Category: Ευρωκοινοβούλιο

The Pirate Party of Greece distances itself from the sensationalist fearmongering promoted by several EU Parliament Members regarding the proposed Regulation and denounces the two EU Parliament rapporteurs’ intransigence on the patients’ right to “opt-out” from primary and secondary use of their data. Before we proceed any further, some definitions are due:

• Primary use is the processing of personal electronic health data for the provision of health services to assess, maintain or restore the state of health of the natural person to whom that data relates, including the prescription, dispensation and provision of medicinal products and medical devices, as well as for relevant social security, administrative or reimbursement services.[1] In a nutshell, it is the recording, archiving, retrieval, display, and analysis of the patient’s data in order to provide them with the necessary healthcare and social security support.

• Secondary use is the processing of electronic health data for purposes set out in Chapter IV of this Regulation. The data used may include personal electronic health data initially collected in the context of primary use, but also electronic health data collected for the purpose of the secondary use.[1] 

• Permitted purposes as set out in Article 34, Chapter IV of the proposed Regulation:[2]

• Health data access bodies shall only provide access to electronic health data referred to in Article 33 where the intended purpose of processing pursued by the applicant complies with:

• (a) activities for reasons of public interest in the area of public and occupational health, such as protection against serious cross-border threats to health, public health surveillance or ensuring high levels of quality and safety of healthcare and of medicinal products or medical devices;

• (b) to support public sector bodies or Union institutions, agencies and bodies including regulatory authorities, in the health or care sector to carry out their tasks defined in their mandates;

• (c) to produce national, multi-national and Union level official statistics related to health or care sectors;

• (d) education or teaching activities in health or care sectors;

• (e) scientific research related to health or care sectors;

• (f) development and innovation activities for products or services contributing to public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;

• (g) training, testing and evaluating of algorithms, including in medical devices, AI systems and digital health applications, contributing to the public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;

• (h) providing personalised healthcare consisting in assessing, maintaining or restoring the state of health of natural persons, based on the health data of other natural persons.

• Prohibited purposes as set out in Chapter IV of the proposed Regulation:[3]

• Seeking access to and processing electronic health data obtained via a data permit issued pursuant to Article 46 for the following purposes shall be prohibited:

• (a) taking decisions detrimental to a natural person based on their electronic health data; in order to qualify as “decisions”, they must produce legal effects or similarly significantly affect those natural persons;

• (b) taking decisions in relation to a natural person or groups of natural persons to exclude them from the benefit of an insurance contract or to modify their contributions and insurance premiums;

• (c) advertising or marketing activities towards health professionals, organisations in health or natural persons;

• (d) providing access to, or otherwise making available, the electronic health data to third parties not mentioned in the data permit;

• (e) developing products or services that may harm individuals and societies at large, including, but not limited to illicit drugs, alcoholic beverages, tobacco products, or goods or services which are designed or modified in such a way that they contravene public order or morality.

This proposal dates from May 2022 and is somewhat outdated compared to more recent compromise texts. These newer texts are reportedly “watered down” to appease the two EU Parliament rapporteurs. Still, even in this text, none of the permitted uses are anything like what alarmist MEPs tell their voters. In fact, the proposal reiterates all the benign and ethical uses that our health information has been used for in the past, and prohibits the purposes for which health data must never be used. There is precisely zero evidence in the text that the EHDS, as proposed, is meant to lend itself to being used for nefarious purposes.

Right to Opt-out vs Right to Object

The two EU Parliament rapporteurs, Tomislav Sokol from the conservative Croatian Democratic Union (Hrvatska Demokratska Zajednica – HDZ) and Annalisa Tardino from the right-wing populist Lega per Salivini Premier (an offshoot of the infamous Lega Nord), insist on demanding that the EHDS Regulation force all EU member states to grant their citizens a right to opt out of these two uses. This right is the of the individual to stop a healthcare provider and/or the state from using any or all of their health data, without having to establish a valid reason for this.

Article 21 of the General Data Protection Regulation (GDPR), on the other hand, provides individuals with the Right to Object.[4] This allows people to stop a data processing entity from continuing the processing of their data, even if this “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller” (GDPR Art. 6(1) (e))[5] or “for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.” (GDPR Art. 6(1) (f))[5] 

It must be noted, though, that the Right to Object can be subject to restrictions, for reasons detailed in Art. 23 (1) (e) and (i):[6]

(e) [O]ther important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, budgetary and taxation matters, public health and social security;

(i) the protection of the data subject or the rights and freedoms of others;

The lawfulness of the processing of an individual’s health data is further governed by Articles 6 (1) and 9 (2) (g) through (j).[7] Furthermore, Article 89 of the GDPR[8] sets out a number of very strong safeguards w.r.t. the processing of data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

Risks stemming from lack of data

There are, sadly, societies gripped by the murderous anti-vaccination movement that the alt-right has funded and supported so fiercely; societies where conspiracy theories are exceedingly popular. If you legislate an unfettered, unconditional opt-out of primary and secondary use of people’s health data, even basic healthcare will suffer. Don’t get us started on things like epidemiological maps, health statistics, planning for the prevention of future pandemics and epidemics, or even research for treatments, pharmaceutical products, vaccines, etc. Without data, you can’t have clinical studies, you can’t have statistics, you can’t have research, you can’t have anything. We are appalled to see MEPs push so irresponsibly for the creation of a potentially huge data gap that can even prove fatal. Entire countries are at risk of having less information on their populations’ health, and – even worse – low-quality and incomplete information, with dire potential consequences on the planning of public health policies.

Irresponsible intransigence

We happen to know that the Belgian Presidency of the EU Council suggested to the EU Parliament’s negotiators to leverage the solid provisions of the GDPR w.r.t. an individual’s exemption from the processing of their health data for primary and/or secondary use. It was a very sensible proposal, as the GDPR is an extremely powerful law not only for the protection of a person’s data, but also for the protection of people’s liberties, even democracy itself – this is precisely why governments seek to circumvent it and even outright violate it with spyware and irrelevant exemptions like the Copyright Directive’s pre-emptive censorship machines. Yet, the Parliament, following the lead of the two conservative rapporteurs, rejected this proposal. Instead, it insisted on using patient consent as the sole legal basis for the processing of health data, which shows deep ignorance of privacy legislation. Even worse, it makes us wonder whether the rapporteurs and their followers bothered to consult with competent authorities such as the European Data Protection Supervisor.

The Pirate Party of Greece calls MEPs to listen to reason and close their ears to all this irresponsible fearmongering about the EHDS. Negotiations have been sabotaged far too much already, and if the far-right populists gain more seats in the next EU Parliament, things will be a lot worse. Furthermore, we can’t help noticing the dichotomy between the rapporteurs’ posturing about patients’ rights and their parties’ platforms that strive to restrict people’s liberties and rights, from freedom of speech and expression all the way to people’s access to healthcare. Especially on the topic of healthcare, conservative parties are the greatest purveyors of horrendous and deplorable falsehoods, from the “moral risk” bugbear to the misogynist “abortion is murder” libel. As a consistently progressive party, we cannot reconcile the two ends of this dichotomy.

Finally, we cannot accept the “even a broken clock is right twice a day” adage, for five reasons. For starters, we have seen no reason so far to trust anyone from the EPP, the ECR, and the ID groups at all. Second, we refuse to follow a duo where one half is from Salvini’s party – it’s a matter of principle for us. Third, because the arguments provided by the rapporteurs and their followers play straight into the hands of the oligarch-funded alt-right peddlers of conspiracy theories who seek to destroy Europe. Fourth, because the arguments provided by the rapporteurs and their followers make no sense at all if you strip them of the layers of sensationalist alarmism and opaque legalese buzzwords. Five, because public health is far too important to be discussed in tin-foil hat terms.

[1] The European Health Data Space (EHDS). [online] Available at: https://www.european-health-data-space.com/European_Health_Data_Space_Article_2_(Proposal_3.5.2022).html [Accessed 12 Mar. 2024].

[2] The European Health Data Space (EHDS). [online] Available at: https://www.european-health-data-space.com/European_Health_Data_Space_Article_34_(Proposal_3.5.2022).html [Accessed 12 Mar. 2024].

‌[3] The European Health Data Space (EHDS). [online] Available at: https://www.european-health-data-space.com/European_Health_Data_Space_Article_35_(Proposal_3.5.2022).html [Accessed 12 Mar. 2024].

‌[4] General Data Protection Regulation (GDPR). (n.d.). Art. 21 GDPR – Right to object. [online] Available at: https://gdpr-info.eu/art-21-gdpr/.

[5] General Data Protection Regulation (GDPR). (n.d.). Art. 6 GDPR – Lawfulness of processing. [online] Available at: https://gdpr-info.eu/art-6-gdpr/.

[6] General Data Protection Regulation (GDPR). (n.d.). Art. 23 GDPR – Restrictions. [online] Available at: https://gdpr-info.eu/art-23-gdpr/.

[7] General Data Protection Regulation (GDPR). (n.d.). Art. 9 GDPR – Processing of special categories of personal data. [online] Available at: https://gdpr-info.eu/art-9-gdpr/.

[8] General Data Protection Regulation (GDPR). (n.d.). Art. 89 GDPR – Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. [online] Available at: https://gdpr-info.eu/art-89-gdpr/.