Friday

29th Mar 2024

Opinion

EU plans allow Big Tech to exploit your medical records, without permission

Listen to article

In May 2022, the European Commission proposed the European Health Data Space (EHDS) in an attempt to improve the ways in which people's sensitive medical data is made available for various kinds of uses.

That includes the ability for hospitals and physicians to share information about current patients with expert colleagues abroad. For example, it's supposed to make it easier for a GP in Sweden to receive a digital copy of their Romanian patient's CT scan results from the radiologist in Romania in order to continue treatment.

Read and decide

Join EUobserver today

Get the EU news that really matters

Instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • Google, for instance, could obtain access to the details of your cancer treatment or the results of your last psychotherapy session to train its new AI for some well-being app (Photo: Matthew Tempest)

The EHDS also proposes to legally compel hospitals or physicians to hand out your medical records to a newly created government agency, which in turn, can allow access to anyone who claims a research interest. That includes not only academics but also pharmaceutical companies, wellness app startups and even data harvesting Big Tech corporations like Google and Facebook.

Your medical records include details of physical, mental and sexual health, drug and alcohol history, and any family and work-related problems that you thought you'd disclosed in confidence to your physician only. What's worse is that the information in medical records is almost impossible to effectively anonymise, meaning it's relatively easily identifiable as yours.

That is why 75 percent of Europeans said in a recent Ipsos poll that they are only willing to grant researchers access to their medical records if they have been asked for their explicit consent, and that's what the EHDS should require.

Big Tech is on the move

Without such a consent requirement, Google, for instance, could obtain access to the details of your cancer treatment or the results of your last psychotherapy session to train its new AI for some well-being app. And the outcome of that might feed into the company's advertising business.

If you don't like that, you are in bad luck: the EHDS does not foresee patients being asked for their permission; it does not even include a right to object to this kind of excessive data sharing.

Your medical records contain information about all aspects of your life. From the moment you were born, through childhood, puberty, and every sick leave, mental challenge, and other health issues you ever had. You should be the one in control of it.

More than a dozen organisations representing patients, medical professionals, persons with disabilities, consumer and digital rights organisations, as well as workers and trade unions have written to members of the EU Parliament, urging them to introduce the consent requirement in the health data proposal. This is crucial for protecting patients' rights and ensuring that they have control over the use of their private medical records.

Bye bye Hippocratic oath

The EHDS would make physicians and other medical professionals complicit in the forced commercialisation and monetisation of every aspect of your health without ever asking for your consent. It would destroy the Hippocratic oath of confidentiality by which every medical professional is supposed to be bound.

The global tech industry is only waiting for the opportunity to get their hands on Europeans' medical data. Apple already has an extensive "digital health" offer and, in 2020, Google paid over $2bn [€1.82bn] to acquire health device maker Fitbit in an attempt to enter the health data market.

Google's acquisition of Fitbit demonstrates the huge monetary value health data has, even to companies who do not contribute to public interest medical research, and why it should never be shared with third parties without your consent.

Not forgetting governments and cyber-criminals

Your medical records are not only of interest to corporations. Once stored in central, state-run data centres as the EHDS proposes, they could just as well be misused by your own government.

In January 2023, Polish police raided a private gynaecologist office in the city of Szczecin. The prosecutor claimed that "criminal acts" had been conducted in the form of medical abortions requested by patients. Poland has a de facto ban on abortion. During the raid, medical records dating back as far as 1996 were confiscated.

Just imagine how easy it would be for the Polish government to persecute any woman whose medical records contain the slightest indication that she might consider seeking an abortion, if everybody's medical data was held in a central database run by that same government.

And there is more: forcing the medical records of millions of people into a centralised database creates an incredibly attractive target for malicious hackers around the world.

With this kind of intimate information, common criminals can extort ransom from you by threatening to expose your medical details. Just last year, a criminal ransomware gang broke into the medical database of a healthcare systems provider in the US and started publishing nude pictures of female breast cancer patients on the internet after the provider refused to pay the ransom.

Medical research is incredibly important and often relies on access to such data to develop new medication and advance our understanding of the human body. But whoever wants to do that research must always ask for your permission to use your data first. Ideally, they should be obliged to release their research results back to the public, so that it can be of maximum common value to us all.

EU lawmakers therefore must amend the EHDS in that sense, so that we can continue to entrust our physicians with the most intimate details of our physical, mental and sexual health.

Author bio

Jan Penfrat is senior policy advisor for the European Digital Rights (EDRi) NGO. Dr Silke Lüder is the deputy chair of the Association of Independent Doctors Germany (Freie Ärzteschaft e.V.)

Disclaimer

The views expressed in this opinion piece are the author's, not those of EUobserver.

Feature

Medical technology: Advancing too fast for its own good?

The rapid advancement of medical technology has contributed to people living longer, healthier lives but consumer and campaign groups say devices should come under more scrutiny before they are used on patients.

Swedish doctors and nurses' battle for proper rest breaks

"There are a lot of rural areas in Sweden and we must be able to secure people's right to healthcare and access to water, food and medicines. At the same time, we must protect the workers' right to daily rest."

AI will destroy more female jobs than male, study finds

About four percent of global female employment is subject to potential automation through generative AI technologies, compared to only 1.4 percent of male employment. The trend is even more pronounced in high-income countries, a new study reveals.

Why UK-EU defence and security deal may be difficult

Rather than assuming a pro-European Labour government in London will automatically open doors in Brussels, the Labour party needs to consider what it may be able to offer to incentivise EU leaders to factor the UK into their defence thinking.

Column

EU's Gaza policy: boon for dictators, bad for democrats

While they woo dictators and autocrats, EU policymakers are becoming ever more estranged from the world's democrats. The real tragedy is the erosion of one of Europe's key assets: its huge reserves of soft power, writes Shada Islam.

Latest News

  1. Kenyan traders react angrily to proposed EU clothes ban
  2. Lawyer suing Frontex takes aim at 'antagonistic' judges
  3. Orban's Fidesz faces low-polling jitters ahead of EU election
  4. German bank freezes account of Jewish peace group
  5. EU Modernisation Fund: an open door for fossil gas in Romania
  6. 'Swiftly dial back' interest rates, ECB told
  7. Moscow's terror attack, security and Gaza
  8. Why UK-EU defence and security deal may be difficult

Stakeholders' Highlights

  1. Nordic Council of MinistersJoin the Nordic Food Systems Takeover at COP28
  2. Nordic Council of MinistersHow women and men are affected differently by climate policy
  3. Nordic Council of MinistersArtist Jessie Kleemann at Nordic pavilion during UN climate summit COP28
  4. Nordic Council of MinistersCOP28: Gathering Nordic and global experts to put food and health on the agenda
  5. Friedrich Naumann FoundationPoems of Liberty – Call for Submission “Human Rights in Inhume War”: 250€ honorary fee for selected poems
  6. World BankWorld Bank report: How to create a future where the rewards of technology benefit all levels of society?

Stakeholders' Highlights

  1. Georgia Ministry of Foreign AffairsThis autumn Europalia arts festival is all about GEORGIA!
  2. UNOPSFostering health system resilience in fragile and conflict-affected countries
  3. European Citizen's InitiativeThe European Commission launches the ‘ImagineEU’ competition for secondary school students in the EU.
  4. Nordic Council of MinistersThe Nordic Region is stepping up its efforts to reduce food waste
  5. UNOPSUNOPS begins works under EU-funded project to repair schools in Ukraine
  6. Georgia Ministry of Foreign AffairsGeorgia effectively prevents sanctions evasion against Russia – confirm EU, UK, USA

Join EUobserver

EU news that matters

Join us