The GDPR and (Big) Health Data: Assessing the EU Legislator's Choices
This chapter critically examines the GDPR's provisions relating to health by focusing on two main issues: i) the definitional uncertainties surrounding health data and, ii) the legislative choices regarding the balance between the competing interests to data privacy on the one hand -seen mainly within the context of the enhanced protection that personal health data enjoy-, and the interests of 'public health' on the other hand. I argue that while the GDPR's provisions balancing data privacy with public health interests appear flexible and context- dependent, its binary definitional distinctions (sensitive (health)/ non-sensitive (non-health) data is problematic and may result in rendering the GDPR's rules both over- and under- inclusive.