Guideline for Health Data Access Bodies on data minimisation, pseudonymisation, anonymisation and synthetic data
Authors/Creators
Description
This TEHDAS2 expert guideline supports the implementation of the European Health Data Space (EHDS).
This guideline focuses on processing electronic health data within the European health data space (EHDS), by detailing methods for data minimisation, pseudonymisation, anonymisation, and synthetic data generation. The goal is to create a secure, interoperable, and efficient health data ecosystem for secondary use in compliance with the EHDS and General Data Protection (GDPR) regulations, which means using health data beyond direct patient care.
One foundational principle for handling health data is data minimisation. This means that only the minimum amount of personal health data that is adequate, relevant, and limited to what is necessary for a specific purpose should be processed. This principle applies throughout the entire lifecycle of the data, from when it is first collected and prepared by the health data holder, to when it is assessed by a health data access body (HDAB), and finally, during its use and processing by the health data user. Data minimisation can involve reducing the volume of data, limiting its detail (granularity), making sensitive information less specific, or restricting geographical or temporal scopes. In addition, it can be applied in five dimensions (“Who”, “What”, “When”, “Where”, “How”). This helps to significantly reduce risks related to confidentiality, integrity, and availability of data.
Pseudonymised data remain personal data under Regulation (EU) 2016/679 (GDPR) and reduce the likelihood of direct identification, while preserving high data utility. Pseudonymised data is one data format HDABs may permit access to, if the re-identification risk is justified and appropriately mitigated (see Article 66(3), Regulation (EU) 2025/327 (EHDS)). The information needed to link these pseudonyms back to the original individuals is kept entirely separate and secure. Pseudonymisation is particularly valuable because it allows for the linkage of different health datasets. This is vital for comprehensive research. It also supports the rights of data subjects, such as the ability to opt-out of data use for future projects, or to be informed of significant findings related to their health data. The HDAB plays a key role in defining and overseeing the pseudonymisation process.
Finally, anonymisation and synthetic data generation offer strong privacy protection, often used when data or analysis results are intended to be exported or made publicly available. Anonymisation(Regulation (EU) 2016/679 Recital 26 (GDPR), Article 29 Data Protection Working Party, Opinion 05/2014 on Anonymisation Techniques, WP216, adopted on 10 April 2014) transforms original personal data so that it no longer relates to an identified or identifiable person, meaning that the individual cannot be re-identified by any reasonable means. Synthetic data generation, on the other hand, creates artificial datasets that mimic statistical properties of the original data. Depending on the methodology used and the residual risk of re-identification, such data may or may not constitute personal data under the Regulation (EU) 2016/679 (GDPR). While distinct, both methods require the HDAB to establish similar processes for evaluating data quality, performing privacy risk assessments (looking at risks of re-identification and inferring sensitive information), and implementing disclosure controls. All such activities must be thoroughly documented to ensure transparency and accountability. It should be noted that the EHDS does not impose legal obligations regarding synthetic data generation, but HDABs may support its use via evaluation frameworks, as part of enabling responsible data access.
Files
D7.2 Guideline for Health Data Access Bodies on data minimisation, pseudonymisation, anonymisation and synthetic data.pdf
Files
(1.5 MB)
| Name | Size | Download all |
|---|---|---|
|
md5:e636cc4ce86c10b383fe9b25f277e016
|
1.5 MB | Preview Download |
Additional details
Funding
- European Commission
- Co-funded by the European Union