On December 23, 2020, the European Commission (the “Commission”) published its inception impact assessment (“Inception Impact Assessment”) of policy options for establishing a European Health Data Space (“EHDS”).  The Inception Impact Assessment is open for consultation until February 3, 2021, encouraging “citizens and stakeholders” to “provide views on the Commission’s understanding of the current situation, problem and possible solutions”.

What is the EHDS?

On November 11, 2020, the Commission and the German Presidency of the Council of the EU announced their intention to work together to establish a EHDS.  The creation of the EHDS forms part of the Commission’s proposed wider “Data Strategy” to leverage quality data for use by public authorities and businesses across certain sectors and areas of public interest (see pages 29 and 30 of the Commission’s Data Strategy Report, and our Covington blog here).  Note also that, as part of this Data Strategy, the Commission published its proposal for regulation of European data governance through the “Data Governance Act”, which also aims to facilitate data sharing across the EU.  (For further information on the Data Governance Act, please see our blog available here.)

The EHDS will provide a common framework across EU Member States for the sharing and exchange of quality health data (such as electronic health records, patient registries and genomic data) throughout the EU.  According to the Inception Impact Assessment, the EHDS has the following three objectives:

  1. ensuring access, sharing and optimal use of health data for healthcare delivery purposes as well as re-use for research and innovation, policy-making and regulatory activities, in a privacy-preserving, secure, timely, transparent and trustworthy way, and with appropriate institutional governance;
  2. fostering a genuine single market in digital health, covering health services and products, including tele-health, tele-monitoring and mobile health; and
  3. enhancing the development, deployment and application of trustworthy digital health products and services, including those incorporating artificial intelligence in the area of health.

The Commission and EU Member States will promote the exchange of health data through improved interoperability between relevant IT systems and infrastructure and ensuring that health data is “FAIR”—findable, accessible, interoperable and reusable.  The Commission intends such sharing of health data to be supported by robust systems for data governance and digital service infrastructure.

The EHDS common framework will set out the conditions for private organisations to participate. In an industry consultation organised by Digital Health Europe in June 2020, organisations were given the opportunity to express their views on the EHDS.  Participants highlighted the importance of ensuring that data sharing remains voluntary, and that such data sharing should not be mandatory, nor be a condition, for access to data in the EHDS.

Data Protection Implications

The EHDS is likely to have GDPR implications for the public authorities and organisations participating in the common framework—particularly since health data and genetic data are granted special protection under the GDPR (Article 9).  The Commission is expected to legislate on issues such as the secondary use of health data for scientific research, among others, to ensure that organisations participating in the EHDS can do so lawfully.  The Inception Impact Assessment states that the Commission will “carefully explore” the interplay between the EHDS and Articles 9 and 89 of the GDPR, in particular.

In November 2020, the European Data Protection Supervisor (“EDPS”), the independent supervisory authority of the European Union, also considered the data protection implications of the EHDS in its preliminary opinion, making a number of recommendations regarding the safeguards that should be taken into account when establishing the EHDS.

Looking Forward

In addition to the consultation on the Inception Impact Assessment (which ends on February 3, 2021), the Commission proposes to organise several targeted consultation activities and events with stakeholders regarding the EHDS in 2021.  During this time, the Commission will also consult with the competent national authorities.  The Commission aims to adopt a number of legislative and policy developments aimed at paving the way for the EHDS in the fourth quarter of 2021 (see the Commission Work Programme for 2021, available here).

The team at Covington will continue to monitor developments.

Photo of Daniel Pavin Daniel Pavin
Read more about Daniel Pavin
Photo of Sam Jungyun Choi Sam Jungyun Choi

Sam Jungyun Choi is an associate in the technology regulatory group in the London office. Her practice focuses on European data protection law and new policies and legislation relating to innovative technologies such as artificial intelligence, online platforms, digital health products and autonomous…

Sam Jungyun Choi is an associate in the technology regulatory group in the London office. Her practice focuses on European data protection law and new policies and legislation relating to innovative technologies such as artificial intelligence, online platforms, digital health products and autonomous vehicles. She also advises clients on matters relating to children’s privacy and policy initiatives relating to online safety.

Sam advises leading technology, software and life sciences companies on a wide range of matters relating to data protection and cybersecurity issues. Her work in this area has involved advising global companies on compliance with European data protection legislation, such as the General Data Protection Regulation (GDPR), the UK Data Protection Act, the ePrivacy Directive, and related EU and global legislation. She also advises on a variety of policy developments in Europe, including providing strategic advice on EU and national initiatives relating to artificial intelligence, data sharing, digital health, and online platforms.

Read more about Sam Jungyun ChoiSam Jungyun's Linkedin Profile
Show more Show less
Photo of Anna Oberschelp de Meneses Anna Oberschelp de Meneses

Anna Sophia Oberschelp de Meneses is an associate in the Data Privacy and Cybersecurity Practice Group.  Anna is a qualified Portuguese lawyer, but is both a native Portuguese and German speaker.  Anna advises companies on European data protection law and helps clients coordinate…

Anna Sophia Oberschelp de Meneses is an associate in the Data Privacy and Cybersecurity Practice Group.  Anna is a qualified Portuguese lawyer, but is both a native Portuguese and German speaker.  Anna advises companies on European data protection law and helps clients coordinate international data protection law projects.  She has obtained a certificate for “corporate data protection officer” by the German Association for Data Protection and Data Security (“Gesellschaft für Datenschutz und Datensicherheit e.V.”). She is also Certified Information Privacy Professional Europe (CIPPE/EU) by the International Association of Privacy Professionals (IAPP).  Anna also advises companies in the field of EU consumer law and has been closely tracking the developments in this area.  Her extensive language skills allow her to monitor developments and help clients tackle EU Data Privacy, Cybersecurity and Consumer Law issues in various EU and ROW jurisdictions.

Read more about Anna Oberschelp de Meneses
Show more Show less