Our countries are looking for the foundations for a functional model that enhances research and the use of data for the common good in the field of health and biomedical research. In this regard, the director of the Chair has collaborated with core initiatives leaded by our regional healthcare system hospitals.
Furthermore, over the last years research on COVID-19 has shown the importance of using the data for the common good. In addition, the European debate on mobile applications has highlighted the essential value of data from sources outside the healthcare system, such as location and mobility data, Smart Cities, Smart Houses and many other sensors that are essential for population-based and predictive medicine.
Finally, the provision of data protection compliance requirements in health research projects is a highly demanding challenge. At this regard, the European Data Protection Supervisor published the document "A Preliminary Opinion on data protection and scientific research". This document shows that there are no corresponding data protection laws in the various countries, due to several factors:
- The Regulation leaves part of the legislative development to the Member States.
- Legislative asymmetries may exist and these also occur in the criteria provided by national data protection authorities.
- In healthcare research the requirements for data processing with consent, pseudonymisation and anonymisation are higher than in other areas.
- Projects that apply data analytics and artificial intelligence techniques must be guided by constantly evolving ethical principles.
Certain common patterns could be identified:
- Most national laws facilitate retrospective research with data by providing exceptions to the patient consent rule and certain facilitations to comply with the transparency duties.
- Regulations are stricter and more demanding for prospective research with data that usually requires patient consent.
- The position of data protection authorities makes it literally impossible to generate open data environments that do not meet specific characteristics. The reason for this lies in the fact that while recital (26) of the GDPR defines anonymization as a process that results in no third party being able to re-identify with "reasonable effort", data protection authorities require an "irreversible anonymization equivalent to erasure" that should take into account future technological risks.
- Only Spain (Additional Provision XVII of LO 3/2018) has defined a technique with controlled environments, provided with security and traceability.
Common European Data Spaces
The European strategy for data aims at creating a single market for data that will ensure Europe’s global competitiveness and data sovereignty.
The European Health Data Space proposes in our view several key challenges. First, to form an interoperability framework that ensures appropriate use of health data for primary purposes and facilitates the necessary and functional health care services to a European area without borders. Secondly, to promote a broad list of uses for secondary data. After that, to have a strong impact on all actors involved by promoting rights as well as processing opportunities. Then, ensure effective control over data subjects' data and provide certainty and guarantees of their rights. After that, Encourage the involvement of data holders and data intermediaries in the development of reusable datasets. And, finally, promote the creation of secure and traceable environment for the use of health data.