European data space for health data has been developing for several years. However, so far there has been no clear commitment from the European nation states to shape this process in a structured and coordinated way. The national paradigm of subsidiarity in health care is too strong. As a result, the existing European data space is fragmented and exists mainly limited in extent in some member states with more advanced digital ecosystem or around high level innovative centres of science and research. Several examples of evidence on effective data sharing were provided at an international conference of meta- cluster organisation ScanBalt: 30 promising projects for digital solutions in dealing with the COVID-19 crisis were gathered from 15 different European regions. The examples ranged from cross-border data exchange for patient care, decentralised digital patient monitoring or the creation of new databases for research into COVID-19 therapies.

The majority of these initiatives were supported by private-public cooperation. This is certainly the most important lesson from the COVID-19 crisis: A health crisis of pandemic proportions can only be overcome through collaborative efforts between public (academic) and private (industrial) research. The fact that these new forms of cooperation must be digitally designed is now a matter of course that should not even be worth a marginal note - and yet there is still a lack of meaningful digital linkage across national borders in Europe.

Against the backdrop of the COVID-19 pandemic, European scientific and research regions have taken stock of the digitisation of European health systems and formulated a joint declaration, the ScanBalt Declaration "Towards a European Common Dataspace in Health in the Time of COVID-19", describing the current situation, bottlenecks and possible solutions to create a European health data space. The declaration brings together countries known for their innovative digital health systems as well as regions where the pressure of Coronavirus infections has greatly accelerated existing digital care approaches. Input for the declaration comes from countries such as Estonia, Sweden, Denmark, Norway, Finland, Italy, Spain, the Netherlands, Belgium, Portugal, the UK, Austria, Germany and Poland.

As the "voice of European civil society", the participating cluster organisations support the promising digitisation initiatives of the current EU Council Presidency of the countries Germany, Portugal and Slovenia. (see: https://scanbalt.org/eu-health-data-space/)

All initiatives have in common the high importance of data protection - which is indispensable as a basic prerequisite for all activities, whether in care or in research. Data protection is understood here above all as a right of citizens to their data and to self-determined handling of their data. All European citizens must have access to a complete electronic record of their health data and retain control over it in accordance with the EU General Data Protection Regulation. At the same time, European citizens must be free to decide for themselves on sharing their data with for medical treatment, preventive services, research and product development, or for any other purpose they deem appropriate. It is important that they can be confident that potential partners are authorised and permanently vetted. European regulators thus have a key role in building trust in healthcare institutions. Importantly, the whole thing also only works if the EU agrees on uniform, internationally recognised and tested standards/codes across Europe to ensure interoperability.

To secure this, Europe needs strengthened pan-European institutions. Current promising initiatives from the European Commission include strengthening the European Centre for Disease Prevention and Control (ECDC) to improve its coordination capacity and mandate to respond to the crisis. And at the same time, European policy on the legal situation and legal interpretation in data protection law should be coordinated between the member states on the basis of the EU General Data Protection Regulation in appropriate detail.

But it is not only institutions and health systems that need to be digitised - citizens also need to learn how to handle their health data on their own responsibility. Only informed citizens can make competent decisions about the use and exchange of their sensitive health data. Therefore, we urgently need a Europe-wide support programme to strengthen citizens' digital health literacy.

​We see technology as a global enabler that makes distance irrelevant and brings people together by bridging the schisms of geographical frontiers and ideologies. Data is fast becoming the fuel to power the engine of technology. In a globalized world, with low barriers on the movement of goods, people, technology and services, access to data will be necessary for innovation leading to societal and economic progress. 

Data Protection regulations will be central to establish rights of individuals and create responsibilities for enterprises which need to process data as part of their businesses and setting guidelines to facilitate compliance. It is expected that within the next few years, more than 65% of the world’s population would be protected by some data privacy law. Beyond regulatory compliance, we believe that ethical processing of personal data is going to be a critical element in corporate governance. Hence, we must enable trust and accommodate the expectations of individuals in a digital society. This should, however, be done by creating regulations that are interoperable at a global scale. Most organizations (including Indian companies) have a growing global footprint. Regulations that are not globally interoperable would only become business inhibitors and deterrents in the long run. This may also result in making compliance disproportionally expensive, creating significant overheads and overall, challenging to implement. This will be true even for organizations that do not process end-user data (unlike Google and Facebook) but do have subsidiaries and sister organizations across the globe. Interoperable standards would also ensure better security and compliance of data as organizations focus on a uniform technical architecture and compliance framework. This will ensure that personal data is processed and consumed in a responsible way to foster the digital society and economy, without compromising the fundamental rights of individuals – which is the core intent of all data protection regulations.