ABSTRACT
This chapter critically examines the GDPR’s provisions relating to health by focusing on two main issues: i) the definitional uncertainties surrounding health data and ii) the legislative choices regarding the balance between the competing interests to data privacy on the one hand - seen mainly within the context of the enhanced protection that personal health data enjoy - and the interests of ‘public health’ on the other hand. I argue that while the GDPR’s provisions balancing data privacy with public health interests appear flexible and context-dependent, its binary definitional distinctions (sensitive (health) / non-sensitive (non-health) data is problematic and may result in rendering the GDPR’s rules both overinclusive and underinclusive.
