On December 23, 2020, the European Commission (the “Commission”) published its inception impact assessment (“Inception Impact Assessment”) of policy options for establishing a European Health Data Space (“EHDS”).  The Inception Impact Assessment is open for consultation until February 3, 2021, encouraging “citizens and stakeholders” to “provide views on the Commission’s understanding of the current situation, problem and possible solutions”.

What is the EHDS?

On November 11, 2020, the Commission and the German Presidency of the Council of the EU announced their intention to work together to establish a EHDS.  The creation of the EHDS forms part of the Commission’s proposed wider “Data Strategy” to leverage quality data for use by public authorities and businesses across certain sectors and areas of public interest (see pages 29 and 30 of the Commission’s Data Strategy Report, and our Covington blog here).  Note also that, as part of this Data Strategy, the Commission published its proposal for regulation of European data governance through the “Data Governance Act”, which also aims to facilitate data sharing across the EU.  (For further information on the Data Governance Act, please see our blog available here.)

The EHDS will provide a common framework across EU Member States for the sharing and exchange of quality health data (such as electronic health records, patient registries and genomic data) throughout the EU.  According to the Inception Impact Assessment, the EHDS has the following three objectives:

  1. ensuring access, sharing and optimal use of health data for healthcare delivery purposes as well as re-use for research and innovation, policy-making and regulatory activities, in a privacy-preserving, secure, timely, transparent and trustworthy way, and with appropriate institutional governance;
  2. fostering a genuine single market in digital health, covering health services and products, including tele-health, tele-monitoring and mobile health; and
  3. enhancing the development, deployment and application of trustworthy digital health products and services, including those incorporating artificial intelligence in the area of health.

The Commission and EU Member States will promote the exchange of health data through improved interoperability between relevant IT systems and infrastructure and ensuring that health data is “FAIR”—findable, accessible, interoperable and reusable.  The Commission intends such sharing of health data to be supported by robust systems for data governance and digital service infrastructure.

The EHDS common framework will set out the conditions for private organisations to participate. In an industry consultation organised by Digital Health Europe in June 2020, organisations were given the opportunity to express their views on the EHDS.  Participants highlighted the importance of ensuring that data sharing remains voluntary, and that such data sharing should not be mandatory, nor be a condition, for access to data in the EHDS.

Data Protection Implications

The EHDS is likely to have GDPR implications for the public authorities and organisations participating in the common framework—particularly since health data and genetic data are granted special protection under the GDPR (Article 9).  The Commission is expected to legislate on issues such as the secondary use of health data for scientific research, among others, to ensure that organisations participating in the EHDS can do so lawfully.  The Inception Impact Assessment states that the Commission will “carefully explore” the interplay between the EHDS and Articles 9 and 89 of the GDPR, in particular.

In November 2020, the European Data Protection Supervisor (“EDPS”), the independent supervisory authority of the European Union, also considered the data protection implications of the EHDS in its preliminary opinion, making a number of recommendations regarding the safeguards that should be taken into account when establishing the EHDS.

Looking Forward

In addition to the consultation on the Inception Impact Assessment (which ends on February 3, 2021), the Commission proposes to organise several targeted consultation activities and events with stakeholders regarding the EHDS in 2021.  During this time, the Commission will also consult with the competent national authorities.  The Commission aims to adopt a number of legislative and policy developments aimed at paving the way for the EHDS in the fourth quarter of 2021 (see the Commission Work Programme for 2021, available here).

The team at Covington will continue to monitor developments.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Daniel Pavin Daniel Pavin

Daniel Pavin advises clients on a wide range of transactions involving intellectual property, technology and data.

He has extensive experience advising pharmaceutical, biotechnology, medical device and technology companies in connection with licensing, collaborations and other strategic agreements. He also advises clients in connection…

Daniel Pavin advises clients on a wide range of transactions involving intellectual property, technology and data.

He has extensive experience advising pharmaceutical, biotechnology, medical device and technology companies in connection with licensing, collaborations and other strategic agreements. He also advises clients in connection with investments, fundraisings and M&A.

Daniel has a particular focus on digital transformation in the life sciences and healthcare sectors, including digital health transactions, and data-driven and AI drug discovery and development projects.

Daniel is one of the leaders of Covington’s global, multidisciplinary Digital Health Initiative, which brings together the firm’s considerable resources across the broad array of legal, regulatory, commercial, and policy issues relating to the development and exploitation of digital health products and services.

Chambers UK (2024) notes, “Daniel Pavin has very strong legal and commercial acumen.” “Daniel Pavin is very knowledgeable about life sciences and the data and digital areas. He sits where tech and life sciences come together.” “He is incredibly knowledgeable. He is very inclusive and happy to draw colleagues into conversations.”

Prior to his legal career, Daniel worked as a computer programmer, developing microscope image processing software. He is the co-inventor of a patented invention in the field of social network analytics.

Photo of Sam Jungyun Choi Sam Jungyun Choi

Recognized by Law.com International as a Rising Star (2023), Sam Jungyun Choi is an associate in the technology regulatory group in Brussels. She advises leading multinationals on European and UK data protection law and new regulations and policy relating to innovative technologies, such…

Recognized by Law.com International as a Rising Star (2023), Sam Jungyun Choi is an associate in the technology regulatory group in Brussels. She advises leading multinationals on European and UK data protection law and new regulations and policy relating to innovative technologies, such as AI, digital health, and autonomous vehicles.

Sam is an expert on the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act, having advised on these laws since they started to apply. In recent years, her work has evolved to include advising companies on new data and digital laws in the EU, including the AI Act, Data Act and the Digital Services Act.

Sam’s practice includes advising on regulatory, compliance and policy issues that affect leading companies in the technology, life sciences and gaming companies on laws relating to privacy and data protection, digital services and AI. She advises clients on designing of new products and services, preparing privacy documentation, and developing data and AI governance programs. She also advises clients on matters relating to children’s privacy and policy initiatives relating to online safety.

Photo of Anna Oberschelp de Meneses Anna Oberschelp de Meneses

Anna Sophia Oberschelp de Meneses is an associate in the Data Privacy and Cybersecurity Practice Group.

Anna is a qualified Portuguese lawyer, but is both a native Portuguese and German speaker.

Anna advises companies on European data protection law and helps clients coordinate…

Anna Sophia Oberschelp de Meneses is an associate in the Data Privacy and Cybersecurity Practice Group.

Anna is a qualified Portuguese lawyer, but is both a native Portuguese and German speaker.

Anna advises companies on European data protection law and helps clients coordinate international data protection law projects.

She has obtained a certificate for “corporate data protection officer” by the German Association for Data Protection and Data Security (“Gesellschaft für Datenschutz und Datensicherheit e.V.”). She is also Certified Information Privacy Professional Europe (CIPPE/EU) by the International Association of Privacy Professionals (IAPP).

Anna also advises companies in the field of EU consumer law and has been closely tracking the developments in this area.

Her extensive language skills allow her to monitor developments and help clients tackle EU Data Privacy, Cybersecurity and Consumer Law issues in various EU and ROW jurisdictions.