31st May 2023


EU plans allow Big Tech to exploit your medical records, without permission

Listen to article

In May 2022, the European Commission proposed the European Health Data Space (EHDS) in an attempt to improve the ways in which people's sensitive medical data is made available for various kinds of uses.

That includes the ability for hospitals and physicians to share information about current patients with expert colleagues abroad. For example, it's supposed to make it easier for a GP in Sweden to receive a digital copy of their Romanian patient's CT scan results from the radiologist in Romania in order to continue treatment.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • Google, for instance, could obtain access to the details of your cancer treatment or the results of your last psychotherapy session to train its new AI for some well-being app (Photo: Matthew Tempest)

The EHDS also proposes to legally compel hospitals or physicians to hand out your medical records to a newly created government agency, which in turn, can allow access to anyone who claims a research interest. That includes not only academics but also pharmaceutical companies, wellness app startups and even data harvesting Big Tech corporations like Google and Facebook.

Your medical records include details of physical, mental and sexual health, drug and alcohol history, and any family and work-related problems that you thought you'd disclosed in confidence to your physician only. What's worse is that the information in medical records is almost impossible to effectively anonymise, meaning it's relatively easily identifiable as yours.

That is why 75 percent of Europeans said in a recent Ipsos poll that they are only willing to grant researchers access to their medical records if they have been asked for their explicit consent, and that's what the EHDS should require.

Big Tech is on the move

Without such a consent requirement, Google, for instance, could obtain access to the details of your cancer treatment or the results of your last psychotherapy session to train its new AI for some well-being app. And the outcome of that might feed into the company's advertising business.

If you don't like that, you are in bad luck: the EHDS does not foresee patients being asked for their permission; it does not even include a right to object to this kind of excessive data sharing.

Your medical records contain information about all aspects of your life. From the moment you were born, through childhood, puberty, and every sick leave, mental challenge, and other health issues you ever had. You should be the one in control of it.

More than a dozen organisations representing patients, medical professionals, persons with disabilities, consumer and digital rights organisations, as well as workers and trade unions have written to members of the EU Parliament, urging them to introduce the consent requirement in the health data proposal. This is crucial for protecting patients' rights and ensuring that they have control over the use of their private medical records.

Bye bye Hippocratic oath

The EHDS would make physicians and other medical professionals complicit in the forced commercialisation and monetisation of every aspect of your health without ever asking for your consent. It would destroy the Hippocratic oath of confidentiality by which every medical professional is supposed to be bound.

The global tech industry is only waiting for the opportunity to get their hands on Europeans' medical data. Apple already has an extensive "digital health" offer and, in 2020, Google paid over $2bn [€1.82bn] to acquire health device maker Fitbit in an attempt to enter the health data market.

Google's acquisition of Fitbit demonstrates the huge monetary value health data has, even to companies who do not contribute to public interest medical research, and why it should never be shared with third parties without your consent.

Not forgetting governments and cyber-criminals

Your medical records are not only of interest to corporations. Once stored in central, state-run data centres as the EHDS proposes, they could just as well be misused by your own government.

In January 2023, Polish police raided a private gynaecologist office in the city of Szczecin. The prosecutor claimed that "criminal acts" had been conducted in the form of medical abortions requested by patients. Poland has a de facto ban on abortion. During the raid, medical records dating back as far as 1996 were confiscated.

Just imagine how easy it would be for the Polish government to persecute any woman whose medical records contain the slightest indication that she might consider seeking an abortion, if everybody's medical data was held in a central database run by that same government.

And there is more: forcing the medical records of millions of people into a centralised database creates an incredibly attractive target for malicious hackers around the world.

With this kind of intimate information, common criminals can extort ransom from you by threatening to expose your medical details. Just last year, a criminal ransomware gang broke into the medical database of a healthcare systems provider in the US and started publishing nude pictures of female breast cancer patients on the internet after the provider refused to pay the ransom.

Medical research is incredibly important and often relies on access to such data to develop new medication and advance our understanding of the human body. But whoever wants to do that research must always ask for your permission to use your data first. Ideally, they should be obliged to release their research results back to the public, so that it can be of maximum common value to us all.

EU lawmakers therefore must amend the EHDS in that sense, so that we can continue to entrust our physicians with the most intimate details of our physical, mental and sexual health.

Author bio

Jan Penfrat is senior policy advisor for the European Digital Rights (EDRi) NGO. Dr Silke Lüder is the deputy chair of the Association of Independent Doctors Germany (Freie Ärzteschaft e.V.)


The views expressed in this opinion piece are the author's, not those of EUobserver.


Medical technology: Advancing too fast for its own good?

The rapid advancement of medical technology has contributed to people living longer, healthier lives but consumer and campaign groups say devices should come under more scrutiny before they are used on patients.

Swedish doctors and nurses' battle for proper rest breaks

"There are a lot of rural areas in Sweden and we must be able to secure people's right to healthcare and access to water, food and medicines. At the same time, we must protect the workers' right to daily rest."

The EU needs to foster tech — not just regulate it

The EU's ambition to be a digital superpower stands in stark contrast to the US — but the bigger problem is that it remains far better at regulation than innovation, despite decades of hand-wringing over Europe's technology gap.

EU export credits insure decades of fossil-fuel in Mozambique

European governments are phasing out fossil fuels at home, but continuing their financial support for fossil mega-projects abroad. This is despite the EU agreeing last year to decarbonise export credits — insurance on risky non-EU projects provided with public money.

Latest News

  1. Europe's TV union wooing Lavrov for splashy interview
  2. ECB: eurozone home prices could see 'disorderly' fall
  3. Adapting to Southern Europe's 'new normal' — from droughts to floods
  4. Want to stop forced migration from West Africa? Start by banning bottom trawling
  5. Germany unsure if Orbán fit to be 'EU president'
  6. EU Parliament chief given report on MEP abuse 30 weeks before sanction
  7. EU clashes over protection of workers exposed to asbestos
  8. EU to blacklist nine Russians over jailing of dissident

Stakeholders' Highlights

  1. International Sustainable Finance CentreJoin CEE Sustainable Finance Summit, 15 – 19 May 2023, high-level event for finance & business
  2. ICLEISeven actionable measures to make food procurement in Europe more sustainable
  3. World BankWorld Bank Report Highlights Role of Human Development for a Successful Green Transition in Europe
  4. Nordic Council of MinistersNordic summit to step up the fight against food loss and waste
  5. Nordic Council of MinistersThink-tank: Strengthen co-operation around tech giants’ influence in the Nordics
  6. EFBWWEFBWW calls for the EC to stop exploitation in subcontracting chains

Stakeholders' Highlights

  1. InformaConnecting Expert Industry-Leaders, Top Suppliers, and Inquiring Buyers all in one space - visit Battery Show Europe.
  2. EFBWWEFBWW and FIEC do not agree to any exemptions to mandatory prior notifications in construction
  3. Nordic Council of MinistersNordic and Baltic ways to prevent gender-based violence
  4. Nordic Council of MinistersCSW67: Economic gender equality now! Nordic ways to close the pension gap
  5. Nordic Council of MinistersCSW67: Pushing back the push-back - Nordic solutions to online gender-based violence
  6. Nordic Council of MinistersCSW67: The Nordics are ready to push for gender equality

Join EUobserver

Support quality EU news

Join us