Skip to main content

Table 1 Variations in Data Protection for Medical Research between the seven EU Countries

From: A critique of the regulation of data science in healthcare research in the European Union

  France Germany Greece Italy Nether-lands Sweden UK
Is informed valid consent sufficient? YES YES YES NO - also requires approval by the Garante NO – professional duties of confidentiality may override consent YES YES
Is broad consent permissible? YES YES YES NO NO NO YES
Definition of anonymization All means available to controller or other person must be considered (CNIL approve means of anonymisation) Identification not possible without disproportionate time and effort No definition in statute, but supervisory authority applies Recital 26 definition Identification not reasonably likely, no identification numbers Identification reasonably excluded Cannot be identified by someone even with considerable time, effort or other resources Defined by ICO – currently the ‘motivated intruder’ test
Is pseudonymised dataa treated as anonymised? CNIL guidance suggests if key code kept secret, YES Only for third parties without the key code Probably YES Probably for third parties without the key code YES NO Only for third parties without the key code
  1. aReversible pseudonymisation by key code, rather than irreversible eg by one-way cryptography