Assessment of the Dutch Rules on Health Data in the Light of the GDPR

Abstract

In 2021, the European Commission published its Assessment of the EU Member States' rules on health data in the light of General Data Protection Regulation. The Commission concluded that the GDPR has been interpreted in many ways in the EU as regards health research, and national implementation legislation has resulted in a fragmented legal landscape. Several lawful bases are used as a legitimation for the secondary use of health data. I address the Dutch legislation on the re-use, or secondary use of health data for scientific research where explicit consent is the general rule. However, both the GDPR, the Dutch GDPR Implementation Act and sectoral health legislation leave room for alternatives. I conclude that a further review of these alternatives is required to enhance scientific health research with the secondary use of health data, and I sketch a few avenues for further exploration.