Despite their intention, requests to amend MCTs have increased significantly in recent years, due in part to the outdated data protection provisions contained in the models that have not fully taken into account the application of the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (DPA). MTIIs were developed by the UK government in collaboration with the Association of the British Pharmaceutical Industry (ABPI), in collaboration with stakeholders such as the Health Research Authority and the Medical Research Council. In addition, there are separate model agreements for non-commercial research/investigation, collaborative research and primary procurement studies. The adoption of this more robust literature is particularly welcome in the current climate and is an important step forward in addressing the need to streamline clinical trials related to COVID-19. This need is also reflected in the accelerated authorisation procedure for COVID-19 studies, which is now only 24 to 72 hours from about 80 days. Like the 2018 models, HRA expects the new mCTA and CRO-mCTA to be used without modification. The MCTA is concluded by the sponsor and the institution (i.e. the organization of the participants), while the CRO-mCTA will be used if, in addition to these two parties, the sponsor enters into contracts with a CRO responsible for the aspects of field trial management. The role assigned to the parties continues to reflect the position of HRA and the business community, which considers the sponsor to be responsible for personal data and the organization of the participants and the CRO as a subcontractor acting on behalf of the sponsor for the purposes of the clinical trial (clauses 6.2.1 mCTA and CRO-mCTA). Updated versions of the UK Clinical Trial Agreement (mCTA) and the Clinical Research Organisation model Clinical Trial Agreement (CRO-mCTA) have been published.
Given the growing importance of safe but rapid clinical trials in the coronavirus era, this contribution describes the key changes introduced from a data protection perspective and what they mean for contracting parties.