||Genetic, biometric or health data
|Finland||02.08.2017||Ministry of Social Affairs and Health responsible for this area and has prepared two legislative proposals.
First, there is a proposal on new Act on the Electronic Processing of Client Data in Social and Health Care Services. This proposal is meant to abrogate the current Act. The proposal has taken into consideration the GDPR requirements.
Second, there is a proposal on Secure Utilisation of Client Data in Social and Health Care. The purpose is to set rules and requirements for utilization (processing) of health data for statistical, research and development purposes and to ease permission procedures. The proposal will bring the rules into line with the GDPR.
|France||29.06.2017||Report expresses need to legislate on health data and related processing activities
|Germany||07.08.2017||Yes - § 22 stipulates a general framework for the processing of sensitive data, including rules on health data (no explicit restriction to genetic/biometric data). Such processing is, however, only possible if "suitable and specific" safeguards are taken to protect such data. The safequards may include technical and organisational measures, pseudonymisation, encryption, or the appointment of a Data Protection Officer ("DPO") etc.|
|Ireland||12.09.2017||The General Scheme envisages that the processing of biometric data for identification and security purposes will be permitted, subject to appropriate safeguards.
|Italy||28.06.2017||Under Garante's Guide, written consent is not mandatory.
Principles under existing DPA guidelines on biometric data still apply to the processing of this data.
|Netherlands||28.06.2017||Draft Act provides a limited list of purposes for which processing genetic data, biometric data and health data is allowed.
|Spain||27.07.2017||Legislation to be drafted within 2 years.|