No cure for data that’s insecure: an analysis of the European health data protection safeguards

Abstract

Health data belong to the most intimate sphere of individual’s life. Therefore, due to the sensitive nature, it is necessary to provide adequate protection to them. According to the view of the European Court of Human Rights (ECtHR) expressed in the case of Z. v. Finland, the member states are legally obliged to implement adequate safeguards regarding the protection of medical data. The aim of this thesis is to assess the existing safeguards regarding protection of health data. This is carried out through an analysis of the ECtHR case law, as well as other legal instruments regarding data protection adopted by the Council of Europe and the European Union. Among the assessed documents are the European Convention on Human Rights, the Convention on Data Protection and the Directive 95/46/EC. Furthermore, in order to assess the implementation of the documents and the case law of the ECtHR into domestic legislations, a comparative analysis of data protection laws of Austria and the Czech Republic was undertaken. The text will answer the following questions: What are the appropriate safeguards providing guarantees against unlawful processing of personal health data at the European level? Is there a common understanding of such safeguards? And do the member states of the European Union provide its citizens with the same level of protection? Keywords Data protection, medical data, health data, safeguards, European Union, Council of Europe, European Court of Human Rights, European Convention on Human Rights, Directive 95/46/EC, Convention on Data Protection, Czech Republic, Austria, ECHR, ECtHR.