Achieved Compliance Comments on New European Health Data Space Program

Written by

Achieved Compliance

As we reported on Twitter, the European Commission announced the launch of the European Health Data Space (EHDS), an initiative designed to empower people to control and use their health data in their home country or in other member states. At the same time, it promotes a consistent framework for the use of health data for research and innovation, and compliance with the EU’s data protection standards.

The Commission emphasizes in its statement that the EHDS builds further on the GDPR as well as anticipated new legislation related to data protection in the EU – the proposed Data Governance Act, the draft Data Act, and the NIS Directive. It will, in addition, establish rules designed specifically for health data - see links below.

For companies and organizations collecting and processing health data, the EU’s heightened focus on health sector data signals the possibility of new opportunities. From a data protection standpoint, the announcement notes that this initiative will offer a framework that promotes compliance with laws in Europe, but that there will be no relaxing of the EU’s high standards for data protection. Instead, it appears likely that additional rules will be put in place to ensure the protection and safe transfer of health data.

Achieved Compliance will continue to monitor the EU’s efforts to implement this initiative.

In the meantime, given its focus on protecting sensitive health data, organizations can best prepare for it will continue to be important that organizations understand the GDPR – and any new law the EU may enact to facilitate the European Health Data Space – and to build the internal programs and processes necessary to comply.

The proposed Data Governance Act: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52020PC0767&from=EN

Link to the draft Data Act: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52022PC0068&from=EN

Link to the NIS Directive: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016L1148&from=EN

Achieved Compliance can fortify your organization's understanding of the GDPR and potential new regulations to ensure proactive readiness for the evolving data protection landscape. Contact us today to learn more.

PRIVACY BLOG

Kentucky Poised to Enact State Privacy Law

The Launch of the Third Coordinated Enforcement Framework Action

Adoption of the New EU-U.S. Data Privacy Framework Approaches: What Companies Can Do Now to Prepare

Ireland Data Protection Commission Fines WhatsApp Ireland $266 Million for GDPR Transparency Violations

China Passes Personal Information Protection Law

Colorado Privacy Act Signed by Governor

European Commission Publishes Final Version of SSC, Imposes Obligations on Data Controllers and Processors

Dutch Data Protection Authority Imposes €525,000 Fine for Failure to Appoint Article 27 Representative

Companies that Comply with GDPR Reap Benefits in Jurisdictions Beyond the EU

European Commission Publishes Draft Decision Finding UK Law Provides Adequate Protections for EU Data

House of Representatives to Consider New Privacy Bill

On Sunday 7 April, U.S. House of Representative Committee on Energy and Commerce Chair Cathy McMorris Rodgers, R-Wash., and Senate Committee on Commerce, Science and Transportation Chair Maria Cantwell, D-Wash. released a new bill – the American Privacy Rights Act (APRA).