CYIL vol. 16 (2025)

CYIL 16 (2025) EHDS AS A STEPPING STONE TO SECONDARY USES OF PERSONAL HEALTH DATA … From the perspective of research demands, anonymisation may appear as a desirable pathway in support of science and research, not least in light of prevailing ethical considerations. For example, the Czech Republic amended the Health Services Act to expressly allow further use of patient medical records for research purposes, provided the data are anonymised to the extent that the patient’s identity cannot be established. In such a case the resulting information no longer qualifies as medical documentation 22 . Here, the legal basis for anonymisation is directly provided by a special legal act, and anonymisation is entrusted to healthcare providers in their role as controllers. This creates practical feasibility but also presupposes the active involvement of providers themselves: researchers have no legal right to access medical documentation directly and cannot themselves select the necessary data. While this kind of legislative facilitation appears favourable at first glance, it would be an overstatement to see it as a comprehensive solution for research data access. Anonymisation, although conceptually laudable, is in the healthcare context often logically or technically impossible. Anonymous data are only those for which an individual can no longer be identified. Thus, anonymisation is not merely the removal of some identifiers, if re‑identification by reasonable means remains possible 23 . It is therefore erroneous to assume, as is sometimes the case in practice, that deleting a patient’s name, birth date, or address suffices to render the data anonymous. In many institutions, an alternative approach is used: each patient is assigned a unique code or identifier separate from identifying information, while unnecessary personal data are removed. The link key is stored separately. However, this process does not yield anonymous data. Rather, it results in pseudonymised data. Pursuant to Article 4(5) GDPR, pseudonymised data are still personal data and thus remain subject to the GDPR 24 . Pseudonymisation undoubtedly strengthens the protection of personal data, supporting integrity, availability, and confidentiality, yet it does not transform personal data into non‑personal data. 25 For research purposes, pseudonymisation is frequently indispensable: fully anonymised data may lack scientific utility and may not be sufficient to answer the intended research questions. Many forms of data, particularly imaging results or genomic sequences, cannot be meaningfully anonymised without stripping away their essential value. In these cases, researchers require access to the primary data. 2.2 Activation of Controllers Another complex issue concerns the role of research organisations that are not providers of healthcare. If anonymisation is legally entrusted to providers, are they obligated to perform anonymisation upon request by researchers? Healthcare providers hold datasets of immense scientific potential but may lack any interest in conducting the research themselves. Researchers, however, cannot directly access medical documentation. Their access is contingent upon the cooperation and active engagement of providers. At present, no independently applicable legal basis grants researchers the right to such access for secondary use. 22 Act No. 372/2011 Coll., Section 55b, on Health Services. 23 Article 29 Data Protection Working Party. Opinion 05/2014 on Anonymisation Techniques. WP216. 10 April 2014. 24 GDPR, Article 4(5). 25 For a more detailed discussion of the limits of anonymization, see OHM, P. Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization. UCLA Law Review , Vol. 57, 2010.

361