AI Processing of Special Categories of Personal Data in the EU Healthcare Sector - From a GDPR and EHDS Perspective

Berglind, Mira; Kjelkvik, Olivia

AI Processing of Special Categories of Personal Data in the EU Healthcare Sector - From a GDPR and EHDS Perspective

Mark

Berglind, Mira ^LU and Kjelkvik, Olivia ^LU (2025) HARN63 20251
Department of Business Law

Abstract: The study describes and analyses the legal requirements under EU law (General Data Protection Regulation (GDPR) and the European Health Data Space (EHDS)) for artificial intelligence (AI) processing (primary use) of data concerning health within the healthcare sector. Under the GDPR, processing data concerning health, a special category of personal data, requires a legal basis (Article 6 GDPR) and an applicable exception (Article 9(2) GDPR) from the general prohibition (Article 9(1) GDPR), in addition to following general principles (Article 5 GDPR) among them, for example, transparency and data minimisation. The EHDS builds upon the GDPR as a lex specialis for electronic health data (including data concerning health) and establishes... (More); The study describes and analyses the legal requirements under EU law (General Data Protection Regulation (GDPR) and the European Health Data Space (EHDS)) for artificial intelligence (AI) processing (primary use) of data concerning health within the healthcare sector. Under the GDPR, processing data concerning health, a special category of personal data, requires a legal basis (Article 6 GDPR) and an applicable exception (Article 9(2) GDPR) from the general prohibition (Article 9(1) GDPR), in addition to following general principles (Article 5 GDPR) among them, for example, transparency and data minimisation. The EHDS builds upon the GDPR as a lex specialis for electronic health data (including data concerning health) and establishes harmonised rules and an infrastructure for primary and secondary uses. The Regulation (EHDS) grants natural persons the right to access and control their electronic health data (Articles 3 and Article 8 EHDS) and requires secure processing environments (Article 73 EHDS). The study concludes that GDPR and EHDS, when combined, offer a comprehensive legal framework that provides a transparent environment for AI processing (primary use) of data concerning health within the healthcare sector. The Regulations find a balance between their objectives of patient privacy and effective flow of data for primary healthcare needs. (Less)

Please use this url to cite or link to this publication: http://lup.lub.lu.se/student-papers/record/9194327

author

Berglind, Mira ^LU and Kjelkvik, Olivia ^LU

supervisor

Jonas Ledendal ^LU

organization

Department of Business Law

course

HARN63 20251

year

2025

type

H1 - Master's Degree (One Year)

subject

Law and Political Science

keywords

AI, AI Systems, Data Concerning Health, EHDS, Electronic Health Data, European Union, GDPR, Healthcare.

language

English

id

9194327

date added to LUP

2025-06-09 10:39:44

date last changed

2025-06-09 10:39:44

@misc{9194327,
  abstract     = {{The study describes and analyses the legal requirements under EU law (General Data Protection Regulation (GDPR) and the European Health Data Space (EHDS)) for artificial intelligence (AI) processing (primary use) of data concerning health within the healthcare sector. Under the GDPR, processing data concerning health, a special category of personal data, requires a legal basis (Article 6 GDPR) and an applicable exception (Article 9(2) GDPR) from the general prohibition (Article 9(1) GDPR), in addition to following general principles (Article 5 GDPR) among them, for example, transparency and data minimisation. The EHDS builds upon the GDPR as a lex specialis for electronic health data (including data concerning health) and establishes harmonised rules and an infrastructure for primary and secondary uses. The Regulation (EHDS) grants natural persons the right to access and control their electronic health data (Articles 3 and Article 8 EHDS) and requires secure processing environments (Article 73 EHDS). The study concludes that GDPR and EHDS, when combined, offer a comprehensive legal framework that provides a transparent environment for AI processing (primary use) of data concerning health within the healthcare sector. The Regulations find a balance between their objectives of patient privacy and effective flow of data for primary healthcare needs.}},
  author       = {{Berglind, Mira and Kjelkvik, Olivia}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{AI Processing of Special Categories of Personal Data in the EU Healthcare Sector - From a GDPR and EHDS Perspective}},
  year         = {{2025}},
}

LUP Student Papers

LUND UNIVERSITY LIBRARIES

AI Processing of Special Categories of Personal Data in the EU Healthcare Sector - From a GDPR and EHDS Perspective