A Digital Europe – Digital Health and other Recent EU Data Initiatives

Taking a step into the digital age, the European Commission announced that the 2020s shall become the EU’s Digital Decade.  The EU’s digitalization, including in the area of health, is one of the Commission’s key priorities and covers a wide range of actions and related initiatives.

Building on prior initiatives, in 2019 the Commission announced six key priorities (since supplemented by the COVID-19 recovery plan) that would shape the coming five years of policy making.  One of these six key priorities is to create a Europe fit for the digital age and work on a digital strategy that will empower people with a new generation of technologies.

This priority, A Europe fit for the digital age, is further supplemented by nine specific action areas.  Specifically relevant to the EU’s digital health agenda, these actions include:

  • Artificial Intelligence,
  • European Data Strategy,
  • Digital Services Act (DSA) and Digital Markets Act (DMA), and
  • Cybersecurity

Within each of these actions, the Commission has and continues to present a number of initiatives and legislative proposals.  Below is an overview of some of the key proposals made to date.

Artificial intelligence: Continuing to build on its first AI strategy, presented in 2018, and the High-Level Expert Group on AI’s Ethics Guidelines on trustworthy AI of April 2019, the Commission presented an EU framework for AI on 19 February 2020.  This framework, presented in the format of a White Paper aims to address the concerns surrounding the use of AI in the EU, address risks not currently dealt with under existing legislation, and to promote the uptake of AI in the EU. The framework highlights, inter alia, that AI can bring many benefits in healthcare, e.g., making diagnosis more precise and enabling better prevention of diseases.  The framework started a public consultation, which ran from 19 February to 14 June 2020, and which collected a wide variety of views on the upcoming policy and regulatory steps on AI.  The results of this public consultation were published in November 2020.

European Data Strategy: This strategy aims to make the digital transformation work for people and businesses, creating a single market for data that will ensure Europe’s global competitiveness and data sovereignty, among other policy goals.

Indeed in November 2020, the Commission published its Proposal for a Data Governance Act.  The instrument aims to foster the availability of data for use by increasing trust in data intermediaries and by strengthening data-sharing mechanisms across the EU.  The instrument would address the following situations: (i) making public sector data available for re-use, (ii) sharing data among businesses, (iii) allowing personal data to be used with the help of a ‘personal data-sharing intermediary’, designed to help individuals exercise their rights under the General Data Protection Regulation (GDPR), and (iv) allowing data use on altruistic grounds.

Most recently the Commission has taken steps to progress this priority through the publication of its European Health Data Space (EHDS) Inception Impact Assessment – intended to support the Commission in progressing its legislative initiative for a EHDS.

The objectives of the EHDS legislative proposal include (1) leveraging the potential of digital health in a “privacy-preserving” way, (2) promoting access to health data for research and innovation, and (3) enhancing the “development, deployment, and application of trustworthy digital health products and services.”

To support its objectives, the Commission has proposed the following policy options:

  • Establishing an appropriate legal and governance framework to address access to and exchange of health data – which will require careful consideration of the interplay with the GDPR;
  • Lowering technical barriers that hinder the use and re-use of health data;
  • Ensuring individuals have access and control over their health data;
  • Removing barriers to the cross-border movement of digital health services and products; and
  • Analysing liability rules related to the use of data-intensive digital health services, including those incorporating artificial intelligence.

In terms of next steps, the EHDS Inception Impact Assessment is open for feedback until 3 February 2021. The EHDS legislative proposal is scheduled for publication by the end of 2021.

DSA and DMA: In December 2020 the Commission published (i) a proposal for legislation which recommends revamping content moderation rules for “very large online platforms”. In particular, it would apply to online intermediaries, which include services such as internet service providers, cloud services, messaging, marketplaces, and social networks. The draft DSA includes potential fines for noncompliance of up to 6% of a company’s global revenues, and (ii) a proposal for new competition rules for so-called “gatekeeper” platforms to address alleged unfair practices and make them more contestable by competitors. The draft DMA includes potential fines for noncompliance of up to 10% of a company’s global revenues.  For further information on these proposals please see our blog post (here).

Cybersecurity: In December 2020 the Commission presented its new EU Cybersecurity Strategy. The Strategy includes proposals for regulatory, investment and policy initiatives, in (i) resilience, technological sovereignty and leadership – under which the Commission proposes a reform of the EU Network and Information Security directive (NIS Directive) and the establishment of an AI-powered network of Security Operations Centres, (ii) building operational capacity to prevent, deter and respond – under which the Commission proposes a new Joint Cyber Unit, to strengthen cooperation between EU bodies and Member State authorities, and (iii) advancing a global and open cyberspace through increased cooperation – under which the Commission proposes the formation of an EU Cyber Diplomacy Network to “promote its vision of cyberspace” globally.

This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.