Data Protection

General information

In January 2012, the European Commission published a proposal for a Regulation on the protection of personal data to update the current framework (Directive 95/46/EC). This cross-sectorial proposal will apply to the areas of healthcare and research,. It applies both to paper-based and computer-based personal data.

Patients’ fundamental right to protection of their data concerning health is an important issue in diverse contexts, such as healthcare, care given through eHealth or in a cross-border context, and in research. Patients’ health and genetic data are sensitive information which requires a high level of protection to ensure they are not unnecessarily disclosed. At the same time, the smooth sharing of these data is absolutely crucial for the good functioning of healthcare services, patient safety, and to advancing research.

EPF’s Position

The European Patients’ Forum welcomes in principle a stronger and more coherent framework for the protection of personal data. The right balance needs to be reached between ensuring confidentiality of data while allowing their availability and sharing for public health, healthcare and research purposes.

One of our key concerns is to ensure that individual rights which apply to patients –access to one’s personal data, transparent information about processing, and the right to be forgotten or to erase data – are effectively implemented, with patient friendly information and transparent processes.

EPF also calls for more cooperation between Member States on minimum security requirements to ensure an equivalent level of protection of personal data shared by patients across the European Union and to facilitate cross-border healthcare and research.

Key steps


The new Regulation on personal data protection (EU/2016/679) was published in May 2016 and will apply from May 2018. It provides more rights to citizens to be better informed about the use made of their personal data, and gives clearer responsibilities to people and entities using personal data.

In this regard, EPF drafted a guide for patients and patient organisations to explain what the new EU Regulation on the protection of personal data means for patients. EPF outlines as well how patients’ organisations can contribute to ensuring that patients’ rights to privacy, data sharing, and accessing their health data are implemented optimally.


The European Parliament adopted in March 2014 a first reading position for stricter rules on consent for research. If implemented, this Regulation would harm health research by creating an obligation to seek specific consent when personal data is used.

EPF has joined the European Data in Health Research Alliance which brings together academic, patient and research organisations from across Europe to ensure the final Regulation allows the vital research that has taken place for many years to continue. This campaign aims to ensure talks between the three institutions will agree on a draft that shows their commitment to health in Europe. | @datamattersEU

EPF wrote a letter to the European Parliament (see related information box) to ask for support in the upcoming vote of the proposal for a Regulation on Data Protection. 

We also developed a position paper on the sharing of clinical trials data.

EPF consulted its membership to publish a position paper (see related information box) on the EU Data Protection Regulation, as we strongly believe that taking into account the patient perspective is essential to ensure that the Regulation preserves quality and safety of care while protecting individual rights to confidentiality of personal health data.

EPF also liaised with key stakeholders in the health sector to raise understanding of the implications of this proposal for healthcare and research.