Marit Hansen, the chairwoman of the data protection conference (DSK) and data protection officer for the state of Schleswig-Holstein, has called for improvements in politicians’ approach to digitization projects in the health sector. Hansen has been involved in research projects relating to “data protection by design” since the 1990s, which form the basis of European and German regulatory plans.
Hansen is one of the few experts who can assess the current state of the art of pseudonymization and anonymization techniques. Speaking to heise online, she commented that if anonymization or pseudonymization is required by law, the person responsible must ensure that the appropriate procedures are used correctly. While there are good solutions available, they are often not implemented correctly, she added.
Certification would be appropriate for high-risk areas to provide independent confirmation that the procedures meet the requirements and are correctly implemented, according to Hansen. While the regulatory drafts by the Commission and Parliament do not say much about the requirement for technical solutions, a clear incentive for technical solutions that guarantee a high level of protection is in place.
Hansen stated that both IT security certifications and data protection certifications must go hand in hand in the high-risk area. She mentioned that provisions for independent reviews should be considered in the high-risk area concerning digital health services.
