Scientific journal paper Q1
Dynamic consent for secondary use of health data: Challenges and opportunities under European law
Sudip Phuyal (Phuyal, S.); Manila Bhandari (Bhandari, M.); Ricardo Correia Bezerra (Bezerra, R. C.); Rabindra Bista (Bista, R.); Joao C Ferreira or Joao Ferreira (Ferreira, J. C.);
Journal Title
JMIR Medical Informatics
Year (definitive publication)
2026
Language
English
Country
Canada
More Information
Web of Science®

Times Cited: 0

(Last checked: 2026-07-15 09:21)

View record in Web of Science®

Scopus

Times Cited: 0

(Last checked: 2026-07-02 22:38)

View record in Scopus

Google Scholar

Times Cited: 0

(Last checked: 2026-07-14 17:10)

View record in Google Scholar

This publication is not indexed in Overton

Abstract
Secondary use of health data is essential for advancing medical research, innovation, and public health policy across Europe. Traditional static or broad consent models are increasingly inadequate in complex, multistakeholder digital ecosystems. Dynamic consent, which enables granular, interactive, and ongoing management of individual preferences, including revocation, has emerged as a patient-centered alternative. This integrative review examines the legal feasibility and practical challenges of implementing dynamic consent for secondary health data use under the General Data Protection Regulation (GDPR) and the European Health Data Space (EHDS) Regulation. Drawing on doctrinal legal analysis, European policy documents, national derogations, and technical standards including Health Level Seven Fast Healthcare Interoperability Resources, electronic Identification, Authentication and Trust Services 2.0, European Digital Identity Wallet, and distributed ledger approaches, the study synthesizes legal, governance, and informatics perspectives. Findings indicate that while the GDPR establishes parameters supportive of specific, informed, and revocable consent, significant barriers persist due to national fragmentation, divergent lawful bases for processing, and limited cross-border revocation mechanisms. The EHDS, with provisions phasing in from 2029, shifts governance toward institutional authorization via Health Data Access Bodies and secure processing environments, reducing reliance on individual consent for many large-scale uses. Technical prerequisites, machine-readable consent artifacts, high-assurance digital identity, and policy-based enforcement remain unevenly developed. Nevertheless, integration with data altruism mechanisms under the Data Governance Act and emerging interoperability tools offers promising pathways. A 3-stage operational architecture (consent administration, decision, and enforcement) is proposed to embed dynamic consent within the hybrid EHDS-GDPR framework. However, challenges including blockchain immutability conflicts with the right to erasure, revocation propagation across systems, implementation costs, consent fatigue, and digital divides must be addressed. Dynamic consent cannot serve as a universal solution but can meaningfully enhance transparency and trust when deployed contextually alongside institutional safeguards. Coordinated EU-level harmonization, standardization, and inclusive design will be essential for its successful operationalization.
Acknowledgements
--
Keywords
Blockchain,Dynamic consent,Secondary use of health data,General Data Protection Regulation,GDPR,European Health Data Space,EHDS,Interoperability,Digital identity
  • Computer and Information Sciences - Natural Sciences
  • Health Sciences - Medical and Health Sciences
Funding Records
Funding Reference Funding Entity
UID/06486/2025 Fundação para a Ciência e a Tecnologia
PRR-RE-C05-i01.02 Blockchain.PT
UID/PRR2/06486/2025 Fundação para a Ciência e a Tecnologia
UID/PRR/06486/2025 Fundação para a Ciência e a Tecnologia