Category: GDPR

Hand with a red napkin washes the chalk board.

A European Cancer Survivors’ Right to be Forgotten?

Hannah van Kolfschooten Leave a comment

By Hannah van Kolfschooten and Mirko Faccioli

There are currently over 12 million cancer survivors in Europe. Due to improving cancer screening methods and medical treatment, this number is expected to grow every year. Former cancer patients often face multiple forms of discrimination throughout their lives. Many commercial companies make long-term cancer survivors “pay twice” – while having similar life expectancies as their peers, they are denied access to key services because of their former cancer status.

To combat this unfair practice, some European countries are establishing a “cancer survivors’ right to be forgotten,” also referred to as the “oncological right to be forgotten.” Italy’s parliament just passed a law to establish the right. Patients’ rights organizations and EU institutions are pushing for a “European cancer survivors’ right to be forgotten.” This post outlines the purpose of such a right and flags potential challenges in its adoption.

Read More

Code on computer.

Defragmenting European Law on Medical AI

Audrey Lebret Leave a comment

By Audrey Lebret

In the medical field, artificial intelligence (AI) is of great operational and clinical use. It eases the administrative burden on doctors, helps in the allocation of healthcare resources, and improves the quality of diagnosis. It also raises numerous challenges and risks. Balancing competitiveness with the need for risk prevention, Europe aims to become a major digital player through its AI framework strategy, particularly in the field of digital health. The following provides a rapid overview of the normative landscape of medical AI in Europe, beyond the borders of the EU and its 27 Member States. It also takes into account the treaties in force or emerging at the level of the Council of Europe and its 46 Member States. The purpose is to illustrate the reasons and difficulties associated with the legal fragmentation in the field, and to briefly mention a few key elements towards the necessary defragmentation.

Read More

Diverse crowd of adults on a bus, all using smartphones

ACCESS Act Points the Way to a Post-HIPAA World

Adrian Gropper 4 Comments

By Adrian Gropper

The October 22 announcement starts with: “U.S. Sens. Mark R. Warner (D-VA), Josh Hawley (R-MO) and Richard Blumenthal (D-CT) will introduce the Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act, bipartisan legislation that will encourage market-based competition to dominant social media platforms by requiring the largest companies to make user data portable – and their services interoperable – with other platforms, and to allow users to designate a trusted third-party service to manage their privacy and account settings, if they so choose.”

Although the scope of this bill is limited to the largest of the data brokers (messaging, multimedia sharing, and social networking) that currently mediate between us as individuals, it contains groundbreaking provisions for delegation by users that is a road map to privacy regulations in general for the 21st century.

Read More

Photograph of a doctor in blue scrubs overlaid with an illustration of a padlock

Nudges or Shoves in the Secondary Use of Health Data: What is the More Desirable Approach? (Part 2)

Marcelo Corrales Leave a comment

By Marcelo Corrales Compagnucci, Janos Meszaros & Timo Minssen

This post is the second part in a two-part series about nudge theory, health data, and the U.K.’s National Data Opt-out System. You can read the first part here

Governments are always actively trying to improve their health care systems, and the secondary use of health data is one way of reaching this goal effectively. The secondary use of health data involves the use of health care data collected for a new purpose, such as research and policy planning. This data is usually collected from hospitals and health care systems – large databases containing administrative, medical, health care, and personal data from patients.

Read More

graphic of a keylock in front of a keyboard

The EU’s GDPR in the Health Care Context 

Sara Gerke Leave a comment

By Sara Gerke 

The EU’s General Data Protection Regulation, which came into force two years ago but became directly applicable in all EU Member States only last week, aims to establish an equal level of protection for the rights and freedoms of natural persons with regard to the processing of personal data in all EU Member States.

Each of us has been inundated with emails in the last few days and weeks, informing us about the GDPR and asking us, among other things, to review updated privacy policy. This flood of emails is, in particular, the consequence of the GDPR’s imposing administrative fines for infringements.

According to its territorial scope, the GDPR can also impact US companies that process personal data of data subjects who are in the EU. For example, this is the case for newspapers and affiliated websites, where the processing activities are related to the offering of services or goods, irrespective of whether payment is required. Some papers decided to simply block users in the EU, rather than abide by the GDPR’s provisions. 

Read More