Different countries follow different approaches to protecting the data of their users and implementing strong data privacy. In Europe, the General Data Protection Directive (GDPR) replaced the old EU data protection directive 95/46/EC in 2018. This was implemented to ensure an individual’s control over their own data alongside data privacy. On the other hand, the US does not have a central regulation but sector-based regulations like NIST, FTC, etc. The major difference between the US and EU data protection regulations are breach notification, the right to be forgotten, the freedom to request information, and the protection of children’s data. The widely used terminologies are data, personal data, sensitive personal data, processing, the data subject, data controller, data processor, and third party. “The DPA 2018 defines ‘data concerning health’ as personal data relating to the physical or mental health of an individual, including the provision of health care services, which reveals information about their health status.” (Health Data, 2018) However, there are no special rules allowing an individual to charge a fee for providing personal health data. All exemptions and restrictions applying to other data, apply to health data as well and one can be exempt from complying if it leads to any harm.
According to me, health-related data should only be shared at the patient’s discretion and usage for knowledge-sharing purposes should be based on the client’s consent. Streams is an AI based application backed by Google’s infrastructure which provides a clinician with data on demand. “The Royal Free London NHS Foundation Trust is a data controller in relation to the personal data contained in the Streams app.” (Deep Mind, 2019) Hence, the way data is used and shared, is decided by them. I believe that this is a smart data-sharing practice which is transparent and helps to save lives. In my opinion EU’s implementation of data protection is more robust and standard as it regulates how data is processed while protecting the rights of individuals by placing duties on data controllers. However, there is a lot of room to work on data protection. There is no provision yet that allows individuals to share the data for an interval of time. This can surely be an aspect of further research.