Category: Data breach

Sharing of health data by German public health insurance providers

By Thomas Vink, 27th May 2021

In Germany, public health insurance providers will soon begin transferring anonymised health data of millions of people to institutions for research. However, the security standards for the storage and transfer of this data are too weak, meaning there is a high risk of privacy breaches. Additionally, the data of people in marginalised groups, such as those suffering from rare diseases, is at risk of being re-personalised by research institutions.

GFF are planning litigation in Germany against one or more health insurance providers aimed at ensuring greater security over how health data is shared with research institutions and allowing insured people to object to the reuse of their data for research purposes.

Sharing of health data by German public health insurance providers

Organisation Name

Gesellschaft für Freiheitsrechte (GFF)

Country/Jurisdiction

Germany

Amount Granted

EUR 90,255

Current Status

Ongoing

Grant type

COVID-19 Litigation Fund

Description

In Germany, public health insurance providers will soon begin transferring anonymised health data of millions of people to institutions for research. However, the security standards for the storage and transfer of this data are too weak, meaning there is a high risk of privacy breaches. Additionally, the data of people in marginalised groups, such as those suffering from rare diseases, is at risk of being re-personalised by research institutions.

GFF are taking litigation in Germany against one or more health insurance providers aimed at ensuring greater security over how health data is shared with research institutions and allowing insured people to object to the reuse of their data for research purposes.

GFF filed two legal submissions in May 2022 against the mass processing of health data. In both cases they asked for and were granted interim relief meaning that no health data of the two plaintiffs will be transmitted for the remainder of the proceedings. The first hearing took place in October 2022, and the second will follow in early 2023.

"...the security standards for the storage and transfer of this data are too weak, meaning there is a high risk of privacy breaches"

Strategic Goal

To improve security standards and shorten retention periods for health data generally, and strengthen the rights of marginalised groups (such as those with rare diseases) to oppose the processing of their data by third parties. To increase public awareness that health data can be used for the good of society without sacrificing data privacy and security.

Media and related links

» » “Database with health data of 73 million statutorily insured persons must not become a data leak” (GFF – project homepage)

» “Bürgerrechtler klagen gegen Weitergabe von Gesundheitsdaten” (Spiegel)

» “GFF klagt gegen die Sammlung der Gesundheitsdaten von 73 Millionen gesetzlich Versicherten: Daten sind besser gegen Diebstahl zu sichern” (GFF – press release about filing of cases)

Organisation Name

Women’s Link Worldwide

Back to Case Studies

Image credit: Gilles Lambert on Unsplash