Privacy and Health Research. 5. New Laws in Europe


In contrast to the U.S., most European countries have for some years had in effect broad data- protection laws, based on human rights principles. All focus on personally identifiable data. Most deal with legitimacy of need-to-know; with notification of data-subjects, and consent; with data-subject rights, such as the right to examine data about oneself; with data security; and so on. And they establish remedies and sanctions against violations. 78

Usually the laws are administered through independent national "data protection commissions" or "registrars." These bodies investigate complaints, critique the privacy implications of government programs, mediate privacy disputes, perhaps audit organizations' privacy protections, and represent the country's privacy interests internationally. 79 In some countries, such as Germany, provincial, in addition to federal, data-protection laws and agencies also are important. (Australia, New Zealand, Canada and several of its provinces, South Africa, and Japan also have active data privacy laws and agencies.) Again: The U.S. has no equivalent bodies.

In Europe sensitivities about health data run very high. National healthcare systems of course process huge volumes of data about individuals. In Europe medical data increasingly are being processed via electronic media. Electronic "smart cards" are being tried for medical billing (in Germany) or to carry some health data (in France), but progress is slow, because of both medical objections and privacy concerns. A pan-European "electronic health passport" has been proposed which would carry at least emergency medical information such as blood type and allergy information, but movement toward such a system has met with much opposition on privacy grounds. In France the Health Ministry has announced that by 1999 doctors must submit all of their bills electronically; but the medical establishment is resisting. In the U.K., communication of medical data via a new "NHS-Net" Internet service has been promoted by the National Health Service (NHS); but protests by both doctors and the public, largely over security and confidentiality, have forced a standoff, which has not yet been resolved.

In the past few years most legislatures have been readdressing the issues of informational privacy, especially with respect to data processed electronically. Several have adopted, or are currently considering proposals for, new laws covering health data. Now the issues have gained Europe-wide dimensions. All of this has implications for the U.S. and other countries outside Europe.

(78) For comparative analysis see Colin J. Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States(Cornell University Press, Ithaca, New York, 1992).

(79) For background from the view of a privacy commissioner, see Flaherty, as cited in endnote (1).