Valuecreation and Propertyrights in GDPR: A Dataeconomic Treatment of Health Data

Angelica Rud Petersen

Student thesis: Master thesis


The fourth industrial revolution is upon us, which creates a whole host of new opportunities. Data is seen as the oil of the new economy. Some argue that health data is far more valuable than oil. This is also assessed by the European Union and sees all data as part of the new European data economy. Some will sometimes argue that data is not part of the economy in the classical sense. But on the other hand, there is a demand for health data, both for the development of new products, improvement of existing or for research in patient associations, for the benefit of their members, and future members, or for statistical and scientific studies, in the interest of society. Value creation must be seen from both the data subject's point of view (the issuer of health data), the company that must process health data, or the authorities that must grant permission for disclosure. For the company that receives health data, more data is better than less. This causes the company to experience greater benefit. For the data subject, it is about retaining his autonomy. For the authorities, it is about maintaining the data subject's confidence that his health data will be processed properly. The value of biological material is market-determined as the data subject can offer this on the market. This must also affect the value of the biological material collected as part of patient care. The latent biological material that remains after it has been treated for patient purposes is stored in the Danish National Biobank (DNB). This is passed on upon request for statistical and scientific experiments, in the interest of society. In the case of health information, regulating these will cause their value to be higher. In other words, by free use, one will find that health information by its nature (as non-rival data) will dilute its value.
Health data is regulated by the GDPR. What characterizes this new European regulation is that it should in fact be a directive. There is not a legislation GDPR, characterizes, but a large number of laws. This is due to the broad possibilities for creating regulation at the intergovernmental level. GDPR is ratified in Danish law by, the Data Protection Act. In addition, there is a large number of regulations on health data in the Health Act.
The big issue that it is not possible to determine is the property rights to the data subject's health data. The data subject has a number of rights. It is possible for the data subject to demand health data, deleted, corrected, destroyed, etc. In addition, according to the Danish Health Act, it is possible to register in a tissue register if you do not want your health data to be processed for purposes other than patient treatment. A company that pays for the rights to the data subject's health data then has the right of disposal over it. For the authorities, it is possible to dispose of the data subject's health data, for community service purposes. One purpose is the ongoing corona pandemic.

EducationsMSc in Commercial Law, (Graduate Programme) Final Thesis
Publication date2020
Number of pages77