The European data protection legislation and its consequences for public health monitoring: a plea for action.

The Network of Competent Authorities (NCA) is one of the implementing structures of the Health Information and Knowledge Strand of the EU Public Health Programme 2003–08. The NCA became aware of problems in the field of European public health monitoring related to data protection legislation, and established in 2005, on a voluntary basis, a Work Group on Data Protection, consisting of six members of the NCA with a specific interest in the topic, and two staff members from the NCA's Scientific Assistance Office. The Work Group carried out an explorative survey among researchers in the European public health field, experts on health data protection and the national Data Protection Offices. This exercise resulted in a (non-exhaustive) overview of problems encountered in public health monitoring, and of major differences between national data protection systems regarding possibilities for using person identifiable health data for public health purposes. The major conclusions that can be drawn from this overview is that the legal possibilities for such usage differ to great extents between the Member States, and that this diversity can be traced back to the improper transposition of the EU Directive on Data Protection (Directive 95/46/EC). EU directives are addressed to the Member States, who are obliged to transpose the directive into national law. By now, all Member States indeed have transposed Directive 95/46/EC, though, as the results of the inventory of the Work Group showed, not in a harmonized way; for instance, Article 8 on the processing of sensitive data (e.g. health data), has not been fully transposed by all Member States. This has resulted in the absence of certain legal grounds for personal health data processing in the concerned Member States, which should be present according to EU law. Moreover, diverging opinions on how to interpret the Directive and national data protection laws appeared to be another cause of the differences found.

In public health practice, the main problems arising due to the legislative framework sketched above, are the inability to link different databases at the subject level, and the need to obtain explicit informed consent for each processing of person identifiable health data. Not being able to link different data sources poses a threat to data quality, as double counting of events cannot be prevented, and as people who have died or emigrated cannot be identified. Moreover, enabling linkage will help governments in developing efficient and adequate policies through a better identification of risk groups. Obtaining explicit informed consent in a public health context is very costly and often infeasible. More important from an evidence base-point of view, such an approach will, through selection bias, seriously jeopardize validity of data which are supposed to be at population level.[6,7]

Obviously, health data require a high level of protection due to their sensitive nature. On the other hand, the public interest of health monitoring at population level can be regarded as overriding the privacy interests of the individual. Data Protection legislation should reflect this delicate balance between the rights of the individual and the needs of society. In part of the EU Member States the balance appears to be have been tipped in favour of the individual right to privacy. However, it has been shown that logistic problems related to obtaining informed consent rather than refusals are the main cause for incomplete register data. This seems an indication that people do not object to usage of their data for monitoring purposes. On the other hand, not much is known on citizens’ opinions on the other side of the medal, e.g. fear for data abuse. Nevertheless, public confidence may be strengthened by recent technical developments, enhancing the possibilities for operating high quality health information systems, whilst at the same time providing a high standard of protection for the data subject.

The above-mentioned Health Information and Knowledge Strand aims to produce comparable information on health and health-related behaviour, diseases and health systems on a European level, enabling solid evidence-based decision-making. This is being operationalized through the European Health Information System. Within this System, the European Commission has proposed in recent years, among others, the collection of data on equity, health among population groups such as children, elderly and ethnic minorities, morbidity and chronic diseases, use of cross-border health services and patient safety. To satisfy these kinds of demands, feasible health information systems based on individual level data are required. However, the current legal situation does not provide a workable framework for meeting the Strand's aims. Though part of the data necessary for the European public health indicators will be collected by Eurostat through the European Statistical System under the future Regulation of the European Parliament and of the Council concerning community statistics on public health, and health and safety at work, for the majority of indicators data will have to be collected through other sources such as morbidity registers. For these indicators currently neither availability of necessary data nor validity of data can be guaranteed at national level, which will hamper the comparability of data at European level.

The Work Group therefore encourages the European Commission to improve the legal framework. First of all, it should be ensured that at least the possibilities for processing health data as stated in the Directive are present in all national Data Protection Acts. Second, the interpretation of the relevant provisions of the Directive should be clarified and harmonized. The Article 29 Data Protection Working Party (the independent EU Advisory Body on Data Protection and Privacy) has recently expressed their opinion that the Directive itself should not serve as the legal basis for personal data processing for public health monitoring; only processing for individual patient care should be allowed. Data processing for public health will be only possible when provided for by additional law. This implies that it will be difficult to reach adequate European public health monitoring, as it will be up to the Member States to decide whether and how they want to allow for health data processing for public health purposes. The Work Group therefore strongly urges further discussion on this issue with all relevant stakeholders in order to come to a clear and functional legal framework.

Additionally, best practice examples should be developed to provide guidance for Member States, showing how to allow for the collection of high quality data while simultaneously providing adequate safeguards for citizens’ privacy. For example, the development of interfaces between multiple web-based data sources while applying encrypted communication and monitoring of log-ins. Awareness should also be promoted on data protection issues and knowledge improved among public health experts and researchers. Furthermore, the Work Group recommends the development of an international glossary of terminology applied in the area of legislation on public health registers and data protection, to help resolving the current state of confusion.

As will be clear from the disharmonized situation sketched above, action is urgently needed. After all, the Commission is bound by the Treaty (Articles 3p and 152) to contribute to the attainment of a high level of health protection, to improve health, to prevent disease and to obviate sources of danger to health. Without proper public health monitoring systems at national, and subsequently at European level, these goals will never be reached.