Skip to content

Closing the Gaps in Patients’ Data Protection Rights: A Glance Into the Future with a Dutch Case Study

Renée Dekker, Irith Kist


This article discusses the legislative framework of data protection and health law in today’s world where the individual has become an active player in governing his health. The individual’s protection within the traditional treatment relationship between the care provider and the care receiver is subject to substantial changes amidst technological and health innovations. The traditional, clinical health setting is complemented with actors from a non-clinical background, such as commercial companies that provide healthcare deliverables. New mechanisms for data protection and safeguarding data subject’s rights are required. The European Health Data Space Regulation is a good starting point, since it enables individuals to obtain a copy of their health data, to share and rectify these. However, we observe three gaps in the individual’s data protection and his position vis-à-vis commercial companies, i.e. in the domain of legislation, governance and in the interaction between the care provider and care receiver. The individual plays a role as a patient, but also as an individual with a particular lifestyle who uses wearables and buys commercial DNA tests. The individual’s monitoring of his own health with devices does not necessarily fall within the scope of existing European and national legislation on data protection and health.
Keywords: European Health Data Space | fundamental rights | individual and informational self-determination | technological innovations

The authors wish to express their gratitude to prof. dr. Gerrit-Jan Zwenne LLM, prof. dr. ir. Marjanka Schmidt, dr. Theo Hooghiemstra and prof. dr. Michiel Heldeweg LLM for their valuable comments.


Lx-Number Search

(e.g. A | 000123 | 01)

Export Citation