ABSTRACT
Under which rules and conditions can health data be brought together on a European-wide platform for the purpose of Big Data analytics? To investigate this question, national legal experts from 30 European countries were asked to draft a report on the status of the legal framework in their country. The reports, collected in the framework of the Horizon 2020 funded AEGLE project, describe the national rules and procedures applicable to the use of health data for research purposes before and after the entry into force of the GDPR. The main lesson learnt from this legal research is that the GDPR has not resulted in a harmonised regulatory framework for researchers who wish to perform research based on health data to be collected in multiple European countries. The study also shows that the complexity and fragmentation of the regulatory landscape is not in the first place a consequence of the GDPR having failed to reach its ambitions. Rules and procedures to be respected by researchers planning to use health data for research purposes are not exclusively imposed by data protection law but they are more often related to data ownership. In practice, researchers are requested to meet the conditions set by the health data owners, in the first place by healthcare institutions and private or public health data repositories. To overcome the complexity to which researchers are confronted, recent initiatives of the European Commission to promote the creation of European-wide repositories, for example of health images or digital pathology slides, must be welcomed. If successful, such initiatives can shift the burden of bringing health data from different countries together from the researcher to the repository owners.
