Subscribe to PLMJ’s newsletters to receive the most up-to-date legal insights and our invitations to exclusive events.
We are looking for people who aim to go further and face the future with confidence.
Subscribe to PLMJ’s newsletters to receive the most up-to-date legal insights and our invitations to exclusive events.
We are looking for people who aim to go further and face the future with confidence.
In May 2022, the European Commission submitted a proposal for a Regulation of the European Parliament and of the Council on the European Health Data Space (“EHDS”). This Regulation will only be fully applicable four years after its entry into force, at the end of the deferred application period.
The proposal was prompted by the discovery of a high degree of fragmentation, disparities and difficulties in accessing and using electronic health data in the Member States of the European Union. Indeed, Member States’ actions in this area have proven to be insufficient. Individuals face difficulties in exercising their rights over their electronic health data, including access and transfer at national and cross-border levels. For example, even when health data are available in electronic form, individuals are usually not in a position to give or allow access to them by other healthcare providers.
Today, there are significant differences in the application of health data rules across Member States, as the European legislature has largely opted for non-binding guidelines and recommendations.
In this context, the European Commission intends to establish the EHDS to define common rules, standards and practices, to create the necessary infrastructure and certification/labelling systems, to and establish a common governance framework for the primary and secondary use of electronic health data.
One of the objectives of the EHDS is to give individuals greater control over their electronic health data at national and EU level, allowing access and sharing with health professionals. Users will also be able to add information, correct errors, restrict access and find out which health professionals have accessed their health data.
It is also intended to make the work of health professionals easier by allowing them to access a patient’s medical history, thus increasing the knowledge base for making more informed decisions about the diagnosis and treatment of patients, including access to patient data from other EU countries. Overall, the EHDS is estimated to save the EU around €11 billion over ten years.
On secondary use of data, the aim is to create a reliable and secure framework for industry, researchers, policy makers and regulators to access electronic health data. This will allow them to make the best use of available health data in their work, contributing to improved healthcare, research, innovation and policy making.
However, the data involved is vast, particularly sensitive and potentially invasive in terms of monitoring an individual’s behaviour, choices, emotions and physical and physiological characteristics. As a result, these measures must comply with applicable data protection legislation.[1] As such, one of the major challenges facing the EHDS is its harmonisation with the GDPR.
According to the joint opinion[2] of the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) requested by the Commission, the EHDS raises a number of pressing issues relating to (i) the weakening of data subjects’ rights, (ii) the complex interaction of different applicable European and national laws, and (iii) the resulting lack of legal certainty. The joint opinion then makes a number of recommendations in the area of the protection of the fundamental rights and freedoms of data subjects in data processing.
The proposal for a Regulation will be discussed in the Council and the European Parliament and changes to the current proposal are expected. These changes will primarily address the concerns and recommendations of the Joint Opinion of the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”).
[1] The Data Governance Law, the Data Protection Law and the General Data Protection Regulation.
[2] Joint Opinion 3/2022 of the EDPB and the EDPS on the proposal for a Regulation on the European Health Data Space.