The European Union (EU) Data Protection Regulation will have profound implications for public health, health services research and statistics in Europe. The EU Commission's Proposal was a breakthrough in balancing privacy rights and rights to health and healthcare. The European Parliament, however, has proposed extensive amendments. This paper reviews the amendments proposed by the European Parliament Committee on Civil Liberties, Justice and Home Affairs and their implications for health research and statistics. The amendments eliminate most innovations brought by the Proposal. Notably, derogation to the general prohibition of processing sensitive data shall be allowed for public interests such as the management of healthcare services, but not health research, monitoring, surveillance and governance. The processing of personal health data for historical, statistical or scientific purposes shall be allowed only with the consent of the data subject or if the processing serves an exceptionally high public interest, cannot be performed otherwise and is legally authorised. Research, be it academic, government, corporate or market research, falls under the same rule. The proposed amendments will make difficult or render impossible research and statistics involving the linkage and analysis of the wealth of data from clinical, administrative, insurance and survey sources, which have contributed to improving health outcomes and health systems performance and governance; and may illegitimise efforts that have been made in some European countries to enable privacy-respectful data use for research and statistical purposes. If the amendments stand as written, the right to privacy is likely to override the right to health and healthcare in Europe.
- Public Health Ethics
- Quality of Health Care
- Scientific Research
Statistics from Altmetric.com
An important debate is underway that will have profound implications for public health and health services statistics and research in Europe. The debate is about the final wording of the European Union (EU) Data Protection Regulation. The new regulation offers the opportunity to balance rights to privacy and rights to health and healthcare, but it is growing increasingly uncertain that this balance will be struck.
With a balanced approach, privacy-respectful uses of personal health data could enable regular programmes of monitoring and research to improve the health of populations, the sound management of the health system and scientific discovery to improve health and healthcare.
The Lisbon Treaty,1 by amending Article 16 of the Treaty on the Functioning of the European Union,2 introduced a new legal basis to establish a comprehensive and coherent Union legislation on data protection. On this basis, the Commission is undergoing a revision of the EU Data Protection Directive (DPD).3
A “Communication on a comprehensive approach on personal data protection in the European Union”4 was enacted in 2010. The Communication acknowledged that privacy and data protection rights should not unnecessarily limit other fundamental rights enshrined in EU Treaties, including the right to health/healthcare; thus, confirming that the right to privacy is not an absolute right.5 It also highlighted that, despite a common EU legal framework, there has been a lack of harmonisation among the legislation of Member States (MS) on different aspects of data protection, including data processing for public health purposes.
The divergent implementation of the DPD across MS produced an inadequate protection of the right to privacy/data protection and unnecessary legal constraints.6 In the healthcare sector, the direct impact of these practices produced a substantially lower capacity to conduct effective research in specific MS,7 thus producing an imbalance between the right to privacy/data protection and the right to health.8
However, the 2010 Communication missed the opportunity to provide clear legal guidance for the processing of sensitive data when public health interests are involved. As a matter of fact, public health needs and interests received neither formal recognition nor legal protection in the proposed revision of the Directive, regardless of their fundamental role in the protection of the right to the highest level of health.
After a general consultation, 2 years later, the EU Commission enacted a “Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data” (General Data Protection Regulation).9 The Proposal constitutes a major breakthrough for data protection in the field of public health and, in general, for health and scientific research.
First, a substantial effort to harmonise data protection in the field of public health and scientific research is therein recognised through a detailed definition of the public interests that justify derogation to the general prohibition of processing sensitive data (Recital 42 and Article 9 paragraph 2 (g),(h),(i)). The Proposal, as it has been structured, will substantially diminish the possibility of misinterpretation of data protection rules; allowing MS to adopt harmonised public health policies.
Second, by combining Recital 42, Article 9 paragraph 2, Article 81 and 83, the Proposal seems to recognise public health, scientific research and statistics as disciplines that serve a unique interest for the good of societies, which deserve protection in order to guarantee other fundamental rights of the European citizens, including the right to health/healthcare.
This recognition is crucial to guarantee that ethical principles are enshrined in and drive legislation, a fundamental ethical principal of civil societies.
The Draft Report of the European Parliament Committee on Civil Liberties, Justice and Home Affairs10 proposes several amendments to the EU Commission's proposed General Data Protection Regulation. This study is an in-depth review of these amendments and their implications for health research and statistics, should they stand as written.
Revision of the EU Data Protection Directive
Analysis of Recital 42 of the Proposal
Recital 42 of the Proposal9 states that derogating from the prohibition on processing sensitive categories of data should also be allowed “if done by a law, and subject to suitable safeguards, so as to protect personal data and other fundamental rights, where grounds of public interest so justify and in particular for health purposes, including public health and social protection and the management of healthcare services, especially in order to ensure the quality and cost-effectiveness of the procedures used for settling claims for benefits and services in the health insurance system, or for historical, statistical and scientific research purposes”.
The Draft Report10 eliminates from the text of the recital the possibility to derogate from the general prohibition of processing sensitive data “for historical, statistical and scientific research purposes”, even if done by a law, which should provide for suitable safeguards.
Article 8 (3–4) and Recital 34 of the 1995 DPD3 already envisaged the possibility of providing additional exemptions to the general prohibition of processing sensitive data for important reasons of public interest, for example, public health, scientific research and government statistics. However, very few MS have translated this possibility into national laws/regulations; while some others have adopted specific exemptions on a case by case basis through authorisation by the supervisory authority.11 As a matter of fact, MS that have not used the possibilities of Article 8(4) of the 1995 DPD, have made data processing for public health and research purposes more difficult.7
The inclusion of statistics and scientific research purposes in Recital 42 of the new Proposal (which resemble Recital 34 of the 1995 DPD), can be highly welcomed because of its contribution to a better definition of the notion of “public interest”, which is still debated in the EU.
Most importantly, it has to be highlighted that the amendment does not provide either evidence or justification of why the “management of healthcare services” should be considered more important than “scientific research” (including health, healthcare and public health research, and government statistics), which are instead crucial for ensuring the highest attainable standard of living to all citizens and for transparency about societal progress. The possibility to weigh the right to privacy with other fundamental human rights, including the right to health, is rightly envisaged in the 1995 DPD and in the new Proposal.
Analysis of Article 81 of the Proposal
Article 81 of the Proposal9 allows the processing of personal data concerning health on the basis of Union or MS law that provide for suitable safeguards, for specified purposes, for example: “of preventive or occupational medicine, medical diagnosis, the provision of care or treatment or the management of healthcare services”; “reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety, inter alia for medicinal products or medical devices”; or “other reasons of public interest in areas such as social protection, especially in order to ensure the quality and cost-effectiveness of the procedures used for settling claims for benefits and services in the health insurance system”. Most importantly, “it allows the processing of personal data concerning health which is necessary for historical, statistical or scientific research purposes, such as patient registries set up for improving diagnoses and differentiating between similar types of diseases and preparing studies for therapies”, subject to the conditions ex Article 83.
The Draft Report10 amends Article 81 of the Proposal by introducing a new Article 81 paragraph 1 (a), which reaffirms that the minimisation principle especially applies to sensitive data. The inclusion of this new paragraph can be considered redundant, since minimisation is a general principal solidly enshrined in the Proposal.
It also amends Article 81 paragraph 2 by stating that “Processing of personal data concerning health which is necessary for historical, statistical or scientific research purposes, shall be permitted only with the consent of the data subject, and shall be subject to the conditions and safeguards referred to in Article 83.”
In primis, requiring patient consent, in addition to the conditions and safeguards ex Article 83, is inconsistent with Article 9 paragraph 2 (a) of the proposal, which states that the general prohibition of processing sensitive data “shall not apply where¼¼ the data subject has given consent to the processing of those personal data”. In fact, there should not be a need for the above additional safeguards if the data subject has consented to the processing.
Moreover, the amendment does not provide either evidence or justification of why the processing of sensitive data for the “management of healthcare services” should be allowed, while the processing for “scientific research”, including public health research and “government statistics”, should be prohibited, given that they are fundamental for achieving health improvements and guaranteeing the right to health. Furthermore, there is no justification why one type of data, health insurance records, merits consideration for use in managing the health system above all others. The emergence of electronic clinical records is a powerful source of information to monitor healthcare quality, efficiency and expenditure.6
The amendment introduces the concept of research that serves an “exceptionally high public interest” to allow MS to provide exemptions to the requirement of consent. Once again, the concept of “exceptionally high public interest” is a vague one, whose meaning is yet to be defined. The introduction of this amendment is very likely to bring about misconceptions across Europe and may produce a divergent protection of privacy/data protection and the hampering of health/public health research in many European countries.
In addition, the amendment states that even when the research serves “exceptionally high public interests” data should be anonymised or, if not possible, pseudonymised. Data can be considered anonymous when “it would be reasonably impossible for the researcher or any other person to directly and/or indirectly re-identify the data” through reasonable means, according to the state of the article.12 Pseudonymisation allows the indirect identification of the data subject.12 Envisaging the requirement of anonymisation for the data processing is herein redundant, since it is clear that anonymous data can be processed without consent. As a matter of fact, anonymous data, by definition, falls outside the scope of the 1995 DPD (Recital 26) and the new Proposal (Recital 23). Amendments have not touched this principle.
In the justification for the amendments to Article 81 there is a referral to paragraph 9 of the Council of Europe Recommendation on Medical Data (1997),13 which concerns security measures. However, the referral is inconsistent with the general principle on scientific research therein contained. The Recommendation states, on one end, that “whenever possible, medical data used for scientific research purposes should be anonymous”, while on the other, it provides a list of conditions justifying the processing of sensitive data, for example, when the scientific research project concerns an important public interest, or it would be impracticable to contact the data subject to seek his consent, or the scientific research is provided for by law and constitutes a necessary measure for public health reasons.
Indeed, the principles on scientific research envisaged by the Recommendation are in line with those enshrined in the Proposal.
Analysis of Article 83 of the Proposal
Article 83 of the new Proposal9 states that “within the limits of this Regulation, personal data may be processed for historical, statistical or scientific research purposes only if:
These purposes cannot be otherwise fulfilled by processing data which does not permit or not any longer permit the identification of the data subject;
Data enabling the attribution of information to an identified or identifiable data subject is kept separately from the other information as long as these purposes can be fulfilled in this manner”.
The Draft Report10 substantially amends Article 83 by introducing a new Article 83 paragraph 1(a) and amending paragraph 1(b). According to the amendments, the processing of personal data for historical, statistical or scientific research purposes shall be allowed only if consent has been given by the data subject, or the processing serves an exceptionally high public interest and it cannot be performed otherwise. In the latter case, data shall be anonymised, or (if not possible for the envisaged purposes) pseudonymised under the highest technical standards, and processing shall be subject to the prior authorisation of the competent supervisory Authority.
The justification for these amendments is the fear that “any research, no matter if academic or corporate and including for example, market research, could be used as an excuse to override all protections provided for in the other parts of this Regulation”.
Such an assumption comes with absolutely no precedents and may be easily argued. Scientific research is by definition an important public interest because it serves the interest of societies as a whole and is the basis for societal progress. It includes, among the others, health/healthcare and public health research, which all serve the interest of societies to improve population health and is fundamental for the realisation of the citizen's right to health. Government statistics and research are absolutely essential for evidence-based policy making.
Several public health goals are directly influenced by data protection rules.14 The consequences of the proposed amendments “would be disastrous” for the health sector, as recently affirmed by the European Public Health Association in a response to the Draft Report,15 providing expert advice on the specific damages that these amendments would produce for public health. Certainly the amendments would make difficult or render impossible research and statistics involving the linkage and analysis of the wealth of data from clinical, administrative, insurance and survey sources, which has contributed to improving health outcomes, to reducing unsafe practices and to improving health systems performance and governance.
Health data is a significant potential resource in the Organisation for Economic Cooperation and Development (OECD) countries: to improve population health and the effectiveness, safety and patient-centredness of healthcare systems, as well as to promote innovation and economic development in an increasingly significant part of the economy. In 2010, health ministers called for improvement in national information infrastructures to support research and monitoring and strengthen national healthcare quality and system performance.16 The motivation for this call was to shift away from cost containment in the management of healthcare to the generation of evidence about quality of care and outcomes for performance-based governance.
An OECD study6 was undertaken in 2011/2012 to support countries to develop privacy-respectful use of personal health data, so that there may be regular programmes of monitoring and research to support the sound management of the health system and scientific discovery for population health improvement.
While patient consent is clearly required and feasible to perform specific tasks in ad hoc studies, for example, the recruitment of patients to a clinical trial or an invitation to take part in a survey, such requirement presents significant challenges in population-based studies involving extensive retrieval of information from large scale patient databases. These databases were originally collected for other purposes, for example, administering the health system or providing clinical care for hundreds of thousands to millions of persons. The retrospective collection of patient consent implies that usable data will be biased towards non-movers and healthier/younger patients, which can compromise the validity and the utility of the findings. Further, attempting to reach large cohorts can be impractical and often requires significant financial resources. It is precisely this data, however, within which significant public resources have been invested, that can inform about pathways, quality, outcomes and costs of care, if it may be linked and analysed.
International guidelines for the ethical conduct of health research involving human subjects provide clarity regarding the international consensus on the conduct of research and, in particular, the circumstances under which a waiver of consent requirements can be considered.17 Indeed, such guidelines emphasise the important role played by independent research ethics committees in the evaluation of the merits and risks of health research.17 Such mechanisms that act to balance public good from research and risks to data subject, are overlooked in the proposed amendments.
Some European countries participating in the OECD study6 (France, Sweden, Denmark, Finland and the UK) indicated that their data protection legislation sets out the framework within which identifiable data may be processed without informed consent. Emerging in these countries are models that enhance privacy protection, research and statistical output, for example, national authorities responsible for data linkage and data anonymisation; national authorities for the consideration of applications for data linkage and access to anonymised data; and secure facilities to add an additional layer of protection beyond data anonymisation. The approach taken in these countries parallels approaches found in North America, Australia and Asia.
Other European countries indicated that approval to process data without patient consent would be granted at the level of the national data protection authority and that it is very difficult to obtain approval without first introducing new authorising legislation for the project itself (Belgium and Italy). Germany noted that personal health data may only be used with patient consent or when authorised by law or regulation. Portugal noted that record linkage is illegal in the absence of authorising legislation. Poland has not established a legal basis for national data linkages and has no reportable national data linkage projects.
The consequence has been an important difference within Europe in the scientific output of the countries,18 as well as in the ability of the countries to monitor and improve healthcare quality and health system performance.19 ,20
The direction of the proposed amendments would illegitimise the efforts that have been made in some European countries, removing the gains that they have achieved in enabling privacy-respectful data use for research and statistical purposes. For example, the initiative in England to create a statutory safe haven for the collection, linkage and de-identification of patient data for a variety of future research projects to improve healthcare quality and safety to be approved by research ethics committees21 ,22; large European funded projects, such as EuroHOPE23 and European Collaboration for Healthcare Optimisation,24 which depend on linkage and/or sharing of de-identified historical patient data for hospital performance and efficiency measurement; and numerous national disease registries enabled by statute or an ethical committee waiver to informed consent so that they can use administrative and clinical data to track progress, outcomes and costs for patients experiencing different diseases or treatments in order to focus practice on more effective treatments and improve patient outcomes.25 Rare disease registries, for which there are now 62 in Europe,26 and genomic or personalised medicine research require pooling data across borders and/or access to historical biobank data, would also be at risk.27 ,28
Consequently, European public health projects that rely on the existence of such registries to maintain secure platforms implementing “privacy by design”5 for cross-border information exchange, such as European Best Information through Regional Outcomes in Diabetes (EUBIROD),8 would also be undermined.
The revision of the DPD should have been an occasion to realise a balanced approach between privacy and health. An ad hoc discipline for public health should have been envisaged by the new DPD, including the definition of the conditions under which the processing of sensitive data is to be considered “legitimate” in the interest of public health.
The Commission's Proposal certainly pursued this objective.
However, the European Parliament Draft Report, as currently written, is likely to have a devastating effect on public health and health research. The amendments, if approved and included in the new DPD (to be shortly enacted), will hamper the possibility of attaining health gains for European citizens, and improvements in health system performance, which is crucial to minimise its economic impact on societies.
If the amendments stand as written, the right to privacy will override the right to health and healthcare.
The authors thank Dr Niek Klazinga for providing comments on early drafts of this article.
Contributors All authors have provided equal contribution to the production of this paper. CTDI has carried out the legal appraisal of the material. FC has contributed on the implications for statistics and public health. JO has provided input from the perspective of recent international initiatives in data linkage and the secondary use of health data.
Disclaimer The opinions expressed in this article are those of the authors alone; not those of the OECD, nor of its Member countries. All errors are the responsibility of the authors.
Competing interests None.
Provenance and peer review Not commissioned; externally peer reviewed.
If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.