EU’s proposed health data regulation ignores patients’ privacy rights

The European Health Data Space

In May 2022, the European Commission proposed a new Regulation to create a European Health Data Space (EHDS). The law attempts to improve the ways in which people’s sensitive health information is made available for various kinds of uses.

EDRi’s position paper provides a first outline of how the co-legislators of this regulation should amend the Commission’s EHDS proposal to make sure it serves research purposes while also respecting patient-doctor confidentiality and protecting people’s private lives.

Some of the proposed data use cases make a lot of sense, like when a doctor abroad can access a patient’s medical history from a treatment back home. The proposed Regulation calls this “primary use”. But other proposed uses can be incredibly dangerous for the private lives and medical data of millions of patients in the European Union.

Doctors will be forced to hand over people’s data

The proposal would force every doctor and hospital to surrender people’s data to national authorities who can then pass it on to anyone who can claim a research interest, be it universities, pharmaceutical companies, or even big tech corporations who want to train their latest AI model with it.

The tech industry is only waiting for an opportunity to get their hands on Europeans’ health data. Apple already has an extensive digital health offer and, in 2020, Google paid over US$ 2 billion to acquire health device maker Fitbit in an attempt to enter the health data market.

This demonstrates the huge value that health data has and why it should never be shared with third parties without consent.