What is cross-border data sharing?

Health data may be stored in databases around the globe. This data may need to be accessed, used or shared in a different country to where the data was collected. Common examples of cross-border data sharing in the health sector include:

• Where a patient is travelling and needs to have their medical records accessed from outside the country they are resident in.

• Where data held by a global organisation in one country is sought to be used for secondary purposes, with the data analysis and project work occurring in a different country.

Data protection regulations do not always permit the transfer of data across borders. For example:

• Some countries have laws that require that personal and sensitive data, like a person's health records, is stored within the country where the patient resides.

• De-identified data (for example cancer registry data) can be permitted to be shared in some cases (for example Austria) but not in others (for example Belgium, Israel and Korea).

• Data about European citizens cannot be stored outside the EU, for example in the United States, without greater protections to ensure that personal data is not available for access by government security departments. This has led to the creation of a new standard contractual clauses instrument to enable cross-border data sharing where a global organisation may have data stored in servers around the globe.