Privacy and data security are key concerns for ministers assessing the European Health Data Space

Health ministers from across the EU discussed the proposal for the European Health Data Space (EHDS), which aims to facilitate sharing of health data in the continent on 14 June a meeting of the Employment, Social Policy, Health and Consumer Affairs Council in Luxembourg,

Privacy – and the need to protect citizens’ data – was an underlying theme of the discussion, as it is seen as central to gaining buy-in and support from citizens for the project.

Why it matters

While health ministers generally welcomed the proposal, several voiced caveats about its implementation. Thomas Steffen, state secretary of the Ministry of Health in Germany, where the uptake of digital health is relatively low, raised questions about data protection.

“There’s one thing we mustn’t do – we mustn’t hand this data to third parties or to other countries that have different values to the ones we have here in Europe,” he said.

“What we need are clear rules,” he added. “We all are aware that what we need is a high level of data protection so that we can have the confidence of the citizens, otherwise we won’t achieve that for the EHDS.”

The Estonian representative, Marten Kokk, highlighted the sensitive nature of the data that the EHDS will house. “There are more delicate areas like genetic data where quality control and ethical aspects are of particular importance,” he pointed out. “Data security as well as people’s digital skills will require special attention to ensure trust in the system.”

Frank Feighan, Ireland’s Minister of State for public health, described what could happen when data security was not maintained. Speaking of the devastating cyber-attack suffered by the country’s health service in 2021, he said, “The security of health information, particularly against cyber threats, is of growing concern to the public.” Ensuring the security of data must be a priority, he said. “Data breaches will significantly erode public trust.”

Health data space takes a new approach

The EHDS proposal offers a new approach to privacy, said Mahsa Shabani, an assistant professor of privacy law at the University of Ghent. The discussion of primary use of data focuses on citizens’ own power over their information. But the section on secondary use of data moves away from consent as a criterion for making data accessible, in contrast with legislation like the GDPR. Instead, it focuses on whether the data will be used in research being done in the public or general interest.

“The general message is that consent is not any more the preferred legal basis for data sharing for secondary use of data—which is quite a big step towards taking a unified approach of how to tackle data sharing,” Shabani said.

Tuesday’s meeting was a first exchange of views among ministers about the proposal but there were hints of the negotiations to come. One minister talked of the need for a reasonable timeline and technical assistance to enable countries to prepare for the EHDR. The Maltese Minister for Health, Chris Fearne, spoke of benefits of the EHDS for the pharmaceutical and healthcare industries when it comes to research and innovation.

 “We might even need to tweak some clauses of the GDPR to make this possible while keeping the safety of our patients’ data as paramount,” he said.

It was a busy week for EU health policy, as the Commission briefed ministers about the regulations on medical devices and on health technology assessment, while the Council and Parliament agreed with the Commission’s proposal to extend the EU’s digital COVID certificate for another year.