EU’s proposed health data regulation ignores patients’ privacy rights

EDRi’s new position paper outlines how the European Commission’s proposal for a European Health Data Space, in an attempt to make use of people’s health data, would sabotage the rights of patients to make decisions about their private medical information.

By EDRi · March 6, 2023

The European Health Data Space

In May 2022, the European Commission proposed a new Regulation to create a European Health Data Space (EHDS). The law attempts to improve the ways in which people’s sensitive health information is made available for various kinds of uses.

EDRi’s position paper provides a first outline of how the co-legislators of this regulation should amend the Commission’s EHDS proposal to make sure it serves research purposes while also respecting patient-doctor confidentiality and protecting people’s private lives.

Some of the proposed data use cases make a lot of sense, like when a doctor abroad can access a patient’s medical history from a treatment back home. The proposed Regulation calls this “primary use”. But other proposed uses can be incredibly dangerous for the private lives and medical data of millions of patients in the European Union.

Doctors will be forced to hand over people’s data

The proposal would force every doctor and hospital to surrender people’s data to national authorities who can then pass it on to anyone who can claim a research interest, be it universities, pharmaceutical companies, or even big tech corporations who want to train their latest AI model with it.

"The EHDS proposal would make doctors and other medical professionals complicit in the forced commercialisation and monetisation of every aspect of our health without ever asking for our consent. It would completely sabotage doctor-patient confidentiality and the reasonable privacy expectations EU residents have when they confide in their doctor."

Jan Penfrat, Senior Policy Advisor, EDRi

The tech industry is only waiting for an opportunity to get their hands on Europeans’ health data. Apple already has an extensive digital health offer and, in 2020, Google paid over US$ 2 billion to acquire health device maker Fitbit in an attempt to enter the health data market.

This demonstrates the huge value that health data has and why it should never be shared with third parties without consent.

Jan Penfrat

Senior Policy Advisor

Mastodon: @ilumium