EU Under Pressure to Make Decisions on Data Sharing

Within the massive European mobilization of resources to combat the COVID-19 pandemic, the sharing of health data has come to assume an almost emblematic significance. The European Union’s billion-dollar funding of vaccines and its histrionic announcement of building a “European Health Union” have captured the headlines, but discussions among policymakers are focusing on what may prove to be an even more challenging assignment: how to square the circle of promoting digitalization while respecting EU data protection laws.

The appetite for digitalization and the data sharing that underpins it is evident. The creation of a so-called European Health Data Space (EHDS) is now firmly inscribed on the EU’s legislative agenda for 2021, and its outlines have already been sketched in. It will, according to the European Commission, “promote better exchange and access to different types of health data”—it instances electronic health records, genomics data, or data from patient registries—not only to support healthcare delivery, but also for health research and health policymaking purposes. According to Jens Spahn, Germany’s federal minister of health, and current president of the EU’s Health Council, “Health data is paramount, for healthcare in general, but especially to fight cross-border health threats such as the COVID-19 pandemic.” Stella Kyriakides, European commissioner for health, sees the EHDS as “a crucial component of a strong European Health Union.” And her counterpart responsible for industry, Thierry Breton, says “strengthening and extending the use and re-use of health data is critical for an innovative and competitive EU healthcare sector.”

The principal European pharmaceutical lobby group, EFPIA, is also “excited” by EU efforts to advance the EHDS concept, and “applauds” the intention to create an EU policy environment that can capitalize on the potential of health data. Civil society organizations in 15 European countries have issued a declaration recognizing the importance of digitalization for research and innovation, urging the EU to increase its efforts to make data interoperable. Germany has to hand over its position in the driving seat of EU health policy to Portugal and then Slovenia in 2021, so it is maximizing its push for progress, with an emphasis on digital transformation in healthcare: “improving the access to and sharing of health data for research and innovative healthcare,” as German Health Secretary Thomas Steffen puts it. It aims to get an EU agreement in this month on a roadmap for a EHDS, with commitments to have it functioning in 2021, and by 2025 put in place a transnational framework with clear rules and interoperable digital infrastructures.

This presupposes generating solutions for many of the current technical barriers—the deficiencies in data infrastructure, the fragmented nature of Europe’s data collection and curation, the lack of interoperability, standards, and quality assurance. But it also, and more dauntingly, requires an easing of the constraints imposed by the EU’s data protection laws. These continue to inhibit data sharing, with rigorous rules on consent. They also cause confusion both within the EU—because individual member states interpret them differently—and in international data transfer and use. Steffen points to the irony that people and goods—and viruses—can move freely around Europe, but health data remains trapped within national borders.

Every iteration of the call for digitalization is accompanied by a variation on the mantra of compliance with data protection requirements, As Steffen puts it: “This means: digitalization yes, but not at all costs and not against patients’ declared wishes.” Everyone is consequently in search of a common understanding on how to access, share, and process health data safely and in an ethically sound manner. And not everyone has the same vision of what that means in practice.

Defenders of patients’ rights emphasize the primacy of these rights. Some call for mechanisms that would allow individuals to share their data in a secure way with users—such as healthcare providers, healthcare companies, or researchers, and for modifications of the current tight rules on data usage agreements. And EFPIA, while genuflecting in passing to the principles of data protection, insists “data access challenges must be overcome, and EU legislation must support data access for healthcare purposes.” It is unambiguous: “Any rules or principles that would needlessly impede the flow of data into or out of the EU must be avoided.”

The scene is set for yet another pitched battle on the context for pharmaceutical innovation in Europe.

REFLECTOR is Pharmaceutical Executive’s correspondent in Brussels