This webinar presents a legal assessment of the Court of Justice of the European Union (CJEU) decision (Sept 4th 2025) that pseudonymised data are not by definition also personal data, focusing on its implications for the exposome research community and hospitals which make health data available for secondary use.
Key takeaways:
- Whether data are personal data or not in the sense of the GDPR must be decided on a case-by-case basis.
- The bar is set high before data can be considered anonymous.
- The original collector of personal data must be transparent about what may happen with the data, including sending pseudonymised data to a third party, especially if the collection is based on informed consent.
The webinar also covers how the European Health Data Space (EHDS) will consider pseudonymisation of data when analysed in a Secure Processing Environment (SPE). Presenter: Evert-Ben van Veen (MedLawconsult, the Netherlands, and HEAP project legal expert). The webinar was hosted by HEAP and the International Human Exposome Network (IHEN).
