Data misuse, also known as mission creep, in the context of this research pathway entry - goes to the core of (mis)using a patient’s personal health data, beyond the purpose(s) for which it was collected. Whilst it may sometimes be closely related to function creep, a very well-known phenomenon in the field of science and technology studies (describing an instance where systems or technologies expand beyond their initial scope of deployment) - mission creep or data misuse is more focused on the legitimacy and purposes for which patient data is collected, used, stored, and processed.
The findings of a Special EuroBarometer on Data Protection demonstrated that citizens were often worried about how they could control their own data. Hence, European Union (EU) law establishes the relevant legislation to ensure the proper use and protection of patients’ rights to privacy when their relevant health data is collected and processed. This is in addition to the Charter of Fundamental Rights of the European Union. Addressing patients’ concerns regarding privacy, data sharing and accessing their own health data, is necessary in a healthcare context (including care given through eHealth or mHealth), or in a cross-border healthcare context, and research (clinical trials, clinical investigations, epidemiological research, patient registries, etc).
In the context of patients’ genetic data, this may also fall under the category of “sensitive data” which may be given additional protection under EU law. Hence, this engages the core principles for which EU law legislation was enacted, in order to ensure that data misuse or mission creep does not happen.
For the purposes of this entry, the key relevant EU legislation is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR); and the Proposal for the Regulation of a European Health Data Space (EHDS).