How does AEGLE comply with European and national data protection rules

For the development of AEGLE the research team uses real medical data which have been obtained from patients in a clinical context. The data are made available to AEGLE by hospitals from Greece, Italy, Sweden and the United Kingdom.

Before the AEGLE development team can get access, the data are “pseudonymised”. This means that all identifying items such as names, addresses, etc. are stripped from the patient file and substituted by a code. This procedure allows the research team to link together data from different sources but concerning the same patient without the identity of this patient being revealed.

For most of the data processed in the framework of AEGLE the patients gave an informed consent about the further use of their medical data for research purposes. This consent is not strictly necessary since the European and national data protection legislation states that further processing of personal data for research purposes is presumed to be compatible with the purpose for which these data have initially been collected. However, this presumption is only valid under conditions which are determined by national law. This is the reason why different procedures are applied in AEGLE for each of the four countries from which the medical data originate.

On a longer term AEGLE will be of course available for big data research on the basis of health-related data from all 28 Member States. One of the deliverables of the AEGLE action will be a legal report on how to comply with the applicable data protection rules in each of these countries under the recently adopted European General Data Protection Regulation (GDPR). The report will also include recommendations for European and national policymakers to make European-wide big data analytics in the health sector easier in the future.

Prof. Dr. Jos Dumortier