Abstract The European Health Data Space Regulation (Regulation (EU) 2025/327) represent a critical turning point in the EU’s effort to provide a single framework for the collection, exchange and secondary use of health data. By attempting to make a balance between individual control and group benefit, the Regulation functions at the intersection of data protection, innovation policy, and basic rights of the European citizens in the healthcare. This thesis examines whether the EHDS Regulation effectively implements the General Data Protection Regulation’s principle of Privacy by Design and by Default (Article 25 GDPR) within the EU’s digital health infrastructure. The analysis shows that the EHDS creates a comprehensive yet complex structure of governance. Member States must stablish Health Data Access Bodies, adopt common interoperability standards and guarantee safe environments for secondary data use. Nevertheless, conflicts still exist between the Regulation’s goal of enabling data reuse and the GDPR’s fundamental principles of data minimization, purpose limitation, and accountability despite the development. The effectiveness of the Regulation will therefore depend on whether these principles are converted into specific, verifiable design criteria rather than remaining abstract policy aims. According to this thesis Privacy by Design must function as a comprehensive framework that incorporates legal, technical, and ethical considerations. In order to ensure that the use of health data is proportionate, open, and responsible, privacy measures need to be incorporated into every aspect of the EHDS, from system design to governance oversight. Although the Regulation is a step in the right direction toward a unified European approach, in practice will determine whether it is a project that builds public trust becomes or a reliable tool for digital health cooperation. Ultimately, the study come to the conclusion that the EHDS will achieve its full potential only if it acknowledges privacy as the foundation that makes innovation reliable and sustainable rather than a barrier to it.

Abstract The European Health Data Space Regulation (Regulation (EU) 2025/327) represent a critical turning point in the EU’s effort to provide a single framework for the collection, exchange and secondary use of health data. By attempting to make a balance between individual control and group benefit, the Regulation functions at the intersection of data protection, innovation policy, and basic rights of the European citizens in the healthcare. This thesis examines whether the EHDS Regulation effectively implements the General Data Protection Regulation’s principle of Privacy by Design and by Default (Article 25 GDPR) within the EU’s digital health infrastructure. The analysis shows that the EHDS creates a comprehensive yet complex structure of governance. Member States must stablish Health Data Access Bodies, adopt common interoperability standards and guarantee safe environments for secondary data use. Nevertheless, conflicts still exist between the Regulation’s goal of enabling data reuse and the GDPR’s fundamental principles of data minimization, purpose limitation, and accountability despite the development. The effectiveness of the Regulation will therefore depend on whether these principles are converted into specific, verifiable design criteria rather than remaining abstract policy aims. According to this thesis Privacy by Design must function as a comprehensive framework that incorporates legal, technical, and ethical considerations. In order to ensure that the use of health data is proportionate, open, and responsible, privacy measures need to be incorporated into every aspect of the EHDS, from system design to governance oversight. Although the Regulation is a step in the right direction toward a unified European approach, in practice will determine whether it is a project that builds public trust becomes or a reliable tool for digital health cooperation. Ultimately, the study come to the conclusion that the EHDS will achieve its full potential only if it acknowledges privacy as the foundation that makes innovation reliable and sustainable rather than a barrier to it.

The Principle of Privacy by Design in the Framework of the European Health Data Space: A Critical Analysis of Implementation, Effectiveness, and Legal Coherence with the GDPR

KHESHTY, HODA
2024/2025

Abstract

Abstract The European Health Data Space Regulation (Regulation (EU) 2025/327) represent a critical turning point in the EU’s effort to provide a single framework for the collection, exchange and secondary use of health data. By attempting to make a balance between individual control and group benefit, the Regulation functions at the intersection of data protection, innovation policy, and basic rights of the European citizens in the healthcare. This thesis examines whether the EHDS Regulation effectively implements the General Data Protection Regulation’s principle of Privacy by Design and by Default (Article 25 GDPR) within the EU’s digital health infrastructure. The analysis shows that the EHDS creates a comprehensive yet complex structure of governance. Member States must stablish Health Data Access Bodies, adopt common interoperability standards and guarantee safe environments for secondary data use. Nevertheless, conflicts still exist between the Regulation’s goal of enabling data reuse and the GDPR’s fundamental principles of data minimization, purpose limitation, and accountability despite the development. The effectiveness of the Regulation will therefore depend on whether these principles are converted into specific, verifiable design criteria rather than remaining abstract policy aims. According to this thesis Privacy by Design must function as a comprehensive framework that incorporates legal, technical, and ethical considerations. In order to ensure that the use of health data is proportionate, open, and responsible, privacy measures need to be incorporated into every aspect of the EHDS, from system design to governance oversight. Although the Regulation is a step in the right direction toward a unified European approach, in practice will determine whether it is a project that builds public trust becomes or a reliable tool for digital health cooperation. Ultimately, the study come to the conclusion that the EHDS will achieve its full potential only if it acknowledges privacy as the foundation that makes innovation reliable and sustainable rather than a barrier to it.
2024
The Principle of Privacy by Design in the Framework of the European Health Data Space: A Critical Analysis of Implementation, Effectiveness, and Legal Coherence with the GDPR
Abstract The European Health Data Space Regulation (Regulation (EU) 2025/327) represent a critical turning point in the EU’s effort to provide a single framework for the collection, exchange and secondary use of health data. By attempting to make a balance between individual control and group benefit, the Regulation functions at the intersection of data protection, innovation policy, and basic rights of the European citizens in the healthcare. This thesis examines whether the EHDS Regulation effectively implements the General Data Protection Regulation’s principle of Privacy by Design and by Default (Article 25 GDPR) within the EU’s digital health infrastructure. The analysis shows that the EHDS creates a comprehensive yet complex structure of governance. Member States must stablish Health Data Access Bodies, adopt common interoperability standards and guarantee safe environments for secondary data use. Nevertheless, conflicts still exist between the Regulation’s goal of enabling data reuse and the GDPR’s fundamental principles of data minimization, purpose limitation, and accountability despite the development. The effectiveness of the Regulation will therefore depend on whether these principles are converted into specific, verifiable design criteria rather than remaining abstract policy aims. According to this thesis Privacy by Design must function as a comprehensive framework that incorporates legal, technical, and ethical considerations. In order to ensure that the use of health data is proportionate, open, and responsible, privacy measures need to be incorporated into every aspect of the EHDS, from system design to governance oversight. Although the Regulation is a step in the right direction toward a unified European approach, in practice will determine whether it is a project that builds public trust becomes or a reliable tool for digital health cooperation. Ultimately, the study come to the conclusion that the EHDS will achieve its full potential only if it acknowledges privacy as the foundation that makes innovation reliable and sustainable rather than a barrier to it.
Privacy by Design
European Health Data
Data Protection
EU Law
Human Rights
RUGGIU, DANIELE
Lauree magistrali
File in questo prodotto:
File Dimensione Formato  
Kheshty_Hoda.pdf

Accesso riservato

Dimensione 1.23 MB
Formato Adobe PDF
1.23 MB Adobe PDF

The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.12608/98704