This post is part of our special Call for Blog Posts “The Global Landscape of Digital Rights”. We welcome posts on national, international, and transnational debates about digital bills of rights, novel judgments, and other landmarks of the debates on digital rights around the world. Please send your contribution (1000–2000 words) to email@example.com before 15 June 2022.
Europe is in the midst of a digital revolution transforming many aspects of daily life. In the healthcare sector, digitalisation may change today’s values and rights. Health tech developments range from relatively simple digital solutions—such as online appointment systems and digital health records—to artificial intelligence (AI) applications—such as AI-powered automated breast cancer diagnosis systems and AI-assisted automatic seizure detection. Recognising both the potential and risks of extensive digitalisation, the European Union (EU) is pushing for a stronger and safer EU digital single market. To this end, the European Commission has proposed a Declaration on European Digital Rights and Principles. As health lawyers, we advocate for a greater focus on health protection in the EU’s digital single market strategy, especially regarding medical AI applications and automated decision-making.
In this post, we argue that while the Declaration on European Digital Rights and Principles has little direct legal effects on patients, its strong political power may better protect patients against the risks of medical technology. Given the special nature of digital patients’ rights, we will propose a health-specific interpretation of the Declaration.
How the digital transformation of healthcare may negatively affect patients
In the healthcare sector, the impact of new technology is particularly tremendous. While there are many benefits—such as the ability to deliver tailored patient care in a timely and cost-effective manner—at the same time, health tech can negatively affect health and wellbeing. The use of AI in healthcare poses several risks to patients’ health and integrity. If technical errors occur in the AI software and the system is widely used, this could lead to mass patient injuries, for example, when AI is used for medication calculations or assistive surgery robotics. Moreover, when unrepresentative or low-quality datasets are used to train AI models, the systems may reflect biases leading to discrimination and inequality in healthcare, eventually causing health problems. For example, AI software used to predict individual cardiovascular risks may perform better for men than women because women have been underrepresented in the training dataset, which may lead to the underdiagnosis of women and unequal distribution of care.
At the same time, medical AI may affect the protection of patients’ rights, such as medical privacy and informed consent. The digital transformation in health is leading to an increased exchange of data, from patients’ medical records to clinical trial results. This challenges privacy rights because of issues with access, use and control of personal data. The need for large datasets may encourage tech companies to pressure individuals to provide personal data. The exact use and location of data may change over time, and data leaks and the possibility of re-identifying personal data may impact patients’ personal lives. Another issue arises from the untransparent nature of many AI applications. It is difficult for users (health professionals) and end-users (patients) to understand how the application reached a certain conclusion. Opacity in the AI’s decision-making process may put existing health practices and patients’ rights under pressure, such as the provision of information, informed consent and legal redress. In short, it is high time to digitalise health and patients’ rights.
Where does the EU stand in digital health rights?
In the field of healthcare, the EU is relatively powerless. The organisation of healthcare systems is an area of policy where the Member States are still highly autonomous, and the EU’s power to regulate health is limited to coordination or supplementation of Member States’ health policies and laws. At the same time, the EU’s open borders for its market activities do lead to a partially regulated, but the free flow of health services, patients and medicines. While the EU regulates some health products, there’s no uniform patients’ rights instrument. This means that it is more difficult for the EU to mitigate patients’ risks that arise from the digital healthcare transformation. At the same time, the EU must ensure “A high level of human health protection (…) in the definition and implementation of all Union policies and activities” under Article 168 TFEU. Building on this so-called “health mainstreaming”-obligation, in the subsequent paragraphs, we argue that the new Declaration on European Digital Rights and Principles indirectly addresses some of the core issues patients face in the digital health environment. In that sense, the Declaration may be useful in the protection of patients in the digital healthcare transition.
The Declaration on European Rights and Principles
On 26 January 2022, the European Commission proposed to the European Parliament and the Council to sign a Declaration of Rights and Principles that will guide the digital transformation in the EU. The Declaration, quoting European Commission President Von der Leyen, “is about who we want to be as Europeans” when it comes to digitalisation. The somehow romantic content of the proposal on digital rights and principles perfectly matches the decision of the European Commission to opt for a non-binding “soft law”—an instrument like a declaration. It should be noted that declarations are not among the legal instruments listed in the EU Treaties1Part 6, Title I, Chapter II TFEU. and are rarely used. By means of a declaration, EU institutions convey their views on a specific issue, clarifying directions and desiderata.
The digital principles included in the Declaration are intended as essential concepts based on common European values and serve as guidance for a human-centred, secure, inclusive, and open digital environment where no one is left behind. Therefore, the Declaration aims to be a reference framework and serve as an interpretative guideline for pre-existing rights and values, reinterpreted in the light of digitalisation. The Commission clarifies that these principles do not affect the rights that already protect people online within the EU, nor do they affect the legitimate limits to the exercise of such legal rights.
In the next section, we propose to read the principles enshrined in the Declaration in light of the healthcare context, given the need for the protection of patients’ rights in a rapidly digitalising medical environment, especially when it comes to medical AI.
A health-oriented approach to the Declaration
The Declaration has a value-based aspiration, putting forward a human-centric approach to guide the EU digital transition. Drawing from EU treaties and the EU Charter of Fundamental Rights, the Declaration aims to be a kind of the first bulwark for rights and values in the digital sphere. This generic nature of principle-based rights allows us to read them through the lens of the right to health and AI. Let us take a health-oriented look at the Declaration.
Starting from Chapter 1, titled “Putting people at the centre of the digital transformation”, the proposal reflects one of the main sentiments characterising the discussion on the introduction of AI in the field of health, namely that the patient should be at the centre of this transformation and should be the first to benefit from it. This starting point is thus in line with fundamental values in health, mainly human dignity. The following chapters detail principles and rights following from the first chapter, which are essential to realising the centrality of the person.
Chapter 2, by focusing on solidarity and inclusion, touches on some of the hottest topics of ongoing reflection in health tech law: how do we make sure digital health helps and not hurts patients—and benefit all patients? Digitalisation should be a way of increasing equality and quality of care when it comes to health, leaving no one behind. This includes ensuring proper internet connection in remote areas that would benefit most from digital health and sufficient digital skills to understand digital health tools. In this spirit, the European Commission commits to including those people who are more likely to be marginalised. In order to reach this goal, the Declaration recognises a sort of “right to be connected” in order to maximise the benefits of digital services, as well as a “right to support and continuous education” for those in need of developing digital skills.
Chapter 3 considers the individual’s freedom of choice. It centres on the statement that transparency is essential in the relational dynamics with AI systems. In this sense, subjects must always be aware of whether they are interacting with an AI or a human being. In the medical sphere, this knowledge is certainly necessary to create a relationship of trust between the patient and doctor, put the patient at the centre of the therapeutic choice, and ensure truly informed consent to medical treatment. While not made explicit in the Declaration, the transparency requirement suggests that the subject (in our case, the patient) is recognised the right to opt for a totally human relationship from which the AI is excluded. These rights correspond to basic patients’ rights, such as the right to informed consent to medical treatment.
While Chapters 4 (online participation) and 6 (sustainability) leave little room for health-oriented reading, Chapter 5 is relevant for health as it deals with safety, security and empowerment principles. It focuses on security by design of the product, creating a sort of parallel with some of the requirements already seen in the AI Act, aimed at protecting digital services from cyber-attacks. Considering the disastrous consequences of a hackable pacemaker for heart patients, one can imagine its importance for health. Even more important is the principle aimed at protecting privacy, declaring the protection of personal data and full control over the secondary use of data a fundamental principle. Medical data protection is also crucial in medical care, as it fosters trust in both the doctor and medical sciences.
Although this analysis of the health-focused declaration is by no means exhaustive, it allows us to draw a preliminary conclusion as to which fundamental principles the EU wants to put at the helm of digitisation policy are also essential in the debate on the digitalisation of health. Human centredness, equity and privacy stand out as leading principles. These principles require an assessment of the accompanying legal framework to see whether the EU can provide adequate protection. For now, what is certain is the inspirational role of the Declaration, which, although not mentioning health explicitly, in fact, sets a clear direction for digital health rights.
In sum, the strength of the Declaration is not its legal robustness—its legal powers and enforceability are limited, both because of its declaring nature and the limited EU health competencies. The power of the Declaration lies in the fact that it gives an authoritative voice to some of the core issues of digitalisation that were already highlighted in the literature but still lacked proper institutional recognition. This shows the EU’s commitment to a digital Europe guided by fundamental rights and values instead of pure economic value. Furthermore, the Declaration translates formerly abstract values into some more tangible rights, which could be used to interpret existing fundamental rights instruments by European courts.
It is true that we cannot call the Declaration a legal revolution for healthcare as it has little direct legal effects on patients. In line with previous EU instruments in the digital field, it does not introduce specific new patients’ rights or provide new angles to the ongoing debate on the safe integration of digital health and AI in society. However, when we analyse the Declaration’s content from a health perspective, we see that it addresses the same issues prevalent in the digital health debate. The Declaration defines a human-centric approach guiding the European digital transition—we urge to broaden this with a health-centric approach. Following the EU’s health mainstreaming obligations, we believe that a health-centric approach to the Declaration could contribute to equipping patients with some much-needed rights in the digital health transformation. The actual effects on patients remain to be seen but adopting a health-focused approach to the Declaration is a welcome step in the digitalisation of healthcare.
Hannah van Kolfschooten and Sofia Palmieri, ‘A Health-Oriented Approach to the Declaration on European Digital Rights and Principles’ (The Digital Constitutionalist, 25 May 2022). Available at <https://digi-con.org/a-health-oriented-approach-to-the-declaration-on-european-digital-rights-and-principles/>.
- 1Part 6, Title I, Chapter II TFEU.