Published online by Cambridge University Press: 25 May 2021
Introduction – The previously presented analysis on the legal context and the historical roots of the right to data protection as a fundamental right of patients and other natural persons has shown that unrestricted exploitation of patients’ personal data is not tolerated in the European society and by European regulations. Over time, data protection evolved towards a mechanism that intends to avoid third parties to acquire substantial power over data subjects – patients and others, individuals and groups – directly through the processing of (their) personal data. Nevertheless, it was illustrated in the analysis of modern healthcare systems’ characteristics how new technologies, including those deployed in health, require the processing of personal data.
Technological ingenious solutions, such as shared electronic health records, data mining techniques, artificial intelligence, computerised motivational education tools, allow for the development and uptake of value-based and evidence-based medicine as well as personalised medicine. Digital solutions also foster a shiftin medicine, which was initiated in the seventies: the evolution from a doctor-knows-best discipline to a discipline which encourages patient empowerment and in which the focus is on patient-centred care. The implementation in healthcare systems of techniques and models based on disease management and personalised medicine in combination with the emergence of machine learning, big health data and artificial intelligence does, however, raise the question how to accommodate the European fundamental rights to autonomy, privacy and data protection as well as the aspiration for patient empowerment that characterises the 21st-century European society. Technological ingeniousness creates advantages for patients in terms of better health and society in terms of better health outcomes. Simultaneously it may cause general opacity and an opportunity for unlimited exploitation of data (for example, health insurers, governments or parties with merely commercial interest). Technological developments have brought many advantages and an increased risk for individuals to be deprived of their fundamental right to data protection. How should we deal with these risks, and how can we enhance privacy in spite of these techniques? An in-depth assessment of some of Europe's most fundamental data protection mechanisms and their relation with digital healthcare solutions is necessary to answer that question.