The introduction of the General Data Protection Regulation (GDPR) in 2018 served as the cornerstone of the new data governance regime of the European Union. Informed by principles and values such as privacy, accountability, transparency, and fairness, the GDPR is premised on the objective to balance the protection of individual privacy and the promotion of a thriving European data economy. Still, shortcomings of this regulatory effort have been noted by recent ethical, socio-political, legal, and policy scholarship. Focusing on the deployment of digital health technologies and big data practices within the European digital health ecosystem, this article draws upon these bodies of literature to chart the main lines of tension emerging between the current GDPR-based data governance regime and the broader societal shifts coming along with the expansion of digital health. Central aspects of the GDPR-i.e. key underlying data protection principles and regulatory categories, the reliance on the "notice-and-consent" model, the (narrow) remit of the Regulation vis-a-vis possible harms and discriminations-are misaligned with the surge in digital health. This throws into doubt whether the Regulation is fully fit for the purpose of governing current developments in this field, while also calling for swift and adequate policy responses.
The EU Data Protection Regulation has wide‐ranging implications for research based on anonymized personal genomic and genetic data given the realistic risk of re‐identification.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.