This dissertation explores how legal frameworks in the EU and China respond to the growing tension between the use of health data and the protection of privacy in the digital health era. As technologies such as AI, wearable devices, and health-monitoring sensors increasingly reshape the delivery of care, legal systems face mounting pressure to support data-driven innovation while upholding individual rights. Through a comparative legal analysis of key instruments such as the EU’s GDPR, European Health Data Space (EHDS) Regulation, and China’s Personal Information Protection Law, the study examines how each jurisdiction regulates health data, defines the legal bases for its use, and integrates privacy-enhancing technologies like anonymisation. In doing so, it aims to generate insights into how law can address the shared global challenge posed by the dual demands of innovation and privacy in a society striving for better health.

The proliferation of digital technologies in healthcare creates two conflicting needs: protection of health data and the free flow of such data. Anonymisation and pseudonymisation hold the potential to play important roles in reconciling these two conflicting needs by enabling the processing of health data in a less privacy-intrusive manner. Taking a forward-looking perspective, this paper aims to contribute to the scholarly debate around anonymisation and pseudonymisation by extending the discussion to the contexts of forthcoming EU data laws, with a focus on the draft European Health Data Space (EHDS) Regulation. It does so by digging into the past, present and future of anonymisation and pseudonymisation in EU data laws. Starting with a positivist enquiry, the paper investigates the traces and evolution of anonymisation and pseudonymisation in EU data protection instruments from both before and after the entry into force of the General Data Protection Regulation. It then shifts focus to future EU data laws and examines the roles of anonymisation and pseudonymisation in these instruments, including the draft EHDS Regulation, the newly adopted EU Data Governance Act and the draft EU Data Act. Ultimately, the paper makes preliminary remarks and recommendations on the draft EHDS Regulation and questions to what extent its current incorporation of anonymisation and pseudonymisation can be reconciled with the health data sharing arrangements proposed in this Regulation.

Privacy-enhancing technologies (PETs) promise to safeguard privacy and security alongside the use of active and assisted living (AAL) tools. To what extent PETs meet the expectations of EU data protection norms however needs to be better understood. This paper aims to determine whether PETs used for AAL purposes are anonymisation or pseudonymisation methods under the General Data Protection Regulation (GDPR). In this paper, doctrinal legal research is used as the main research method. This means that primary legal sources such as EU laws will be relied upon and analysed in the context of PETs for AAL purposes. Specifically, this paper first conducted an inquiry into several important EU data protection concepts, namely anonymisation, pseudonymisation and data protection by design. On this basis, focus was shifted to state-of-the-art PETs for AAL, which are then used as examples to measure against these data protection concepts. A closer look at PETs in the AAL context finds that most groups of PETs for AAL are more likely to be considered as pseudonymisation methods rather than anonymisation methods because of their technical reversibility. This general assessment is however subject to change in each specific case since the notion of anonymisation under the GDPR is not absolute, but contextual specific and sensitive to factors such as costs, time, and available technologies for re-identification. Based on the findings, clearer guidance seems necessary in order to determine what constitutes anonymisation under the EU data protection regime such that legal certainty could be increased. 

While ageing remains a global concern, it is especially challenging for China, which has the world's largest ageing population. In response, the Chinese government has introduced digitalisation policies that clearly embrace the use of information and communication technologies in health. To enhance data protection in this tide of digital transformation, China adopted its first ever standalone data protection legislation in 2021, the Personal Information Protection Law, which is expected to have huge impacts on technology and data processing. This paper captures these significant changes related to technological advances and regulatory approaches. It aims to explore the interplay between China's new data protection legal regime and the digital health advances which were proposed to facilitate healthcare in an ageing society. To do so, the paper first reviews and categorises the use of digital tools for various health functions and argues that the use of digital health technologies creates significant data protection concerns. The paper then investigates to what extent China's data protection rules mitigate privacy risks created by digital health technologies. An evolutionary overview of China's data protection legal landscape is mapped out. On this basis, outstanding legal issues surrounding health data protection are explored, contributing to a nuanced analysis of health data processing under different scenarios including: (1) healthcare provision; (2) health research; (3) public health; (4) social care and health management in a non-medical context; and (5) real-world data for market approval. The paper shows that the Personal Information Protection Law renders China's data protection legal landscape less fragmented and offers important legal safeguards for health data. Despite legislative advances, a closer look at relevant provisions in the Personal Information Protection Law and their interplay with other regulations reveals areas where further clarification is needed, including the definition of health data, the meaning of ‘separate consent’, data minimisation requirements for health apps, and the operation of the enforcement mechanism. The paper ends with indicating potential steps forward, with a hope that the benefits of digital health can be realised in a manner that respects privacy and human dignity.

Ambient assisted living (AAL) technologies are increasingly presented and sold as essential smart additions to daily life and home environments that will radically transform the healthcare and wellness markets of the future. An ethical approach and a thorough understanding of all ethics in surveillance/monitoring architectures are therefore pressing. AAL poses many ethical challenges raising questions that will affect immediate acceptance and long-term usage. Furthermore, ethical issues emerge from social inequalities and their potential exacerbation by AAL, accentuating the existing access gap between high-income countries (HIC) and low and middle-income countries (LMIC). Legal aspects mainly refer to the adherence to existing legal frameworks and cover issues related to product safety, data protection, cybersecurity, intellectual property, and access to data by public, private, and government bodies. Successful privacy-friendly AAL applications are needed, as the pressure to bring Internet of Things (IoT) devices and ones equipped with artificial intelligence (AI) quickly to market cannot overlook the fact that the environments in which AAL will operate are mostly private (e.g., the home). The social issues focus on the impact of AAL technologies before and after their adoption. Future AAL technologies need to consider all aspects of equality such as gender, race, age and social disadvantages and avoid increasing loneliness and isolation among, e.g. older and frail people. Finally, the current power asymmetries between the target and general populations should not be underestimated nor should the discrepant needs and motivations of the target group and those developing and deploying AAL systems. Whilst AAL technologies provide promising solutions for the health and social care challenges, they are not exempt from ethical, legal and social issues (ELSI). A set of ELSI guidelines is needed to integrate these factors at the research and development stage.