Fri. Aug 12th, 2022
    en flag
    nl flag
    et flag
    fi flag
    fr flag
    de flag
    he flag
    ja flag
    lv flag
    pl flag
    pt flag
    es flag
    uk flag

    Content Assessment: A Safe Space? EDPB and EDPS Adopt Joint Opinion on European Health Data Space Proposal

    Information - 91%
    Insight - 90%
    Relevance - 88%
    Objectivity - 92%
    Authority - 95%

    91%

    Excellent

    A short percentage-based assessment of the qualitative benefit of the recent announcement and proposal from the EDPB and EDPS highlighting health data protection.

    Editor’s Note: The European Data Protection Board (EDPB) is an independent European body, which contributes to the consistent application of data protection rules throughout the European Union, and promotes cooperation between the EU’s data protection authorities. The EDPB is established by the General Data Protection Regulation (GDPR) and is based in Brussels. The European Data Protection Supervisor (EDPS) is the independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection. The EDPB mission is also to raise awareness on risks and protect people’s rights and freedoms when their personal data is processed. Both the EDPB and the EDPS recently jointly announced the adoption of their Joint Opinion on the European Commission’s Proposal for the European Health Data Space (EHDS). Shared with permission,* the announcement and a copy of the recently adopted proposal may be useful for cybersecurity, information governance, and legal discovery professionals in the eDiscovery ecosystem dealing with sensitive health data.


    Announcement*

    European Health Data Space Must Ensure Strong Protection for Electronic Health Data

    EDPB and EDPS

    The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have adopted their Joint Opinion on the European Commission’s Proposal for the European Health Data Space (EHDS). The Proposal aims to facilitate the creation of a European Health Union and to enable the EU to make full use of the potential offered by a safe and secure exchange, use and reuse of health data.

    The EDPB and the EDPS welcome the idea of strengthening the control of individuals over their personal health data. However, they draw the co-legislators’ attention to a number of overarching concerns and urge them to take decisive action. In particular, the EDPB and the EDPS acknowledge that Chapter IV of the Proposal, which aims to facilitate the secondary use of electronic health data, may generate benefits for the public good. At the same time, the EDPB and the EPDS consider that these further processing activities are not without risks for the rights and freedoms of individuals.

    EDPB Chair Andrea Jelinek said: “The EU Health Data Space will involve the processing of large quantities of data which are of a highly sensitive nature. Therefore, it is of the utmost importance that the rights of the European Economic Area’s (EEA) individuals are by no means undermined by this Proposal. The description of the rights in the Proposal is not consistent with the GDPR and there is a substantial risk of legal uncertainty for individuals who may not be able to distinguish between the two types of rights. We strongly urge the Commission to clarify the interplay of the different rights between the Proposal and the GDPR.”

    EDPS Supervisor Wojciech Wiewiórowski said: “Health data generated by wellness applications and other digital health applications are not of the same quality as those generated by medical devicesMoreover, these applications generate an enormous amount of data, can be highly invasive and may reveal particularly sensitive information, such as religious orientation. Wellness applications and other digital health applications should therefore be excluded from being made available for secondary use.

    While the EDPB and EDPS acknowledge the Commission’s efforts to align the Proposal with the GDPR provisions when personal data is involved, they note that this Proposal will add yet another layer to the already complex collection of provisions on the processing of health data. As such, they stress the need to clarify the relationship between the provisions in this Proposal, the ones in the GDPR and Member State law and also with ongoing European initiatives.

    In addition, the EDPB and EDPS acknowledge that the infrastructure for the exchange of electronic health data foreseen in this EHDS Proposal aims at facilitating the exchange of health data. However, due to the large quantity of electronic health data that would be processed, their highly sensitive nature, the risk of unlawful access and the necessity to fully ensure effective supervision by independent data protection authorities, the EDPB and the EDPS call on the European Parliament and on the Council to add to the Proposal a requirement to store the electronic health data in the EEA, without prejudice to further transfers in compliance with Chapter V of the GDPR.

    As to the purposes for secondary use of health data, the EDPB and the EDPS are of the view that the Proposal lacks a proper delineation of the purposes for which electronic health data may be further processed. In order to achieve a balance that adequately takes into account the objectives pursued by the Proposal and the protection of personal data of the individuals affected by the processing, the co-legislators should further delineate these purposes and circumscribe when there is a sufficient connection with public health and/or social security.

    Finally, regarding the governance model introduced by the  Proposal,  the tasks and competencies of the new public bodies need to be carefully tailored, particularly taking into account the tasks and competences of national supervisory authorities, the EDPB and the EDPS, when the processing of health data is involved. The EDPB and the EDPS underline that data protection authorities are the only competent authorities responsible for data protection issues and should remain the only point of contact for individuals with regard to those issues. Overlap of competences should be avoided and fields of and requirements for cooperation should be specified.

    Read the original announcement.


    Read the Complete Opinion: Joint Opinion on the European Commission’s Proposal for the European Health Data Space  (PDF) Mouseover to Scroll

    EDPB and EDPS Joint Opinion 202203 - European Health Data Space

    *Shared with permission.

    Additional Reading

    Source: ComplexDiscovery

     

    Have a Request?

    If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

    ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

    ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.

    The Tip of the Iceberg? New ENISA Report on Threat Landscape for Ransomware Attacks

    According to ENISA, this threat landscape report analyzed a total of...

    Consumers Paying the Price? Cost of a Data Breach Hits Record High According to New IBM Report

    According to IBM Security, the annual Cost of a Data Breach Report...

    Safeguarding ePHI? NIST Updates Guidance for Health Care Cybersecurity

    This new NIST Special Publication aims to help educate readers about...

    Countering Threat Actors? Using Social Network Analysis for Cyber Threat Intelligence (CCDCOE)

    According to the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)...

    Revenue Headwinds? KLDiscovery Inc. Announces Second Quarter 2022 Financial Results

    According to Christopher Weiler, CEO of KLDiscovery Inc, “The second quarter...

    Beyond Revenue? DISCO Announces Second Quarter 2022 Financial Results

    According to Kiwi Camara, Co-Founder and CEO of DISCO, “We are...

    Live with Leeds? Exterro Completes Recapitalization in Excess of $1 Billion

    According to the press release, with the support of a group...

    TCDI Completes Acquisition of Aon’s eDiscovery Practice

    According to TCDI Founder and CEO Bill Johnson, “We chose Aon’s...

    On the Move? 2022 eDiscovery Market Kinetics: Five Areas of Interest

    Recently ComplexDiscovery was provided an opportunity to share with the eDiscovery...

    Trusting the Process? 2021 eDiscovery Processing Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    The Year in Review? 2021 eDiscovery Review Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    A 2021 Look at eDiscovery Collection: Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    Five Great Reads on Cyber, Data, and Legal Discovery for July 2022

    From lurking business undercurrents to captivating deepfake developments, the July 2022...

    Five Great Reads on Cyber, Data, and Legal Discovery for June 2022

    From eDiscovery ecosystem players and pricing to data breach investigations and...

    Five Great Reads on Cyber, Data, and Legal Discovery for May 2022

    From eDiscovery pricing and buyers to cyberattacks and incident response, the...

    Five Great Reads on Cyber, Data, and Legal Discovery for April 2022

    From cyber attack statistics and frameworks to eDiscovery investments and providers,...

    Inflection or Deflection? An Aggregate Overview of Eight Semi-Annual eDiscovery Pricing Surveys

    Initiated in the winter of 2019 and conducted eight times with...

    Changing Currents? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2022

    In the summer of 2022, 54.8% of survey respondents felt that...

    Challenging Variants? Issues Impacting eDiscovery Business Performance: A Summer 2022 Overview

    In the summer of 2022, 28.8% of respondents viewed increasing types...

    Downshift Time? eDiscovery Operational Metrics in the Summer of 2022

    In the summer of 2022, 65 eDiscovery Business Confidence Survey participants...

    Droning On? Ukraine Conflict Assessments in Maps (August 3 – 7, 2022)

    According to a recent update from the Institute for the Study...

    Assuaging Distress? Ukraine Conflict Assessments in Maps (July 29 – August 2, 2022)

    According to a recent update from the Institute for the Study...

    Momentum Challenges? Ukraine Conflict Assessments in Maps (July 24 – 28, 2022)

    According to a recent update from the Institute for the Study...

    Port Support? Ukraine Conflict Assessments in Maps (July 19 – 23, 2022)

    According to a recent update from the Institute for the Study...