Proposal for a Regulation on European Data Governance (COM2020 767) – MedTech Europe response to the open public consultation

MedTech Europe welcomes the opportunity to respond to the proposal for a European Data Governance Act (DGA).

We support the European data strategy and specifically the sectoral project of the European Health Data Space.

THE MEDTECH INDUSTRY delivers products, services or solutions that improve prevention, diagnosis, treatment, monitoring and management of health and lifestyle. Digital health and care technologies can innovate and improve access to care and quality of care, and make healthcare delivery more efficient. The medtech industry invests significant resources in research. The sharing of (personal) data, with the appropriate safeguards, helps monitoring the safety and effectiveness of existing products on the market, and supports services for medical technologies. Hence, harnessing the power of health data will advance and accelerate research and innovation in medical technologies and services for the benefit of European citizens.

We support the objectives of the proposed DGA to facilitate data sharing across sectors and Member States and to set a framework for sectoral data spaces.

GENERAL COMMENTS
We welcome the architecture of the proposed DGA and support:
* The creation of data intermediaries and the single contact points in Member States.
* The creation of a ‘European Data Innovation Board’ in which relevant stakeholders including the medtech industry are represented.
* Investment to foster data processing infrastructures.
Regarding the proposed creation of multiple (regulatory) bodies and authorities, we would suggest combining these bodies, to limit the administrative burden and avoid fragmentation.

THE IMPACT ON CONTRACTS
We recommend clarification that the DGA not impact on the B2G data sharing market, as it is unclear whether licensed data would be made available to re-users. This could impact the established economic model of medtech companies, and the collaboration of industry with the public sector. We recommend clarifications on the scope of the Regulation, when it comes to categories of public sector data available for re-use.

THE INTERPLAY BETWEEN THE DGA & THE GDPR
We recommend:
* Define the concept of ‘data’ as understood by the DGA and clarify it is limited to digital data. We support a broad definition of “data”.
* Define what is meant by “non-personal data”. We recommend not to restrict any cross-border data transfers to non-personal data.
* Provide clarity on how mixed datasets should be handled and when they can be considered anonymous.
* Align the DGA with the wording of the GDPR, when it comes to the legal basis for processing of special categories of personal data.
* Align definitions such as ‘pre-processed data’, ‘main establishment’ and ‘access’ with the GDPR.

PROVIDERS OF DATA SHARING SERVICES
We recommend:
* The role of providers of data sharing services to be further clarified.
* Caution regarding the verification of the results to not compromise any trade secret or IP rights of the re-user, avoiding a potential public disclosure.
* Cooperation between competent authorities of Member States, regarding cross-border data sharing services, in the form of a one-stop shop mechanism like the one under the GDPR.
* To not exempt data altruism organisations from the requirements for providers of data sharing services.

DATA ALTRUISM
We recommend paying attention to these risks:
* creating an additional legal regulatory layer without eliminating existing complexity.
* establishing new, additional obligations that would influence the GDPR and companies’ established processes on data protection compliance.
* the planned consent form to not do justice to current and future complexity.
* not to encompass the possibility of research and development of commercial products and services in medical technology.
* the concept of “general interest” to exclude commercial companies.