Draft revised Heads of Medicines Agency / European Medicines Agency guidance document on the identification of personal data and commercially confidential information within the structure of the marketing authorisation application dossier
See websites for contact details
- See websites for contact details
Heads of Medicines Agencies www.hma.eu
European Medicines Agency www.ema.europa.eu11
Table of contents
12
Abbreviations .............................................................................................. 3
13
Definitions ................................................................................................... 4
14
1.
- redaction, masking,
68
hiding) in such a manner that the recipient can no longer attribute the resulting information to a data
69
subject and make it identifiable.
- 81
Contract Manufacturing Organisation (CMO): shall mean an arrangement under which a
82
manufacturer provides upstream manufacturing services under contract on behalf of third-party
83
pharmaceutical companies.
- 94
Protected Personal Data (PPD): shall mean any personal data which should be protected from
95
disclosure.
- ?Finalised? shall mean that the marketing
102
authorisation (MA) has been granted or refused or that the MAA has been withdrawn.
- The application of the general principles laid down in this guidance is without prejudice to
106
national rules on transparency.
- The guidance should be read in conjunction with the relevant applicable
107
legislation and case law on transparency and data protection.
- 117
This guidance document is intended to apply to information/documents on medicinal products for
118
human use, for which the procedure has been finalised under the national, mutual recognition,
119
decentralised and centralised procedures.
- Third
124
parties shall be informed or consulted as needed depending on respective national and European legal
125
frameworks.
- 140
In the following sections, the agreed principles on PD and CCI are presented, including guidance on
141
whether such information can be disclosed.
- EMA/131365/2024
Page 5/50
142
Any information identified as PD or CCI must be subject to a preliminary review by the EMA/NCA prior
143
to the possible disclosure of the information/documents.
- Principles on the protection of personal data (PD)
145
The protection of PD is enshrined in EU legislation; it is a fundamental right of EU citizens.
- In
146
compliance with the applicable European/national legislation, PD should be anonymised in order to
147
avoid the disclosure of the document undermining the privacy and integrity of any individual.
- EMA/NCA applies a risk-based approach to assess which PD elements are to be
152
removed from the information/documents in order to limit the risk of re-identification.
- are included in the MAA dossier because they have a legally
164
defined role or responsibility and it is in the public interest to disclose this data.
- 168
Applicants are advised that non-essential information (e.g., personal address, personal phone number)
169
should not be included in the MAA dossier.
- The
183
confidentiality of records that could identify subjects should be protected, respecting the privacy and
184
confidentiality rules in accordance with the applicable regulatory requirement(s).
- 185
The applicant remains responsible for compliance with the relevant legislation in cases where such data
186
is inadvertently included in the MAA dossier.
- 188
EMA/NCA applies a risk-based approach to assess which personal data elements need to be removed
189
from the information/documents in order to limit the risk of re-identification.
- 194
EMA/NCA applies a risk-based approach to assess which personal data elements need to be removed
195
from the information/documents in order to limit the risk of re-identification.
- 205
Any proposal to consider information as commercially confidential should be properly justified by the
206
owner of the information.
- In this respect, any reference(s) to the risk of that interest being
209
undermined should be foreseeable and not purely hypothetical.
- 210
Information that is already in the public domain is not considered to be commercially confidential.
- Information on the Quality and Manufacturing of medicines
226
A general principle regarding quality and manufacturing information is that detailed information could
227
be considered commercially confidential but general information should be disclosed.
- 234
In general, and if not in the public domain, the names of manufacturers or suppliers of the active
235
substance or the excipients are considered commercially confidential.
- 248
A general description of the type of test methods used and the appropriateness of the specification is
249
not commercially confidential.
- General information on the fermentation and purification process
259
is not commercially confidential, although details including operating parameters and specific material
260
requirements are commercially confidential.
- 273
A general description of the type of test methods used and the appropriateness of the specification is
274
not commercially confidential.
- In general, the data included in clinical trial study reports is considered to be data that can be
283
disclosed once PD has been anonymised.
- 338
In each module, a non-exhaustive list of information that may be considered protected personal data (PPD) or commercially confidential information
332
333339
(CCI) is included.
- ?
Direct contact details such as telephone
Therefore, please refer to the appropriate sub-
number, fax number, email, postal address,
modules hereafter for guidance.
- ?
Information that may reveal strategic
(contractual) agreements?
Any quality information on the clinical batches
principal investigator
that might be included here (such as e.g.
- ?
Information that may reveal strategic
(contractual) agreementsprincipal investigator
Study Reports
5.3.3.3as the evaluation of new formulation, innovative
number, fax number, email, postal
Paediatric Development Plan (PIP), etc.
- This may include taking into
More Than One Study
5.3.5.4Other Clinical Study Reports
5.3.6
Reports of Post-Marketing
Experience5.3.7
Direct identifiers such as name,
signature, contact details, etc.