On 12 February 2021, the European Commission’s DG Health and Food Safety published an assessment of the EU Member State rules governing health data in the light of the General Data Protection Regulation (EU) 2016/679 (GDPR). The study’s objective was to examine possible differences between Member States and identify elements that might affect the cross-border exchange of health data in the EU for the purposes of healthcare, research, innovation and policy-making. The European Commission concluded that the existing fragmented approach of national rules governing health data between Member States hampers cross-border co-operation in the provision of healthcare, the administration of healthcare systems and research carried out so as to further public health objectives. The study discusses the use of health data for primary purposes (patient care), for secondary use in public health and for scientific or historical purposes. For each of these uses, the study analyses the legal bases for processing the data under the GDPR and inquires whether local legislation provides for alternatives to the use of consent as a legal basis. In response to the challenges identified, the study suggests actions at EU level to support the European Health Data Space and ensure the best possible use of health data. Furthermore, the study shows that co-operation between the EU Member States is crucial as it should draw on the work of national data protection authorities that come together as the European Data Protection Board, as well as on the numerous national and EU level bodies. Please click on the link below for a short article on the Commission’s assessment.