Anne van Dalen

1 Legal perspectives on black box recording devices in the operating environment I 39 culture. 37 Other high-risk industries have adopted this philosophy, accepting that human error is both inevitable and ubiquitous. 36 The medical profession has incorporated some of these safety lessons. 30,31,38 In the past few years, the number of patients harmed by medical error has gained public attention. Some of these mishaps have reached unsatisfactory conclusions for all involved parties. 31,39 The medical profession traditionally employs the personal approach, which acts as a disincentive to voluntary reporting, and inhibits the search for systemic conditions or triggers that lead to error. 40,41 These conclusions have resulted in several national and international guidelines and regulations, aimed at the broad implementation of safety systems that address human factors, such as teamwork and communication. 37,41,42 Privacy perspective The use of aMDR should conformto certain rules and requirements relating to the privacy of both the healthcare professional and the patient. 2,43 Throughout Western legislation, privacy laws relating to personal data, medical records and professional confidentiality apply to MDRs. 44–47 The new European General Data Protection Regulation (GDPR) took effect in May 2018. It was designed to harmonize all the data privacy laws across the EU. 48,49 It has a processing obligation that requires all individuals involved to be strictly and clearly informed about what happens to their personal data. 44,48,49 Researchers are respectively required to make sure that personal data collected from patients and healthcare professionals are used fairly and lawfully, for limited and specifically stated purposes, in an adequate, relevant and sober manner, and kept safe and secure and stored for no longer than is absolutely necessary. 47,50–52 The privacy-by-design principle is of great importance, regardless of the country in which a project collecting medical data using an MDR is carried out. 48,53 According to this principle, the privacy of the users has to be taken into account from the very beginning of engineering the system, mainly by making optimal use of privacy-enhancing technical solutions. 54,55 Thus, video, audio and medical data related to healthcare staff should be anonymized as early as possible. This entails deidentifying the data (for example