Lawfulness in secondary use of health data

Abstract

In the recent years the importance of secondary uses of health data for clinical, research and policy making purposes has been further stressed in view of the availability of health-related data collected in traditional and non-traditional settings. However, processing health data - which are sensitive type of personal data - requires adopting adequate legal and ethical protections, to ensure that rights of the data subjects have been respected, while also facilitating responsible access to data. In this paper we aim to shed light on the interplay between the existing and emerging relevant European regulatory frameworks related to data processing, including the General Data Protection Regulation (GDPR), the upcoming Data Governance Act and the legislative proposal for European Health Data Space. In doing that, we will focus mainly on the legal bases for secondary uses of data in view of the overarching princi- ples of data protection.