Report on the proposal for a regulation of the European Parliament and of the Council on the European Health Data Space

Amendement n°56 (europe)

Données personnelles

Santé

Cybersécurité

Déposé le Dimanche 14 avril 2024 à 22h00

Déposé par : M. Bernd LANGE, M. Udo BULLMANN, Mme Lara WOLTERS, Mme Kathleen VAN BREMPT, Mme Margrete AUKEN, Mme Sophia IN 'T VELD, M. Georg MAYER, Mme Anna CAVAZZINI, Mme Catherine GRISET, M. Pascal CANFIN, M. Bas EICKHOUT, Mme Ska KELLER, M. François ALFONSI, M. Juan Fernando LÓPEZ AGUILAR, Mme Marisa MATIAS, M. Jens GEIER, Mme Petra KAMMEREVERT, Mme Cornelia ERNST, Mme Karima DELLI, Mme Birgit SIPPEL, Mme Sylvie GUILLAUME, Mme Marie TOUSSAINT, M. Daniel FREUND, M. Gilles LEBRETON, M. Jean-François JALKH, Mme Dominique BILDE, M. Martin SONNEBORN, Mme Rosa D'AMATO, Mme Maria NOICHL, M. Joachim SCHUSTER, M. Gerolf ANNEMANS, M. Harald VILIMSKY, M. Paul TANG, Mme Agnes JONGERIUS, Mme Clara AGUILERA, M. Markus BUCHHEIT, M. Jordan BARDELLA, M. Gunnar BECK, Mme Annika BRUNA, M. Jakop G. DALUNDE, Mme Alexandra GEESE, M. Tiemo WÖLKEN, M. Tom VANDENDRIESSCHE, Mme France JAMET, M. Thomas WAITZ, Mme Tilly METZ, Mme Alice KUHNKE, M. Pär HOLMGREN, M. Patrick BREYER, Mme Katarina BARLEY, Mme Gabriele BISCHOFF, M. Damian BOESELAGER, Mme Delara BURKHARDT, M. Rasmus ANDRESEN, M. Sergey LAGODINSKY, M. Erik MARQUARDT, Mme Jutta PAULUS, Mme Saskia BRICMONT, M. Filip DE MAN, M. Nicolaus FEST, M. Maximilian KRAH, M. Joachim KUHS, Mme Sylvia LIMMER, M. Guido REIL, M. Bernhard ZIMNIOK, Mme Marina KALJURAND, M. Mounir SATOURI, M. David CORMAND, Mme Caroline ROOSE, M. Jarosław DUDA-LATOSZEWSKI, M. Benoît BITEAU, Mme Beata KEMPA, Mme Gwendoline DELBOS-CORFIELD, M. Mikuláš PEKSA, M. Marcel KOLAJA, Mme Markéta GREGOROVÁ, M. Ivan DAVID, Mme Karen MELCHIOR, M. Damien CARÊME, M. Thierry MARIANI, Mme Virginie JORON, M. Jean-Paul GARRAUD, M. Francisco GUERREIRO, M. Cristian TERHEŞ, Mme Sarah WIENER, Mme Aurélia BEIGNEUX, M. Philippe OLIVIER, M. André ROUGÉ, Mme Mathilde ANDROUËT, M. Pierre LARROUTUROU, M. Konstantinos ARVANITIS, M. Robert ROOS, Mme Clare DALY, Mme Vera TAX, M. Eugen JURZYCA, Mme Tineke STRIK, M. Rob ROOKEN, M. Mohammed CHAHIM, Mme Francesca DONATO, M. Jorge BUXADÉ VILLALBA, M. Hermann TERTSCH, Mme Kim VAN SPARRENTAK, M. Ivan Vilibor SINČIĆ, Mme Mazaly AGUILAR, M. Roman HAIDER, M. Emmanouil FRAGKOS, Mme Alviina ALAMETSÄ, Mme Margarita DE LA PISA CARRIÓN, M. Claude GRUFFAT, M. Jean-Lin LACAPELLE, Mme Manuela RIPA, Mme Sara MATTHIEU, M. Cyrus ENGERER, M. Karsten LUCKE, M. Malte GALLÉE, M. Matjaž NEMEC, Mme Marie DAUCHY, M. Eric MINARDI, Mme Patricia CHAGNON, M. Matthias ECKE, Mme Theresa BIELOWSKI, M. Thomas RUDNER, Mme Lydie MASSARD,

Recital 54

Version initale

(54) Given the sensitivity of electronic health data, data users should not have an unrestricted access to such data. All secondary use access to the requested electronic health data should be done through a secure processing environment. In order to ensure strong technical and security safeguards for the electronic health data, the health data access body or, where relevant, single data holder should provide access to such data in a secure processing environment, complying with the high technical and security standards set out pursuant to this Regulation. Some Member States took measures to locate such secure environments in Europe. The processing of personal data in such a secure environment should comply with Regulation (EU) 2016/679, including, where the secure environment is managed by a third party, the requirements of Article 28 and, where applicable, Chapter V. Such secure processing environment should reduce the privacy risks related to such processing activities and prevent the electronic health data from being transmitted directly to the data users. The health data access body or the data holder providing this service should remain at all time in control of the access to the electronic health data with access granted to the data users determined by the conditions of the issued data permit. Only non-personal electronic health data which do not contain any electronic health data should be extracted by the data users from such secure processing environment. Thus, it is an essential safeguard to preserve the rights and freedoms of natural persons in relation to the processing of their electronic health data for secondary use. The Commission should assist the Member State in developing common security standards in order to promote the security and interoperability of the various secure environments.

Amendement

(54) Given the sensitivity of electronic health data, data users should not have an unrestricted access to such data, in accordance with the data minimisation principle. All secondary use access to the requested electronic health data should be PE756.668/ 54 done through a secure processing environment. In order to ensure strong technical and security safeguards for the electronic health data, the health data access body should provide access to such data in a secure processing environment, complying with the high technical and security standards set out pursuant to this Regulation. Some Member States took measures to locate such secure environments in Europe. The processing of personal data in such a secure environment should comply with Regulation (EU) 2016/679, including, where the secure environment is managed by a third party, the requirements of Article 28 and, where applicable, Chapter V. Nevertheless, in order to ensure the proper supervision and security of personal data, such environments need to be located in the Union if they are used to access personal health data. Such secure processing environment should reduce the privacy risks related to such processing activities and prevent the electronic health data from being transmitted directly to the data users. The health data access body or the data holder providing this service should remain at all time in control of the access to the electronic health data with access granted to the data users determined by the conditions of the issued data permit. Only non-personal electronic health data which do not contain any electronic health data should be extracted by the data users from such secure processing environment. Thus, it is an essential safeguard to preserve the rights and freedoms of natural persons in relation to the processing of their electronic health data for secondary use. The Commission should assist the Member State in developing common security standards in order to promote the security and interoperability of the various secure environments.