Data Governance Act: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R0868

The EU Data Governance Act (DGA) aims to establish a legal framework for data sharing across sectors. It promotes the sharing of data, including personal data, in a secure and standardized manner. This is relevant for health data, as it facilitates the sharing of RWD among healthcare providers, researchers, and institutions.

[1] Data Intermediaries: The DGA introduces the concept of “data intermediaries” and “data intermediary service providers” (DISPs), which are entities that facilitate data sharing between data providers (e.g., healthcare organizations) and data users (e.g., researchers). These intermediaries may play a role in managing access to health data within the EHDS, ensuring compliance with data protection regulations.

Examples of DISPs: Salus Coop, Midata, Data Trusts Initiative, UK Biobank, INSIGHT, The Pistoia Alliance

[2] Data Governance Mechanisms: The Act promotes the development of data governance mechanisms (e.g., mandatory registration of DISPs by Sept 2025), including codes of conduct, interoperability standards and certification mechanisms, to ensure that data sharing activities adhere to data protection and privacy regulations. This is crucial in the context of health data, where sensitive information is involved.

[3] Cross-Border Data Sharing: The Act encourages cross-border data sharing within the European Union, which is particularly relevant for research purposes within the EHDS, as it enables access to a more diverse and comprehensive set of health data from different member states.

[4] Data Portability and Data Altruism: The Act recognizes the importance of data portability and data altruism, allowing individuals to have more control over their data and choose to share it for research or public interest purposes, which supports the availability of RWD for research in the health sector.

[5] Security and Privacy: The DGA places a strong emphasis on data security and privacy (e.g., secure processing environments), requiring data sharing activities to comply with EU data protection regulations, such as the General Data Protection Regulation (GDPR). This is crucial when dealing with health data to ensure the protection of patients’ sensitive information.

In summary, the EU Data Governance Act, provides a legal framework for secure and standardized data sharing that is essential for supporting access to Real-World Data and research activities within the European Health Data Space. It helps to ensure that data sharing is conducted in compliance with data protection regulations while promoting transparency, security, and cross-border collaboration in health research.