Abstract

This paper examines the legal issues arising from the collection and processing of Health Big Data in the light of the European legislation for the protection of personal data of natural persons, placing emphasis on the General Data Protection Regulation, i.e., Regulation 679/2016. Whether Big Health Data are “personal data” or not is really the heart of the matter. The legal ambiguity is compounded by the fact that, even though the processing of Big Health Data is premised on the de-identification of the data subject, the possibility of a combination of Big Health Data with other data circulating freely on the web or from other data files cannot be excluded. Moreover, data subject’s rights, e.g., the right not to be subject to a decision based solely on automated processing, are heavily impacted by the use of AI, algorithms and technologies that reclaim health data for further use, resulting in sometimes ambiguous results that have substantial impact on individuals. On the other hand, as the Covid-19 pandemic has revealed, Big Data analytics can offer crucial source of information. In this respect, this paper identifies and applies the legal provisions to algorithms used in big health data processing, providing an interpretation to address risks to data subject’s rights, while embracing the opportunities that Big Health Data has to offer.

Keywords: Big data, Health data, Genetic data, Privacy, GDPR, Processing principles, Algorithm accountability, Automated profiling