28th Sep 2023


EU plans allow Big Tech to exploit your medical records, without permission

Listen to article

In May 2022, the European Commission proposed the European Health Data Space (EHDS) in an attempt to improve the ways in which people's sensitive medical data is made available for various kinds of uses.

That includes the ability for hospitals and physicians to share information about current patients with expert colleagues abroad. For example, it's supposed to make it easier for a GP in Sweden to receive a digital copy of their Romanian patient's CT scan results from the radiologist in Romania in order to continue treatment.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • Google, for instance, could obtain access to the details of your cancer treatment or the results of your last psychotherapy session to train its new AI for some well-being app (Photo: Matthew Tempest)

The EHDS also proposes to legally compel hospitals or physicians to hand out your medical records to a newly created government agency, which in turn, can allow access to anyone who claims a research interest. That includes not only academics but also pharmaceutical companies, wellness app startups and even data harvesting Big Tech corporations like Google and Facebook.

Your medical records include details of physical, mental and sexual health, drug and alcohol history, and any family and work-related problems that you thought you'd disclosed in confidence to your physician only. What's worse is that the information in medical records is almost impossible to effectively anonymise, meaning it's relatively easily identifiable as yours.

That is why 75 percent of Europeans said in a recent Ipsos poll that they are only willing to grant researchers access to their medical records if they have been asked for their explicit consent, and that's what the EHDS should require.

Big Tech is on the move

Without such a consent requirement, Google, for instance, could obtain access to the details of your cancer treatment or the results of your last psychotherapy session to train its new AI for some well-being app. And the outcome of that might feed into the company's advertising business.

If you don't like that, you are in bad luck: the EHDS does not foresee patients being asked for their permission; it does not even include a right to object to this kind of excessive data sharing.

Your medical records contain information about all aspects of your life. From the moment you were born, through childhood, puberty, and every sick leave, mental challenge, and other health issues you ever had. You should be the one in control of it.

More than a dozen organisations representing patients, medical professionals, persons with disabilities, consumer and digital rights organisations, as well as workers and trade unions have written to members of the EU Parliament, urging them to introduce the consent requirement in the health data proposal. This is crucial for protecting patients' rights and ensuring that they have control over the use of their private medical records.

Bye bye Hippocratic oath

The EHDS would make physicians and other medical professionals complicit in the forced commercialisation and monetisation of every aspect of your health without ever asking for your consent. It would destroy the Hippocratic oath of confidentiality by which every medical professional is supposed to be bound.

The global tech industry is only waiting for the opportunity to get their hands on Europeans' medical data. Apple already has an extensive "digital health" offer and, in 2020, Google paid over $2bn [€1.82bn] to acquire health device maker Fitbit in an attempt to enter the health data market.

Google's acquisition of Fitbit demonstrates the huge monetary value health data has, even to companies who do not contribute to public interest medical research, and why it should never be shared with third parties without your consent.

Not forgetting governments and cyber-criminals

Your medical records are not only of interest to corporations. Once stored in central, state-run data centres as the EHDS proposes, they could just as well be misused by your own government.

In January 2023, Polish police raided a private gynaecologist office in the city of Szczecin. The prosecutor claimed that "criminal acts" had been conducted in the form of medical abortions requested by patients. Poland has a de facto ban on abortion. During the raid, medical records dating back as far as 1996 were confiscated.

Just imagine how easy it would be for the Polish government to persecute any woman whose medical records contain the slightest indication that she might consider seeking an abortion, if everybody's medical data was held in a central database run by that same government.

And there is more: forcing the medical records of millions of people into a centralised database creates an incredibly attractive target for malicious hackers around the world.

With this kind of intimate information, common criminals can extort ransom from you by threatening to expose your medical details. Just last year, a criminal ransomware gang broke into the medical database of a healthcare systems provider in the US and started publishing nude pictures of female breast cancer patients on the internet after the provider refused to pay the ransom.

Medical research is incredibly important and often relies on access to such data to develop new medication and advance our understanding of the human body. But whoever wants to do that research must always ask for your permission to use your data first. Ideally, they should be obliged to release their research results back to the public, so that it can be of maximum common value to us all.

EU lawmakers therefore must amend the EHDS in that sense, so that we can continue to entrust our physicians with the most intimate details of our physical, mental and sexual health.

Author bio

Jan Penfrat is senior policy advisor for the European Digital Rights (EDRi) NGO. Dr Silke Lüder is the deputy chair of the Association of Independent Doctors Germany (Freie Ärzteschaft e.V.)


The views expressed in this opinion piece are the author's, not those of EUobserver.


Medical technology: Advancing too fast for its own good?

The rapid advancement of medical technology has contributed to people living longer, healthier lives but consumer and campaign groups say devices should come under more scrutiny before they are used on patients.

Swedish doctors and nurses' battle for proper rest breaks

"There are a lot of rural areas in Sweden and we must be able to secure people's right to healthcare and access to water, food and medicines. At the same time, we must protect the workers' right to daily rest."

AI will destroy more female jobs than male, study finds

About four percent of global female employment is subject to potential automation through generative AI technologies, compared to only 1.4 percent of male employment. The trend is even more pronounced in high-income countries, a new study reveals.


Will Poles vote for the end of democracy?

International media must make clear that these are not fair, democratic elections. The flawed race should be the story at least as much as the race itself.

Latest News

  1. Germany tightens police checks on Czech and Polish border
  2. EU Ombudsman warns of 'new normal' of crisis decision-making
  3. How do you make embarrassing EU documents 'disappear'?
  4. Resurgent Fico hopes for Slovak comeback at Saturday's election
  5. EU and US urge Azerbijan to allow aid access to Armenians
  6. EU warns of Russian 'mass manipulation' as elections loom
  7. Blocking minority of EU states risks derailing asylum overhaul
  8. Will Poles vote for the end of democracy?

Stakeholders' Highlights

  1. International Medical Devices Regulators Forum (IMDRF)Join regulators, industry & healthcare experts at the 24th IMDRF session, September 25-26, Berlin. Register by 20 Sept to join in person or online.
  2. UNOPSUNOPS begins works under EU-funded project to repair schools in Ukraine
  3. Georgia Ministry of Foreign AffairsGeorgia effectively prevents sanctions evasion against Russia – confirm EU, UK, USA
  4. International Medical Devices Regulators Forum (IMDRF)Join regulators & industry experts at the 24th IMDRF session- Berlin September 25-26. Register early for discounted hotel rates
  5. Nordic Council of MinistersGlobal interest in the new Nordic Nutrition Recommendations – here are the speakers for the launch
  6. Nordic Council of Ministers20 June: Launch of the new Nordic Nutrition Recommendations

Stakeholders' Highlights

  1. International Sustainable Finance CentreJoin CEE Sustainable Finance Summit, 15 – 19 May 2023, high-level event for finance & business
  2. ICLEISeven actionable measures to make food procurement in Europe more sustainable
  3. World BankWorld Bank Report Highlights Role of Human Development for a Successful Green Transition in Europe
  4. Nordic Council of MinistersNordic summit to step up the fight against food loss and waste
  5. Nordic Council of MinistersThink-tank: Strengthen co-operation around tech giants’ influence in the Nordics
  6. EFBWWEFBWW calls for the EC to stop exploitation in subcontracting chains

Join EUobserver

Support quality EU news

Join us