle of public decision making that requires decision makers in cases where there are ‘threats’ of environmental or health harm not to use ‘lack of full scientific uncertainty’ as a reason for not taking measures to prevent such harm”.
In yet other contexts, principles feature frequently within professional guidelines, akin to standards of practice, and often such principles can appear, confusingly, to be just as prescriptive as rules. The General Medical Council, for example, expects registered doctors in the UK to abide by its Principles of Good Research Practice. It is precisely because of the diverse manner in which principles are characterised or manifest, that an inclusive conceptualisation of principles is offered here.
In terms of key features of principles, again, there is no fixed list. A typical ‘portrait’ of principles regarding the form they take might include that they are high-level, vague, abstract, broad iterations of values or norms. In reality this is not always the case. Appeals are often made to ‘principles’ which are highly prescriptive in laying out specific instruction on what to do in a specific situation. Consider, for example, the Data Protection Principles included within the European Data Protection Directive (and its UK embodiment, the Data Protection Act 1998). The eighth principle reads:
Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
This is rather a specific prescription on how data are to be processed (or not). These “principles” are accompanied by very harsh legal sanctions if they are not respected. Adding a further layer of complexity, it is argued below that the Data Protection Principles are not principles per se but rather that they are more akin to rules.
It follows that, given the diverse incarnations that principles take, there is some reluctance and difficulty in adopting any one specific definition of a principle. Furthermore, fixating upon definitions is unhelpful for the purposes of this particular discussion which strives to shed light on the nuances that exist around our deployment of principles in a range of contexts. For those that would, nonetheless, push for a definition, then Robert Alexy provides a helpful basic starting point in defining principles as follows:
Principles are norms which require that something be realized to the greatest extent possible given the legal and factual possibilities. Principles are optimization requirements, characterized by the fact that they can be satisfied to varying degrees.
Additionally, principles might typically be described as broad iterations of a value or set of values demanding consideration during decision-making. As we will come to see later in this article, this feature of principles as an embodiment of values can serve a protective function with regards to safeguarding against abuse of power or deliberate misinterpretation of rules.
Although the primary focus of this paper is not centred around reaching an ultimate, all-encompassing definition of principles, in listing pros and cons of principles, or on assessing different methodologies for their application, it is still worthwhile noting that principles have endured several recurring key criticisms. Such criticisms are often based on their vague nature and the difficulties in actually applying them in the decision-making context. In response to the vague nature of principles, appeals are often made to specification, defined as the process of ‘reducing the indeterminateness of abstract norms and providing them with action-guiding content’. Another key challenge with principles is that conflict can occur between different principles; balancing is often cited as a method of choosing which principle to apply when such conflict arises. Balancing can, however, be a problematic concept. It implies that different principles are commensurate i.e. that they can each be assigned weights. It is argued that what is actually taking place is the prioritisation of one principle over another. This need not be problematic. In different situations, different principles will be more important than others. Rather than developing methodology which must tend to the vulnerabilities which principles may carry, the contribution being made here seeks to offer a deeper understanding of some of the different ways in which principles can be employed within the regulatory sphere.
2.1.2 Defining Rules
“Rules” are also referred to throughout this paper. As with principles, nuances can exist within different conceptualisations of rules, particularly when these come in the form of legislation. For example, the distinction is often made between “hard” and “soft” law whereby the former implies enforceability and rigidity, whereas the latter often lacks this. In contrast with principles, key terms used within a portrait of rules regarding the form they take would typically include rigid, prescriptive and specific. Again, this is not a consistent set of traits for rules. A well-known Hartian observation on rules centres on the idea of a core and a penumbra. Within the core, there is relative certainty around the meaning of or language used in a rule, however, beyond this core exists a penumbra where the meaning of the rule is indeterminate and thus open to interpretation, demanding the exercise of discretion. Thus, rules can also be articulated in broad and vague terms, with which we are unable to avoid the inevitable room for interpretation and, as Hart put it, the “open texture” that they leave. At the very least, Alexy’s conceptualization of rules as norms which are either valid or invalid is helpful; the author suggests that rules can either be fulfilled or not, which gives them a prima facie definitive nature:
rules are norms which are always either fulfilled or not. If a rule validly applies, then the requirement is to do exactly what it says, neither more nor less. In this way rules contain fixed points in the field of the factually and legally possible. .
This is in contrast to principles which, as considered above, can be fulfilled to varying degrees.
In terms of application of rules, both Dworkin’s and Alexy’s conceptualization of rules is that they are applicable in an “all-or-nothing” fashion suggesting that (barring an exception to a rule) either a rule is engaged in a given scenario or it is not.
As with principles, conflict between rules can also occur. Braithwaite observes that: “[r]ules look more certain when they stand alone; uncertainty is crafted in the juxtaposition with other rules.”Often, where new technologies are at play, more than one rule is potentially engaged at the same time. Alexy suggests that in the case of inter-rule conflict one of the competing rules is declared invalid. Where conflict might arise between different sets of rules, resolution can be achieved by creating a hierarchy between sets of rules, as is the case with EU and national laws of EU Member States. Where no such hierarchy exists, resolving inter-rule conflict can still be problematic. Again, assessing the weaknesses of rules is not the focus of this paper, but rather, the points above are mentioned in order to emphasize that rules and principles are both open to criticism and that there can be overlap in some of their “characteristics”, a point which is explored next.
2.1.3 Accepting grey areas
The preceeding sections stressed that defining principles and rules is not an easy undertaking. Whilst Joseph Raz has argued that the difference between rules and principles lies in specificity: “[r]ules prescribe relatively specific acts; principles prescribe highly unspecific actions”, other scholars offer alternative views on how the two are differentiated.
Alexy, for example, as mentioned above, suggests that principles are “optimization requirements” which can be satisfied to different degrees whereas rules can either be fulfilled or not. He has considered three different theses around the distinction between rules and principles. The first distinction hypothesis emphasises the different classifications of rules and principles based upon their characteristics. As we have considered thus far though, rules and principles can at times share the same characteristics and thus classification is not always helpful. The second thesis described by Alexy is ‘a distinction of degree’ i.e. principles are fulfilled to varying degrees and rules are more binary: they are either applicable or not. This thesis, whilst closer to Alexy’s preferred conceptualisation, is lacking in an important nuance. Alexy stresses that the distinction between rules and principles is not merely about the degree to which they can be fulfilled but rather, rules and principles differ on a ‘qualitiative’ basis.
At the same time, as considered above, reaching wide-spread agreement on precisely what this qualitative difference is remains difficult; distinguisihing clearly between rules and principles is not straightforward. Rules and principles can share common characteristics (both in the sense of comparing rules to rule, principles to principles and rules to principles). Indeed, Wittgenstein’s ‘family resemblances’ might be a more realistic, less ambitious approach to capturing characterisations of rules and principles. We have considered above that both rules and principles suffer from the challenges of conflict. The ways in which conflict can be resolved, however, supposedly differs depending upon whether we are dealing with a rule or a principle:
If two principles compete, for example if one principle prohibits something and another permits it, the one of the principles must be outweighed. This means neither that the outweighed principle is invalid nor that it has to have an exception built into it. On the contrary, the outweighed principles may itself outweigh the other principle in certain circumstances…That is what is meant when it is said that principles have different weights in different cases and that the more important principle on the facts of the case takes precedence. Conflicts of rules are played out at the level of validity; since only valid principles can compete, competitions between principles are played out in the dimension of weight instead.
In contrast, in the case of conflict between rules, only two means of resolution are suggested by Alexy. Either an exception is read into a rule, or one of the rules must be declared invalid.
Rather than fixating upon the different theories about how rules and principles differ it might be a more helpful endeavour to move beyond traditional dichotomizations of rules and principles which strive to capture their distinctions. Rather, as it is argued here, view rules and principles as co-existing upon a spectrum. Viewing these regulatory tools on a spectrum acknowledges the blurred lines that can exist between them, and goes some way towards explaining why rules can be confused with principles and vice versa. Of course, as with any spectrum, there will be extremes where distinctions are more straight-forward and where the distinctions considered above may be more useful. But what about the grey area?
Goodin adopts a loose conception of rules and collapses the distinction between principles and rules, viewing them as at opposite ends of a continuum: “principle[s] is to rule as plan is to blueprint”.  Thus, rules are viewed as merely more detailed principles. Goodin’s analysis, whilst it acknowledges a relationship between rules and principles, perhaps goes too far in equating rules as merely more detailed iterations of principles. It is one thing to say that both are interconnected, indeed many rules might be based on underlying principles (for example, requirements to obtain consent before procesisng personal data can be considered an underlying manifestation of the principle of respect for autonomy) but an entirely different argument emerges when both rules and principles are equated. Such an approach negates the different functions that principles in particular can play. The contribution here accepts both Alexy’s differentiation between rules and principles and Goodin’s suggestion of a continuum, but the purpose of this paper is neither to discuss the particulars of such a continuum nor to focus on perpetuating the differences between rules and principles per se. Rather the contribution here aims to consider the nature of principles within that continuum, and thus focus is placed on unpacking the different funcitons which principles can play which, in turn, can contribute towards the wider discussion on the nature of rules and principles. It is only though better understanding some of the functions which principles can play that we can start to explore more deeply the grey area which clearly exists, thus fleshing out the continuum upon which rules and principles can co-exist. A task to which we can now turn.
3. Challenges of new technologies in the context of health research regulation
A mere glance at the plethora of legislation, professional guidance, and academic literatures around health research regulation uncovers a variety of principles aimed at fulfilling a variety of different functions. Consider, for example, the principles included within the Nuremberg Code, reputed by some to be “the most important document in the history of the ethics of medical research”. The 10 principles within the Code remain core tenets of ethical research conduct over the 60+ years since their introduction. Similarly, the Ethical Principles and Guidelines for the Protection of Human Subjects of Research included within the Belmont Report in the United States serve to underpin the parameters within which biomedical and behavioural human research experimentation should be conducted. They offer a widely used set of ethical principles according to which both research applicants and Research Ethics Committees/Institutional Review Boards should assess the ethical robustness of research applications involving human participants. In the United Kingdom, the major funding bodies such as the Medical Research Council and the Wellcome Trust and professional bodies like the General Medical Council and the British Medical Association have released numerous guidelines around research conduct, and these are updated on a frequent basis. Relatedly, the four principles of justice, autonomy, beneficence and non-maleficence as advanced by Beauchamp and Childress feature extensively (and almost automatically) within much bioethical discourse. Numerous further examples of the prevalence of principles can be observed by conducting a brief audit of key regulatory instruments not only within health, but also in other regulatory settings, such as the financial, business, and environmental sectors.
The important point is that appeals are made to the notion of “principles” on a daily basis and in a wide range of settings to govern a variety of activities that impact our lives. And yet, despite the integral spaces that they occupy, we fail to reflect adequately upon the different ways in which these appeals to principles are being made. A simple yet important question then follows: how do we know that we are using principles effectively when we fail to reflect upon the different ways in which we might use them? Put otherwise, are we are relying on principles “unconsciously”? If so, why? Might it be that we are misusing principles when, in fact, they are not the optimal regulatory mechanism to meet a desired end? Equally so, it might be that we are overly-reliant upon alternative regulatory mechanisms (such as rules) when, in fact, a desired end could be met much more effectively through the (alternative or additional) deployment of principles.
These questions are important when we consider the significant role which regulation must play in advancing and governing scientifically sound and ethically robust health research. Health research, by its very nature, engages a host of issues; legal, ethical and social. It appeals to questions on justice, autonomy, privacy, consent, confidentiality, trust, the public interest, solidarity, and commercialisation to name a few. It demands identification of the core values at stake, and, as we come to see later in this paper, through their dialogical nature, principles can perform this function. Regulation also necessitates ongoing reflection upon how to balance/accommodate these interests, especially given that they can often conflict. From a legislative perspective, and often incorporating these ethical considerations, health research touches upon several fundamental rights. Further, numerous international, European and domestic legislative instruments are engaged, accompanied of course by professional and organisational guidelines and standards.
If we consider the regulation of health record use in genomic research, it was suggested that in the UK alone, this “…is affected by 43 relevant pieces of legislation. There were 12 sets of relevant standards and 8 professional codes of conduct. What this has bred is a culture of caution, confusion, uncertainty and inconsistency”. This is in relation to just one EU Member State, on one aspect of health record use, which, in turn, constitutes just one area of health research. It is easy, then, to sympathise with regulators and regulatees alike who must respectively construct and self-navigate these regulatory environments which are often described as piecemeal, over-burdensome, and disproportionate.
One reason that health research in itself is a particularly complex area is, of course, because of the high (and sensitive) stakes involved. Health research can lead to scientific discoveries with the potential to benefit many members within a population, not only in terms of immediate or direct health benefits to individuals, but also in the development of new procedures and technologies for other population groups and for future generations. Given the considerable global health demands of ageing populations, and the alarming rates at which non-communicable diseases are increasing, the pressure is on to provide solutions which can relieve the current (and anticipated) healthcare demands which both national health systems and the international community must face.
It is important to remember too that new technologies not only introduce the promise of new solutions and improvements in health but additionally, they pose new risks. Such risks are often difficult to measure depending upon the technology or procedure in question. Risks can include: physical harm, psychological harm, privacy violations, distrust within doctor-patient and participant-researcher relationships, exploitation, and other harms, such as reputational damage to healthcare providers and institutions. The introduction of new technologies necessitates deliberation over new previously unforeseen ethical, legal and social issues, such as those introduced by novel neuro-technologies and implantable devices. Similarly, Mitochondrial DNA technologies, and some stem cell therapies which are currently at research stage, also raise important questions prior to their introduction as everyday technological interventions. As such, regulatees often find themselves traversing uncharted territories where the law does not provide clear answers on “what to do”. Indeed, the failure of the law to keep up with the rapid pace at which technology develops is commonly acknowledged not only within, but also beyond the health setting.
Thus, within the regulation of health research, numerous challenges appear. These challenges cannot be overcome by legislation (often in the form of rules) alone which can be restrictive. Further below, we consider how rules can tend to increase the over or under-inclusiveness of activities as a result of technological change, and how principles can help to avoid this. Additionally, we consider how principles can help to tend to another risk associated with new technology: that of abuse of powers and deliberate misinterpretation of pre-existing rules. The time has come to explore more deeply just how principles can be facilitative in regulatory terms.
Electronic health records: a pertinent case-study
The regulation of health research which makes use of electronic health records (EHRs) provides a particularly pertinent backdrop against which to consider just how principles can be facilitative. New technological developments around how data can be collected, stored, shared and reused have major impacts on what we are able to do with such data. We have come a long way since Dunn’s seminal article which first alluded to record linkage. The process of analysing one or more data sets together is now commonly referred to as “data linkage”, it “…brings together information from two or more records from independent sources that are perceived to belong to the same individual, family, event or place”. It has experienced exponential growth, with many of these changes being attributed to the introduction of new technologies.
In many countries today, and in recognition of the value which can be gleamed from EHRs, initiatives are underway in order to electronically document individual health information – including hospital episodes, vaccination records and medications prescribed – with attempts to document this information all the way through from birth to death. Alongside the introduction of EHRs, new technological advances have meant that vast amounts of data can be collated, linked and analysed in a short space of time. “Big Data” has become a ubiquitous term. Data linkage is also a particularly cost-effective technology. Population-level databases are now commonly used to monitor public healthand to conduct research. There are currently numerous health informatics initiatives which link together various types of data, in line with the UK’s Open Data Strategy combining data not only at a national, but also European, and global level. Beyond health-health data linkage, cross-sectoral linkage is also gaining momentum, marrying together data from two or more disciplines, simultaneously linking, for example, datasets pertaining to social care, education and police information.
Whilst the widespread adoption of data linkage has brought with it many benefits, it has also posed considerable challenges and has raised important ethical, legal and social questions, which must be accommodated within any regulatory approaches adopted. The next section considers in turn some of the key challenges associated with this aspect of health research regulation and the different functions which principles can play in addressing these. It becomes apparent that reliance on rules alone can be particularly problematic from a regulatory perspective and the complimentary roles which principles can play in tending to these challenges is highlighted. As mentioned from the outset, one of the purposes of this paper is to explore the continuum upon which principles and rules can co-exist but with a focus on principles, given their particular prominence within regulation. Thus, whilst the strengths of principles and the limitations of rules are considered below, it should not be taken that rules are viewed as unhelpful for regulatory purposes. On the contrary, rules fulfil indispensable roles within regulation. However, for the purposes of the present discussion, the limelight is on principles and thus discussion reflects this.
3.1 Where there are tensions which exist within the law e.g. limiting, restricting, banning and promoting behaviour all at the same time – principles can offer us an interpretive /guiding function
Lyria Bennett Moses has commented on the challenges faced by the law in keeping up with technological change and has identified the need for the law to limit, restrict, ban and encourage behaviour as one of these key challenges.  The introduction of new technologies associated with data reuse has triggered the need to both restrict and at the same time encourage the sharing and use of data for research purposes. This is because health information contained within electronic health records (EHRs) can be considered to be particularly “sensitive” in nature and at the same time, as outlined above, it is particularly valuable for research purposes.
With regards to the need to restrict the use of personal information, information pertaining to an individual’s personal or mental health is defined as “sensitive personal data” within the UK Data Protection Act 1998, embodying the same notion from the European Data Protection Directive. The use of sensitive personal data for research purposes gives rise to important considerations including issues around privacy, consent and the public and private interests in research. Even where data are anonymised or pseudonymised so as to greatly reduce the risk of re-identification and resultant harms, some risk of re-identification still remains. Further, regardless of the risks of re-identification, some uses of data may be deemed inappropriate nonetheless, particularly where excessive commercial profit may result  or where the research question may be deemed contrary to the public interest. At the same time, the public and private interests in conducting data linkage studies i.e. the research findings and subsequent health improvements that they can yield are widely acknowledged. Thus, the regulatory environment governing data reuse is particularly complex; it must both protect against unlawful uses and at the same time facilitate ethical and lawful research purposes.
It has been well established within the literature that the current state of play in terms of how the reuse of EHRs for research is governed is unsatisfactory in terms of achieving this balance. Particular challenges pertain to understandings of how different pieces of legislation, i.e. different rules, are to be interpreted and how they might interact with other relevant rules. Further challenges relate to how such rules are to be applied to different data related activities. Indeed, how electronic data and biological samples might be linked together and how such activities should be governed is an increasing area of interest.
The European Data Protection Directive, for example, represents just one body of rules and yet it must govern a wide range of activities related to uses of data and it must accommodate a wide variety of interests. The Directive provides legal rules for how personal data may and may not be used across the European Union. Additionally, it prescribes when and how such data can be shared beyond the Union’s Member States. The Directive must not only govern on issues around how data may or may not be used for health research purposes, but it also includes provisions on, for example, data uses for online consumer services, social media and third country transfer of data. These are very different goals and yet one set of rules is relied upon.
Rules can prescribe specific acts in a given scenario, often by virtue of their applicability in an “all or nothing” fashion: “if the facts a rule stipulates are given, then either the rules is valid, in which case the answer it supplies must be accepted, or it is not, in which case it contributes nothing to the decision.”  Though, frequently, uncertainty can arise regarding the applicability of rules as is the case with data protection legislation. Furthermore, by virtue of their ‘open texture’ different interpretations can arise out of the same rules. This can be demonstrated by the fact that different EU Member States have varied in their interpretation of the Directive. 
This is not to imply that rules are not necessary or important; rules can help decision-makers when those rules are clearly drafted and when relevant principles are inherently reflected within those rules. Consider the duty to promote ethical research which has been explicitly laid out within the recently passed Care Act 2014. Section 111(2) of the Act introduces a legal obligation to actively encourage and facilitate safe and ethical research:
In performing the duty under subsection (1), a person must have regard to the need—
(a)to protect participants and potential participants in health or social care research and the general public by encouraging research that is safe and ethical, and
(b) to promote the interests of those participants and potential participants and the general public by facilitating the conduct of such research.
Whilst the explicit reference to a duty to facilitate research is very much welcomed, explicit provisions encouraging data sharing for research are often lacking within the various legislative instruments governing data use. Often, decision-makers are left without any clear direction on how to address the conflicting tensions that can arise within legislation. Principles can help to tend to the conflicting demands being placed upon regulatory environments. Because conflicting demands give rise to confusion, principles fulfil an important role in supporting the interpretation of rules, and consequently, of guiding action. Principles can shed light for decision-makers as to the meaning to be accorded to rules.
Within bioethics literature in particular, principles have been both championed for their action-guiding quality and equally, they have been criticised for lacking this quality. Principlism – arguably the most dominant ethical framework within Western bioethics – is a principle-based approach to decision making. The Four Principles, as they are often referred to, include justice, beneficence, non-maleficence and autonomy. Beauchamp and Childress, the first proponents of Principlism, offer this approach as a means to resolving ethical dilemmas and in determining which course of action to take to resolve the dilemma. Some suggest that despite methodologies advanced for applying principles, such as specification, subsumption, and balancing, normative principles will still give rise to conflict and disagreement around how such principles should be interpreted and applied in order to resolve dilemmas and how precisely, they are to guide action. Vagueness of principles and their tendency to “prescribe highly unspecific acts” represent enduring flaws for many critics.
It is argued here that such criticisms whilst to some extent valid, are myopic. Such perspectives fail to acknowledge two important points. The first point is that principles are designed to guide rather than prescribe action. The reality of difficult decision-making is such that clear-cut answers about what to do are not always apparent after rules have been applied (in those circumstances where rules apply). It is not the telos of principles to prescribe highly specific actions, but to chaperon decision-makers around considerations which should be included within any deliberations about which action to take. The fact is that legislation (and rules included within it) gives rise to uncertainty around “what to do”. Critics of principles tend to overlook discretion as a necessary and important component of decision-making.
Discretion implies that judgment around which interpretation to give a principle (or even a rule, in some instances), and determination of the action which should follow, ultimately lies with the decision-maker. In the context of data reuse for research, ultimate responsibility for determining “the purposes and means of the processing of personal data” lies with Data Controllers. Decision-making, by its very nature, demands discretion. Principles, by their very nature, implicate discretion. What those who criticise principles on the basis of a lack of provision of specific action guiding content fail to see is the inevitability, value, and necessity of discretion.
Discretion is an inevitable element of the vast majority of decision-making, even where rules are involved. It is impossible to legislate for or to foresee every single possible eventuality, thus, there will be many situations for which a rule is not provided; “no system of rules is capable of covering all new cases that might eventually arise”.  Likewise, poor drafting may imply conflict between different rules, rendering uncertainty about which rule should apply in a given situation. One of the key strengths of principles is their flexibility and their adaptivity which means that they can be called upon in situations where discretion must be drawn upon. This will be the case particularly in regards to the regulatory environment governing data use where certain uses must be restricted and others promoted, and the distinction is not always clear. If we make peace with these two realities about principles, then we can appreciate them for the helpful regulatory tools that they are.
A set of guiding principles can ensure that all actors to which those principles apply conduct themselves (and thus take action) according to the spirit of the regulatory landscape within which their activities are governed. Consider, for example, the Caldicott Principles and the recently introduced seventh Caldicott Principle which stipulates that “The duty to share information can be as important as the duty to protect patient confidentiality”. Principles can thus be used both to discourage inappropriate data sharing and to encourage the safe, ethical sharing of health information for health research.
3.2 Principles can assist in supporting genuine dialogue with stakeholders and publics
The Health and Social Care Act 2012 established the Health and Social Care Informatics Centre (HSCIC) in England. Through the General Practice Extraction System (GPES), information would be extracted from general practice patient-identifiable health data and made available in the HSCIC for research purposes. This endeavour is known as the “care.data” initiative and has caused considerable controversy within the UK, for the most part, due to a lack of engagement with the public and the reliance upon an opt-out system when the public felt they were not adequately informed about the initiative in the first place.  The care.data debacle illustrated so clearly the importance of openness and transparency before the introduction of new regulatory approaches to new technologies. The mere fact that HSCICs were set up through legislative provisions did not necessarily provide legitimacy for their existence. This is an example of where rules fail, the fact that provisions were made within the Health and Social Care Act 2012 for certain data uses to occur was not enough; rules, without value engagement, are worthless. Where principles can begin to help is in providing a means to facilitate dialogue between all relevant stakeholders within a regulatory landscape.
Principles can engender “an effective form of communication which facilitates ongoing moral debate and ongoing reflection”. Within bioethics, principles are invoked continuously as the basis upon which to formulate argumentation and with which to support (or oppose) a particular approach when considering ethical dilemmas. Consider the Journal of Medical Ethics Festschrift edition in 2003 which was dedicated to Raanon Gillon, one of Principlism’s foremost advocates. In this special edition, four scenarios presenting ethical dilemmas were debated from different perspectives and principles were invoked throughout in order to communicate the different articulations of how the related dilemmas should be resolved. Principles such as justice, beneficence, non-maleficence, autonomy, solidarity, altruism are commonly invoked within discussions around health research regulation, they provide a common language with which to explore and prioritise different concerns: principles provide “a basic moral language and a basic moral analytic framework.”
Furthermore, principles can develop and evolve in order to reflect changes within the status quo. We can consider the principle of autonomy which has come to occupy an ever-expanding space within bioethical discussions. One manifestation of this can be seen within the “fetishisation” of consent which has come to dominate health research. This “fetishisation” has in turn provoked debate, with discussions emerging around the limitations on consent, particularly in practical terms in settings such as research using EHRs.
Depending upon the methodology employed, the process of drafting a set of guiding principles to be read alongside legislation can be a very inclusive and iterative process whereby key stakeholders are consulted and engaged. Their viewpoints can in turn be reflected within key principles. Indeed one of the key criticisms of care.data was the lack of engagement with the public. Perhaps, if the time had been taken to meaningfully engage with the public before launching the initiative, the current delay, scandal and inevitable perpetuation of suspicion around “Big Data” might have been avoided. In fact, current consultation is taking place – in response to the backlash – for the establishment of Accredited Safe Havens which may be because of the damage caused by lack of engagement.
Principles can thus be used as a platform and common framework through which stakeholders can agree upon the values and considerations to be included within regulatory approaches. Principles can also be used as a way of communicating the different interests which are at stake. Within care.data, there is a clear tension around public and private interests in health research. Principles are more conducive to supporting genuine dialogue with stakeholders and publics, since they do not prescribe (in the way that rules can) what specifically ought to be done. They promote reflection precisely on this point, through engaging in dialogue and, in particular, they offer us the opportunity to layout the core values which matter to us in the specific context. Rules, in contrast, can do the opposite, they can either prohibit something that might not be problematic or, as in the case of care.data grant licence where there is little.
3.3. Principles can protect us against over/under-inclusiveness of activities which rules can proliferate especially when we are dealing with manifestly clear underlying values
Another challenge regarding law and technological progress as identified by Bennet-Moses is that legislation can tend to be over/under inclusive of activities: “Technological change aggravates problems of targeting. New artefacts, activities and relationships may fall within a rule despite their being irrelevant to its goals, or may fall outside it despite a clear connection”.  In considering what over and under-inclusiveness mean, Bennet-Moses first reminds us that rules, as manifested within laws, are drafted with one or several particular goals in mind; “usually the rule-maker hopes that if people act in accordance with the rule, some goal will be achieved”.  In the case of the European Data Protection Directive, for example, two key goals informed its drafting (and these goals remain the same for the draft Regulation);
The centrepiece of existing EU legislation on personal data protection, Directive 95/46/EC3, was adopted in 1995 with two objectives in mind: to protect the fundamental right to data protection and to guarantee the free flow of personal data between Member States.
A balance must be achieved then, in both ensuring adequate protection to the privacy of data subjects whilst simultaneously facilitating data-sharing. As has already been established above, in the context of EHRs and health research, achieving this balance has posed considerable challenges. In fact, the European Data Protection Directive – a key body of rules governing reuse of data – has been under revision since January 2012. The Directive is now somewhat out-dated. It was drafted at a time when the Internet, for example, was at a nascent stage. As with so many new technologies, the scope and pace at which the Internet would proliferate was not foreseen. Consider the extent to which social media sites such as Facebook have progressed in their use of personal data, broader technological developments in data analytics and the fact that third country transfer of data outside of the EU is becoming increasingly prevalent.
The practical realities around how data are used have outgrown the Directive, with widespread acceptance that the Directive is no longer fit for purpose  and in some aspects of being either over or under inclusive of the various data-related activities which have proliferated since the Directives initial inception. What has resulted has been the proposal of a new General Data Protection Regulationwhich has raised significant concerns from the scientific community when considered against the realities of using EHRs in research. The particular problems that the new Regulation might bring have been discussed at length elsewhere  and given the state of flux and perpetual toing and froing of versions of the Draft between the European Council, Parliament and Commission, focussing on any particular provisions is unnecessary for present purposes. Rather, the point to make is that in the same way that the European Data Protection Directive has become outdated and under/over-inclusive in some respects, the Regulation is likely to suffer a similar fate in due course: we simply cannot foresee and therefore we are unable to provide rules for every possible eventuality in the future, such is the nature of relying upon rules. Innovation will not cease, technological development will continue and new technologies, including novel methods for using and analysing data to harness benefits for health research will also continue. Furthermore, the insights which can be yielded from linking electronic data and biological samples as well as health and non-health data are also considerable. Cross-sectoral data-sharing is also an increasingly important area of data use. And yet such research is considerably impeded at present in part due to significant regulatory hurdles. Health research, for example, is prioritised within legislation
Directives offer some leeway with regards to how Member States interpret them. The fact that a Regulation is being proposed in contrast to the pre-existing Directive, means that, in the absence of a set of companion principles, there will be less room for interpretation and thus limited capacity to enact the rules included within the Regulation in a way which is consistent with the important goal of facilitating health research. Granted, the divergent interpretations of Member States with regards to the pre-existing Directive have led to fragmented approaches to data sharing, however, it can also be argued that this could be attributed to the fact that clear guiding principles around data sharing for research purposes are not included alongside the Directive.
An obvious rebuttal to this point would be that there are 8 Data Protection Principles included within the European Data Protection Directive but the question arises as to whether these are “principles” per se or a set of high-level rules which are in themselves, manifestations of underlying principles. This is a clear example of the interconnectedness and ‘grey-area’ of rules and principles, where high-level rules may indeed be more ‘principle-like’. Arguments can be made for referring to the Data Protection Principles as either rules or principles. If they are to be considered principles, then this is supported by the fact that discretion lies around for example, how one interprets, what constitutes “appropriate technical measures”as included in the seventh principle. At the same time, it could be argued that the “principles” are not a set of ethical considerations to guide decision-makers around “what to do”, rather, they are a set of prescriptive rules (albeit incorporating some loose terminology which is open to interpretation) which can either be satisfied or not. The non-observation of the principles can lead to infringement of the Directive. It is the authors opinion that in this particular instance, the Data Protection Principles are treated more so as rules, than principles.
The nature of principles is such that they provide us with a reminder of the different underlying values which must be factored-in to the decision-making process around “what to do” rather than telling us explicitly. As alluded to above, linking data from health and non-health sources has great potential to expand our understanding of health and wellbeing. Yet, there has been a focus within regulatory terms on prioritising health uses (and even here, regulatory impediments are rife). Thus, within the UK, attempts are being made to map out how health and non-health related research which relies on ready access to electronic data can be joined up.  For the reasons outlined in this paper, and which have been argued by this author and others in more detail elsewhere, principles can be of real value in helping to avoid the over/under-inclusiveness of activities that can result from relying upon rules alone. In particular, principles as a
pre-determined, clear set of values can compensate for the gaps in the law where a clear course of action for the situation at hand is not offered….principles offer flexibility and guidance where provisions are not provided within the law.
Thus, within the Scottish context, a set of Guiding Principles, bolstered by Best Practice instances has been developed in the Scottish Health Informatics Programme, endorsed by the Scottish Information Commissioner’s Office and adopted by the Scottish Government in its Data Linkage Framework.
3.4. Principles can safeguard against abuse of powers or of purposeful mis-interpretation of rules
Principles can also offer a means of safeguarding against abuse of powers, as well as abuse of the law, thus playing a protective role within a regulatory environment. A useful example can be found in the oft-cited case of Riggs v Palmer. In that particular case, having murdered his grandfather in order to prevent any changes being made in his will, a grandson (Elger Palmer) sought to claim his grandfather’s inheritance early. Had the relevant legal rule been applied to the case, the grandson would have been punished for murder, but he would also still have received his inheritance. Acknowledging the injustice of such an outcome, Judge Robert Early argued that in permitting the grandson to access the inheritance, “the tenets of universal laws and maxims would be violated”. Thus, in departing from the relevant legal rules, the principle of not being allowed to profit from your own fraud was invoked and Palmer was not allowed to benefit from the inheritance. This example demonstrates some important points for the current discussion.
First, it can be argued that the myopic nature of rules can give razor-sharp but very narrow focus on a situation. Thus what is needed is a more holistic view of the Law which is a system founded on core values. Principles, as suggested above, embody those values and underpin all specific instances of applications of rules. Thus, principles play an essential role in reminding the decision-maker of deeper and broader values at stake, and which should not be compromised for the sake of a rigid, unreflective application of a “rule”. Principles can thus help to safeguard against abuse of rules. This is not to say that principles are not open to manipulation, however it has been acknowledged that rules engender manipulation and thus are open to abuse more so than principles. 
Consider the more contemporary example of “creative compliance”, a term which has reached prominence particularly within the regulation of the financial sector where it is described as the use of “…creative techniques which can be argued to be “perfectly legal”, despite the fact that they undermine the whole purpose of financial reporting, and its regulation.” The Economic and Social Research Council has noted that the practice of creative compliance is not restricted to the financial sectors; “it poses a fundamental challenge to the effectiveness of public policy and the rule of law in all arenas where the regulated have the sophistication and resources to employ it”; more particularly, the health research setting is not immune from it.
Numerous examples of the protective function of principles which are more specific to the health research context can be found in the various international codes and declarations which are adopted within the scientific community. In addition to the Nuremburg Code mentioned earlier, the Declaration of Helsinki includes a set of ethical principles that have endured (with minor amendments) as foundational principles in guiding medical research on humans since their initial introduction in 1964. It is “the fundamental document in the field of ethics in biomedical research and has influenced the formulation of international, regional and national legislation and codes of conduct.” These, and many additional sets of principles have been introduced in order to protect research participants and patients during research, where new technologies (including new procedures) are carried out. The fact that principle-based approaches have been adopted supports the idea that it is neither possible nor desirable to legislate on every aspect of conduct within a given regulatory environment. This can already be seen given the common accusation of the law’s inability to keep up with the pace of technological change and principles can fulfil an important function in helping to limit the possibilities of exploiting gaps in legislation which may lead to questionable practices merely due to a lack of specific legislation on ‘what to do’ when a new technology arrives.
- A final thought, principles alone are not enough
We have considered above some of the important and different functions which principles can be called upon to perform for regulatory purposes. A final point to be made here is that the successful deployment of principles is reliant upon wider considerations beyond merely having relevant principles (and/or well drafted rules) to hand. It is also important that a given regulatory environment can facilitate a culture of confidence within it and support the observation/promotion/manifestation of relevant principles. Consider, for example, the public interest which, as mentioned above, is a central principle within the health research setting. Whilst the public interest can be invoked in order to justify the reuse of health data for research purposes, the fact that it is ill-defined, and a “notoriously uncertain idea” combined with the reality of the related culture of caution surrounding the regulatory environment of data reuse, means that this important principle is seldom invoked.
Similarly, engagement with key stakeholders within a regulatory environment is paramount to effective regulation. Indeed, Raab has stressed the need for a better understanding of:
the motives, methods, values, ethics, and relationships that are found in situations where technology is invented or applied. Knowledge about these is the province of the human and social sciences; such knowledge is likely to help in seeing what can and should be regulated.
In the context of health research, working together with publics, including the general public, patients, researchers and data custodians, for example, in order to explore attitudes and concerns around how data are used within the research context should be prioritised. This can constitute a step beyond tokenistic engagement towards meaningful co-construction of regulatory approaches which can accommodate concerns from regulatees. Relatedly, trust plays a fundamental role within health research regulation. Within the context of data reuse, negative media coverage of data breaches and abuses (consider most recently the care.data debacle) can be very damaging to public acceptability of,  let alone confidence in, data uses.This also speaks to a wider reported “mistrust” in science which has attracted much attention in recent years. Incorporating holistic regulatory approaches and governance mechanisms (including appropriate privacy, security, ethics and research procedures) can help us to take steps towards engendering trust and confidence in data reuses in research. As has been argued within this paper, principles not only remain indispensable in such an undertaking, but can be relied upon in different and complimentary ways.
This paper has proposed a reimagining of regulatory approaches towards health research regulation which centres on, as a first step, the development of a deeper understanding of some of the key functions which principles can perform as regulatory aids both independently, and in tandem with rules. It is only through “concious” use of principles, that we can get the most out of what they have to offer. The reuse of data for health research was offered in order to illustrate the particular strengths and capabilities of principles, particularly from the perspective of tending to some of the challenges which new technologies can pose for regulation. Finally, it has been acknoweledged that external regulatory considerations are also important in ensuring the successful deployment of principles. These elements include engendering a culture of confidence and engaging with and fostering trust with key stakeholders. This being said, a first step in reimagining regulatory approaches, as proposed here, can take us some of the way towards improving
* Research Fellow and Doctoral Candidate, Deputy Director of the Mason Institute, School of Law. University of Edinburgh. I would like to thank Prof Graeme Laurie for his helpful comments. I acknowledge the support from the Farr Institute @ Scotland. The Farr Institute of Scotland is supported by a 10-funder consortium: Arthritis Research UK, the British Heart Foundation, Cancer Research UK, the Economic and Social Research Council, the Engineering and Physical Sciences Research Council, the Medical Research Council, the National Institute of Health Research, the National Institute for Social Care and Health Research (Welsh Assembly Government), the Chief Scientist Office (Scottish Government Health Directorates), (MRC Grant No: MR/K007017/1)
 HLA Hart, The Concept of Law, 3rd ed (Oxford: Oxford University Press, 2012).
 R Dworkin, “The Model of Rules” (1967) 35 The University of Chicago Law Review 14-46.
 J Raz, “Legal Principles and the Limits of Law” (1972), 81The Yale Law Journal, 823-854.
 R Alexy, ‘The Structure of Constitutional Rights Norms’ in A Theory of Constitutional Rights p. 44-110 (Oxford University Press: Oxford) (2002) (Translated by Julien Rivers)
 J Black, “The Rise, Fall and Fate of Principles Based Regulation”, (LSE Law Society and Economy Working Papers 17/2010 2010); J Black, M Hopper and C Band, “Making a success of Principles-based regulation” (2007) 13 Law and Financial Markets Review.
 S Devaney, “Regulate to Innovate: Principles-Based Regulation of Stem Cell Research” (2011) 11 Medical Law International 53-68; G Laurie and N Sethi, “Towards Principles-Based Approaches to Governance of Health-Related Research Using Personal Data” (2013) 1 European Journal of Risk Regulation 43-57.
 T Beauchamp and J Childress, Principles of Biomedical Ethics, 7th Edition (New York: Oxford University Press 2013).
 See for example B Gert, C Culver and D Clouser, Bioethics: A Return to Fundamentals, (Oxford: Oxford University Press 1997).
 See for example: D Bromwich, A Rid, “Can informed consent to research be adapted to risk?” (2014) 0 J Med Ethics 1–8 (online first) doi:10.1136/medethics-2013-101912; M Taylor, ‘Privacy’ in Genetic Data and the Law: A Critical Perspective on Privacy Protection (2012) Cambridge University Press, 13-40.
 C T Di Iorio, F Carinci1 and J Oderkirk, “Health research and systems’ governance are at risk: should the right to data protection override health?” (2014) 40 J Med Ethics 488-492; D Buchanan, “Autonomy, Paternalism, and Justice: Ethical Priorities in Public Health” (2008) 98 Am J Public Health, 15–21. R Gillon, “Ethics needs principles – four can encompass the rest – and respect for autonomy should be ‘first among equals’” (2003) 29 J Med Ethics 307–312.
 J Black, The Rise, Fall and Fate of Principles Based Regulation, (LSE Law Society and Economy Working Papers 17/2010 2010); J Black, M Hopper and C Band, “Making a success of Principles-based regulation”, 13 Law and Financial Markets Review (2007), at p.191; S Arjoon, “Striking a Balance Between Rules and Principles-based Approaches for Effective Governance: A Risk-based Approach” 68 Journal of Business Ethics (2006), 53, 65.
 See for example L Bennett Moses, “Recurring Dilemmas: the Law’s Race to Keep Up with Technological Change” (2007) 7 University of Illinois Journal of Law, Technology and Policy 239-285.
 K Wildes, “Principles, Rules, Duties and Babel: Bioethics in the Face of Postmodernity” (1992) 17 Journal of Medicine and Philosophy 483-485, at 484.
 E Fisher, J Jones and R Schomberg (eds), Implementing the Precautionary Principles: Perspectives and Prospects, (Cheltenham: Edward Elgar, 2006) at 2.
 General Medical Council, Good practice in research: Principles of good research practice, (2013).
 See for example: K., Danner Clouser, K., and Gert, B., “A Critique of Principlism”, (1990) 15 Journal of Medicine and Philosophy 219-236; T Beauchamp and J Childress, Principles of Biomedical Ethics, 7th ed. (New York: Oxford University Press, 2013) and Alexy, note 4 above.
 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
 UK Data Protection Act 1998.
 Alexy, see note 4 above, 47-48.
 H Richardson, “Specifying, Balancing, and Interpreting Bioethical Principles” (2000) 25 Journal of Medicine and Philosophy 285-307, at 286.
 T Beauchamp, “Methods and Principles of Biomedical Ethics” (2003) 29 Journal of Medical Ethics 269-274, at 269.
 See note 20 above.
 Legal Theory Lexicon, “All the concepts that fit” (2015) available at http://lsolum.typepad.com/legal_theory_lexicon/2004/03/legal_theory_le_3.html (accessed 12 Aug 2013); L Barani, “Hard and Soft Law in the European Union: The Case of Social Policy and the Open Method of Coordination” (2006) available at https://www.wiso.uni-hamburg.de/fileadmin/sowi/politik/governance/ConWeb_Papers/conweb2-2006.pdf (accessed 7th Jan 2015).
 S. Arjoon, “Striking a Balance Between Rules and Principles-based Approaches for Effective Governance: A Risk-based Approach” (2006) 68 Journal of Business Ethics 53-82, at 65; and J. Braithwaite, “Rules and Principles: A Theory of Legal Certainty” (2002) 27 Australian Journal of Legal Philosophy 47-82; T Beauchamp and J Childress, Principles of Biomedical Ethics, Fifth Edition, (New York: Oxford University Press, 2001), at 13.
 See note 1 above.
 Alexy, note 4 above.
 M Redondo, “Legal Reasons: Between Universalism and Particularism” (2005) 2 Journal of Moral Philosophy 47-68.
 See for example Braithwaite, note 24 above.
 R Michaels and J. Paulwelyn, “Conflict of Norms or Conflict of Laws: Different Techniques in the Fragmentation of Public International Law” Symposium: International Law and Global Public Goods, (2012) 22 Duke J. Comp. & Int’l L 349 – 376.
 See note 3 above.
 Alexy, note 4 above, at, 46-48.
 Emphasis added.
 Alexy, note 4 above.
 L Wittgenstein, Philosophical Investigations, Basil Blackwell Ltd, (Oxford: 1958).
 Alexy note 4 above, at 50.
 The example offered by Alexy is of rule 1 (R1) do not leave the classroom until the bell rings and rule 2 (R2) leave the classroom immediately when the fire alarm rings. In this case, an exception must be read-in to the rule so that noone must leave the classrom before the bell unless the fire alarm rings, ibid at 48.
 R Goodin, Political Theory and Public Policy (University of Chicago Press: Chicago, 1982) chpt 4. Goodin uses the language of ‘continuum’ to describe the relationship between rules and principles.
 The Nuremberg Code (1947).
 E Shuster, “Fifty Years Later: The Significance of the Nuremberg Code” (1997) 337 New England Journal of Medicine 1436-1440.
 Belmont Report: Ethical Principles and Guidelines for the Protection of Human Subjects of Research, Report of the National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research (1979).
 T Beauchamp, “The Belmont Report” E Emanuel et al. (eds) The Oxford Textbook of Clinical Research Ethics (New York: Oxford University Press, 2008).
 Beauchamp and Childress, see note 7 above.
 A. Kern and N. Moloney, Law Reform and Financial Markets (Cheltenham: Edward Elgar Publishing: 2011) at p. 8; J. Black, “The Rise, Fall and Fate of Principles Based Regulation” (LSE Law Society and Economy Working Papers 17/2010 2010).
 See for example: HM Government, ‘Good Business: Implementing the UN Guiding Principles on Business and Human Rights’ (2013).
 K Kamminga, “Principles of international environmental law.” Environmental policy in an international context 1 (1995): 111-131.
 For example, the right to health is included within the Universal Declaration of Human Rights and International Covenant on Economic, Social and Cultural. Research participant rights are enshrined within instruments such as the Universal Declaration on Bioethics and Human Rights.
 For an interesting discussion on norms and standards of health law in Europe, see N Hoppe, “On the Europeanization of Health Law” (editorial), (2010) 17 European Journal of Health Law 323-328.
 Such as the European Convention on Human Rights (Council of Europe, European Convention for the Protection of Human Rights and Fundamental Freedoms, as amended by Protocols Nos. 11 and 14)
 House of Lords Science & Technology Committee, 2nd Report of Session 2008–09: Genomic Medicine (London: Stationary Office, 2009) para 6.15.
 Academy of Medical Sciences, Personal data for public good: using health information in medical research (2011); Academy of Medical Sciences, A new pathway for the regulation and governance of health research (2012); R Thomas and T Walport, Data Sharing Review Report (2008).
 See for example: S Harmon and K Chen, “Medical Research Data-Sharing: The ‘Public Good’ and Vulnerable Groups” (2012) 20 Med Law Rev 516-539, E. Rynning, “The Ageing Populations of Europe: Implications for Health Systems and Patients’ Rights” (2008) 15 Euro J Health Law 297-306.
 R Beaglehole and D Yach, “Globalisation and the prevention and control of non-communicable disease: the neglected chronic diseases of adults” (2003) 362 The Lancet 903-908.
 G Marchant, A Meyer and M Scanlon, “Regulatory Frontiers: Integrating Social and Ethical Concerns Into Regulatory Decision-Making for Emerging Technologies” (2010) 11 Minn J. L. Sci & Tech 345-363.
 Nuffield Council on Bioethics, ‘Novel neurotechnologies: intervening in the brain’ (2013).
 W H Maisel, “Safety Issues Involving Medical Devices Implications of Recent Implantable Cardioverter-Defibrillator Malfunctions”, (2005) 294 Journal of the American Medical Association, 955-958.
 F Baylis, “The ethics of creating children with three genetic parents” (2013) 26 Reproductive BioMedicine Online 531-534.
 See for example Bennet-Moses, note 12 above.
 See more generally: R Brownsword and M Goodwin, Law and the Technologies of the Twenty-First Century (New York: Cambridge University Press, 2012).
 H. Dunn, “Record Linkage” (1946) 36 American Journal of Public Health 1412-1416. See also the work of William Farr in the 1800s. See A. Langmuir, “William Farr: Founder of Modern Concepts of Surveillance” (1976) 5 Int Journ Epid 13-18.
 E. Brook, D. Rosman and C. Holman, “Public good though data linkage: measuring research outputs from the Western Australian Data Linkage System” (2008) 32 Australian and New Zealand Journal of Public Health 19-23.
 See for example Scottish Government, “The use of the CHI (Community Health Index) to support integrated care across the NHS in Scotland” (2013).
 M. Jaro, “Probabilistic linkage of large public health data files” (1995) 14 Statistics in Medicine 491-498.
 For a concise overview of Big Data and related trends, see: HM Government Horizon Scanning Programme, ‘Emerging Technologies: Big Data’ (2014) available at https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/389095/Horizon_Scanning_-_Emerging_Technologies_Big_Data_report_1.pdf (accessed 6th Jan 2015).
 W. Lowrance, “Learning from Experience: Privacy and the Secondary Use of Data in Health Research” Report for The Nuffield Trust (2002) at 6.
 See for example, Western Australian approaches: E. Brook, D. Rosman and C. Holman, “Public good though data linkage: measuring research outputs from the Western Australian Data Linkage System” (2008) 32 Australian and New Zealand Journal of Public Health 19-23.
 HM Government, Open Data White Paper: Unleashing the Potential, Cm 8353 (2012).
 See for example: The University of Manchester, “Centre for Pharmacoepidemiology and Drug Safety”. Retrieved 26 March 2014, www.pharmacy.manchester.ac.uk/cpds; Agencia Española de medicamentos y productos sanitaros (The Spanish Medicines Agency). Retrieved 26 March 2014, www.aemps.gob.es/en/home.htm; Agence nationale de sécurité du medicament et des produits de santé (2015) available at http://ansm.sante.fr/L-ANSM2/Une-agence-d-expertise/L-ANSM-agence-d-evaluation-d-expertise-et-de-decision/(offset)/0 (accessed 7th Jan 2015).
 At a European level, the European Medicines Agency has established ENCePP (the European Network of Centres for Pharmacoepidemiology and Pharmacovigilance) ‘to further strengthen the post-authorisation monitoring of medicinal products in Europe’ European Network of Centres for Pharmacoepidemiology and Pharmacovigilance, “What is ENCePP?” (2015) available at www.encepp.eu/structure/index.shtml (accessed 7th January 2015).
 See note 12 above.
 Data Protection Act 1998, chapter 29, Part 1, Section 2(e).
 See for example: P Ohm, “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization” (2010) 57 UCLA Law Review 1701 – 1777; S Fullerton et al., “Meeting the governance challenges of next-generation biorepository research”, (2010) 2 Science Translational Medicine (commentary); and The Royal Society, ‘Science as an Open Enterprise’ (2012) The Royal Society Science Policy Centre report 02/12.
 S Davidson, C McLean, S Treanor et al., ‘Public Acceptability of Data Sharing Between the Public, Private and Third Sectors for Research Purposes’, Scottish Government Social Research Series (APS Group Scotland, 2013).
 Ibid, at 88.
 See for example R Lyons et al., “Use of Data Linkage to Measure the Population Effect of Non-health-care Interventions” (2014) 383 The Lancet 1517-1519.
 For general overviews, see: Academy of Medical Sciences, Personal data for public good: using health information in medical research (2011); Academy of Medical Sciences, A new pathway for the regulation and governance of health research (2012); R. Thomas and T. Walport, Data Sharing Review Report (2008); G. Laurie and N. Sethi, “Information Governance of Use of Health-Related Data in Medical Research in Scotland: Current Practices and Future Scenarios.” (University of Edinburgh School of Law Working Paper No 2011/26, 2011).
 For an interesting article discussing regulatory challenges around tissue and data see: G Laurie and S Harmon, “Through the Thicket and Across the Divide: Successfully Navigating the Regulatory Landscape in Life Sciences Research” in E Cloatre & M Pickersgill, (eds.) Knowledge, Technology and Law (Routledge, 2014) 121-136. See also the work of the Nuffield Council on Bioethics dedicated Working Party on Biological and Health Data (2015) available at http://nuffieldbioethics.org/project/biological-health-data/background-project/ (accessed 6th Jan 2015).
 Braithwaite, note 24 above, at 51.
 See note 2 above.
 See note 1 above.
 See for example: European Commission, “Commission Staff Working Paper Impact Assessment” Brussels, 25.01.2012, (SEC2012) 72 final (p. 13); N. Robinson et al., ‘Review of the European Data Protection Directive’ Technical Report Sponsored by the Information Commissioner’s Office, RAND Europe, (2009) ICO; Privacy in Research Ethics & Law (PRIVIREAL) Project. Retrieved 7 April 2014, www.privireal.org.
 Section 111(2) Care Act 2014.
 See T Honderich (ed.), The Oxford Companion to Philosophy, (Oxford: Oxford University Press, 1995) at 719.
 Beauchamp and Childress, note 7 above.
 Richardson, note 20 above; Beauchamp and Childress, note 7 above.
 For discussion on the four principles from the perspective of ‘doing’ medical ethics, see R Gillon, “Defending the four principles approach as a good basis for good medical practice and therefore for good medical ethics”, 41 Journal of Medical Ethics (2015) 111-116.
 O O’Neill, “Applied Ethics: Naturalism, Normativity and Public Policy” (2009) 26 Journal of Applied Philosophy 219-230, at 223.
 C Diver, “Regulatory Precision” in K Hawkins and J Thomas (eds), Making Regulatory Policy (Uni of Pittsburgh, 1989) 200.
 Raz, see note 3 above.
 For a broader critique of the Four Principles, see for example, R Rhodes, “Good and not so good medical ethics” (2015) 41 Journal of Medical Ethics 71-74.
 Article 2(d), Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
 A Amaya, ‘Virtue, Legal Reasoning, and Legal Ethics’, Presentation given to University of Edinburgh Legal Theory Research Group (20th June 2012).
 Department of Health, Information: To Share or not to Share? The Information Governance Review’, 2013.
 Ibid, at 21.
 G Laurie and N Sethi, “Towards Principles-Based Approaches to Governance of Health-Related Research Using Personal Data” (2013) 1 European Journal of Risk Regulation 43-57.
 PwC, ‘Data Release Review’, Health and Social Care Information Centre, 2014 available at http://www.hscic.gov.uk/media/14246/HSCIC-Data-Release-Review-PwC-Final-Report/pdf/HSCIC_Data_Release_Review_PwC_Final_Report.pdf (accessed 11 July 2014); ‘Careless.data’, Nature (editorial) 507, 7 (06 March 2014) doi:10.1038/507007a; B Goldacre, ‘Care.data is in chaos, It breaks my heart’, Comment in The Guardian, 28 February 2014 available at : http://www.theguardian.com/commentisfree/2014/feb/28/care-data-is-in-chaos (accessed 24 April 2014).
 P Carter, G Laurie, M Dixon-Woods, “The social licence for research: why care.data ran into trouble” (2015) 41 British Medical Journal, 401-409.
 W Van der Berg and F Brom, “Legislation on ethical issues: towards an interactive paradigm” (2000) 3 Ethical Theory Moral Practice 57-75.
 Festschrift edition of the Journal of Medical Ethics, (2003) 29:5.
 These four scenarios are often invoked within bioethical discussions. They include: the “standard” Jehovah’s Witness case, the “standard” child of a Jehovah’s Witness case, selling kidney’s for transplantation and genetic manipulation and germline enhancement.
 O’Neill, see note 90 above.
 See for example, G Laurie, “Evidence of Support for Biobanking Practices” (2008) 337 British Medical Journal 186-187; G Laurie and E Postan, “Rhetoric or Reality: What is the Legal Status of the Consent Form in Health-Related Research?” (2012) Medical Law Review 1- 44.
 K. El Emam and L. Arbuckle, Anonymizing Health Data, (USA: O’Reilly Media, 2013); E. Regidor, “The use of personal data from medical records and biological materials: ethical perspectives and the basis for legal restrictions in health research” (2004) 54 Social Science and Medicine 1975-1894, at 1976; P Furness and L Nicholson, “Obtaining Explicit Consent for the Use of Archival Tissue Samples: Practical Issues” (2004) 20 Journal of Medical Ethics 561 – 564.
 R Ramesh, ‘NHS medical records to be stored in regional data centres’, (2014) The Guardian, available http://www.theguardian.com/technology/2014/oct/07/care-data-patient-information-accredited-safe-havens (accessed 8th Oct 2014).
 N. Daniels, “Accountability for Reasonableness” (2000) 321 British Medical Journal 1300 – 1301.
 Carter et al., see note 100 above.
 See note 12 above, at 39.
 See note 12 above, at 35.
 Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) 25.1.2012 COM (2012) 11 final (Explanatory Memorandum, Para 1).
 European Parliament, ‘Q&A on EU data protection reform’, 4th March 2014. Retrieved 29 March 2014,www.europarl.europa.eu/pdfs/news/expert/background/20130502BKG07917/20130502BKG07917_en.pdf.
 For discussion see: M. Birnhack, “The EU Data Protection Directive: An engine of a global regime”, (2008) 24 Computer Law & Security Review 508–520; P. Schwartz, “European Data Protection Law and Restrictions on International Data Flow” (1995) 80 Iowa Law Review 471 – 496.
 For an overview of the changing landscape, see N Robinson et al, ‘Review of EU Data Protection Directive, Inception Report’, RAND Europe (2008).
 Note 112 above.
 M. Ploem and K. Stronks, “Proposed EU data protection regulation is a threat to medical research” (Editorial), (2013) 346 British Medical Journal f3534; R. Fears et al., “Data protection regulation and the promotion of health research: getting the balance right”, (2014) 107 Quarterly Journal of Medicine 3–5.
 In fact, at the time of writing, the Nuffield Council on Bioethics is conducting a consultation on this very topic, see Nuffield Council on Bioethics, “Consultation on the linking and use of biological and health data” available http://nuffieldbioethics.org/project/biological-health-data/project-information/ (accessed 8 Jan 2015).
 Reflected by the recent Scottish Government Consultation: S Davidson et al., “Public Acceptability of Cross Sectoral Data Linkage: Deliberative Research Findings” (2012).
 The seventh data protection principle reads: “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.” UK Data Protection Act, 1998.
 See, for example both the Farr Institute of Health Informatics Research at http://www.farrinstitute.org/ and the Administrative Data Liaison Service http://www.adls.ac.uk/ accessed 6th Jan 2015.
 N Sethi, “The Promotion of Data Sharing in Pharmacoepidemiology” (2014) 21 European Journal of Health Law 271-296. See also note 82 above and N Sethi and G Laurie, “Delivering proportionate governance in the era of eHealth: Making linkage and privacy work together”, (2013) 13 Medical Law International 168-204.
 Guiding Principles for Scottish Government Data Linkage Framework, endorsed by the Scottish Information Commissioner’s Office at http://www.scotland.gov.uk/Publications/2012/11/9015 (accessed 7 Jan 2015).
 See for example Braithwaite, note 24 above.
 Riggs v. Palmer (1889) 115 N.Y. 506.
 D McBarnet. Regulation, Responsibility and the Rule of Law: Full Research Report ESRC (2007) End of Award Report, RES-051-27-0031. Swindon: ESRC.
 D McBarnet and C Whelan, “The Elusive Spirit of the Law: Formalism and the Struggle for Legal Control” (1991) 54 Modern Law Review 848-873.
 See for example note 24 above..
 Economic and Social Research Council, Shaping Society, ‘Regulation, Responsibility and the Rule of Law’, available at: http://www.esrc.ac.uk/my-esrc/grants/RES-051-27-0031/read accessed 5th October 2014.
 For an interesting overview of Rules and Principles-based approaches discussed against the backdrop of accounting, see The Institute of Chartered Accountants for Scotland, ‘Principles not Rules: A Question of Judgement’ (2006).
 McBarnet, note 128 above.
 World Medical Association Declaration of Helsinki – Ethical Principles for Medical Research Involving Human Subjects (2013).
 Council for International Organizations of Medical Sciences (CIOMS), International Ethical Guidelines for Biomedical Research Involving Human Subjects (2002).
 See most recently, D Mascalzoni et al., “International Charter of principles for sharing bio-specimens and data” (2014) European Journal of Human Genetics 1-8.
 For discussion on public interest in the context of the Data Protection Act in particular, see G Black and L Stevens, “Enhancing Data Protection and Data Processing in the Public Sector: The Critical Role of Proportionality and the Public Interest” (2013) 10 SCRIPTed 93-122.
 M Taylor, Genetic Data and the Law (Cambridge: CUP, 2012), at 29.
 C Raab, “Regulating Surveillance: the importance of principles”, in K Ball et al, (eds.), Routledge Handbook of Surveillance Studies (Routledge, 2012), pp. 377-385 at 385.
 See for example P. Singleton et al., General Medical Council Public and Professional Attitudes to Privacy of Healthcare Data: A Survey of the Literature (Cambridge Health Informatics Limited, 2007). See: http://www.gmc uk.org/GMC_Privacy_Attitudes_Final_Report_with_Addendum.pdf_34090707.pdf (accessed 10th May 2013).
 Davidson et al, see note 75 above.
 Law Commission Consultation Paper No 214, Data Sharing Between Public Bodies (2013); M Oswald, “An examination of trust, anonymisation and data sharing with particular reference to an exploratory research project investigating attitudes to sharing personal data with the public sector” (2014) 11 Scripted 245-272 and B. Goold, “Technologies of surveillance and the erosion of institutional trust” in K. Aas, Technologies of In Security: The Surveillance of Everyday Life (USA: Taylor & Francis, 2009) 207 -218, at 213.
 For an interesting discussion on public engagement and Science, see: B Wynne, “Public Engagement as a Means of Restoring Public Trust in Science – Hitting the Notes, but Missing the Music?” (2006) 9 Community Genet 211–220.