Enablers and barriers to the secondary use of health data in Europe: general data protection regulation perspective

BACKGROUND: The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union. We aimed to provide an overview of the General Data Protection Regulation (GDPR) enablers and barriers to the secondary use of health data in Europe from the research we conducted in the Joint Action InfAct (Information for Action!) WP10 Assessing and piloting interoperability for public health policy, as well as to provide an example of a national-level case study on experiences with secondary use of health data and GDPR on an example of the Austrian COVID-19 data platform. METHODS: We have identified a number of European initiatives, projects and organizations that have dealt with cross-border health data sharing, linkage and management by desk research and we conducted 17 semi-structured in-depth interviews and analyzed the interview transcripts by framework analysis. RESULTS: GDPR was seen as an enabler to the secondary use of health data in Europe when it comes to user rights over their data, pre-existing laws regarding data privacy and data sharing, sharing anonymized statistics, developing new data analysis approaches, patients` trust towards dealing with their health data and transparency. GDPR was seen as a barrier to the secondary use of health data in Europe when it comes to identifiable and individual-level data, data sharing, time needed to complete the process, workload increase, differences with local legal legislations, different (and stricter) interpretations and access to data. CONCLUSION: The results of our analysis show that GDPR acts as both an enabler and a barrier for the secondary use of health data in Europe. More research is needed to better understand the effects of GDPR on the secondary use of health data which can serve as a basis for future changes in the regulation.