Building Trust Through Smart Consent Management in Health Data: The Role of CONSENTIS

by Nikos Piliouras (NPS)

Why Consent Management Matters in Digital Health

The use of health data is transforming healthcare delivery, medical research, health insurance, and public health innovation. From AI-powered diagnostics to cross-border research collaboration, access to high-quality health data has become a strategic asset for modern healthcare systems.

However, health data constitutes a special category of personal data under the General Data Protection Regulation (GDPR) [1]. Its processing therefore requires strict safeguards, lawful grounds, and transparent governance mechanisms. In this context, consent management is not merely a regulatory formality — it is a cornerstone of digital trust.

The CONSENTIS project addresses this challenge by introducing a modern, interoperable framework for managing consent for the use and reuse of health data, aligned with European data protection, health data governance, and digital identity regulations [1][2][3].

The Challenge: Fragmented and Static Consent Models

Traditional consent processes in healthcare, health insurance and research environments often present significant structural limitations, including:

  • Paper-based or siloed consent records
  • Limited transparency for data subjects
  • Inflexibility when research purposes evolve
  • Difficulty in demonstrating compliance with GDPR accountability requirements [1]
  • Weak support for cross-organizational and cross-border data sharing within the emerging European Health Data Space (EHDS) [2]

These limitations can slow innovation, increase compliance risks, and reduce patient and citizen trust.

CONSENTIS: A New Approach to Health Data Consent

CONSENTIS enables dynamic, digital, and user-centric consent management aligned with:

  • GDPR data protection principles
  • The European Health Data Space framework
  • The eIDAS Regulation on electronic identification and trust services [3]
  • The emerging European Digital Identity framework (eIDAS 2.0) [4]
  • Self-Sovereign Identity (SSI) and verifiable credential standards [5][6]

The project operationalizes consent as a managed, auditable, and interoperable digital asset.

1. Granular and Purpose-Specific Consent

CONSENTIS enables individuals to provide consent at a granular level, including:

  • Specific data categories (e.g., genomic data, EHR data, wearable data)
  • Clearly defined purposes (e.g., clinical care, insurance assessment, research, AI model training)
  • Specific organisations, categories of users, or individual healthcare providers

This structure ensures compliance with GDPR principles of purpose limitation, data minimization, and informed consent. Where integrated with electronic identification mechanisms compliant with eIDAS and the forthcoming European Digital Identity Wallet, consent transactions can achieve enhanced authentication, integrity, and legal certainty.

2. Dynamic Consent and Ongoing Control

CONSENTIS moves beyond one-time, static consent collection. It supports a dynamic consent model that allows individuals to:

  • Review active consents
  • Modify consent preferences
  • Withdraw consent at any time

This approach reinforces transparency and facilitates the effective exercise of data subject rights under GDPR. When combined with Self-Sovereign Identity principles and W3C Verifiable Credentials [5][6], individuals may maintain portable and cryptographically verifiable proof of consent across healthcare ecosystems.

3. Built-In Compliance and Auditability

From an organisational perspective, CONSENTIS provides:

  • Verifiable and timestamped consent records
  • Automated enforcement of consent policies
  • Comprehensive audit trails
  • Support for Data Protection Impact Assessments (DPIAs)
  • Alignment with GDPR, EHDS governance requirements, and trust service frameworks under eIDAS

By integrating digital identity infrastructures and verifiable credential mechanisms, consent management becomes traceable, interoperable, and suitable for cross-border recognition within the EU. This significantly reduces administrative burden while strengthening accountability and compliance readiness.

Who This Matters For

CONSENTIS delivers value to multiple stakeholder groups:

  • Healthcare Providers
  • Reduced GDPR compliance risk
  • Improved patient trust
  • Secure enablement of secondary data use under EHDS governance
  • Health-Insurers, Researchers and Innovation Teams
  • Access to ethically and legally usable data
  • Improved participant engagement
  • Support for longitudinal studies with adaptable consent structures
  • Data Protection Officers & Legal Teams
  • Demonstrable accountability under GDPR
  • Improved consent traceability and documentation
  • Alignment with EU electronic identification and trust service frameworks
  • Patients and Citizens
  • Greater transparency and control
  • Clear understanding of data usage purposes
  • Increased confidence in digital health infrastructures supported by secure identity technologies

Trust as an Enabler of Innovation

Health data-driven innovation depends not only on technical infrastructure but on governance legitimacy and societal trust. By placing individuals at the centre of consent governance and aligning with European regulatory and digital identity frameworks [1][2][3], CONSENTIS contributes to a digital health ecosystem where:

  • Fundamental rights are respected
  • Participation is encouraged rather than discouraged
  • Compliance is embedded by design
  • Cross-border interoperability is supported
  • Innovation is responsibly accelerated

Conclusion

CONSENTIS represents a shift from compliance-driven consent collection to trust-driven consent governance. By integrating GDPR principles, the European Health Data Space framework, electronic identification and trust services regulation [3][4], and emerging Self-Sovereign Identity standards, the project establishes a robust foundation for responsible, interoperable, and citizen-centric health data use. In a data-driven healthcare future, smart consent is not a barrier to innovation — it is its foundation.

References

[1] General Data Protection Regulation – (GDPR)

[2] Regulation on the European Health Data Space (EHDS)

[3] eIDAS Regulation (Updated under the eIDAS 2.0 framework introducing the European Digital Identity Wallet.)

[4] European Digital Identity Framework (eIDAS 2.0 Proposal). European Commission, COM(2021) 281 final.

[5] Decentralized Identifiers (DID) v1.0 – W3C Recommendation, 2022.

[6] Verifiable Credentials Data Model v1.1.  W3C Recommendation, 2022.

Related Posts

Citizen-Centered Health Data Control in the European Health Data Space

Blockchain technology is rapidly transforming industries across the globe, and for good reason. Beyond the hype, blockchain offers a revolutionary... read more

Blockchain: A user-centric technology

Blockchain technology is rapidly transforming industries across the globe, and for good reason. Beyond the hype, blockchain offers a revolutionary... read more

Consent, Control, and Confidence: Why Empowering Users Over Their Data Matters in Life Insurance

In the insurance industry, transparency and user consent are no longer optional—they are essential. For life insurance providers, accessing accurate... read more

The European Commission Strategy for Data: Paving the way towards a single market for data

by Giovana Lopes (Tilburg University) In 2020, the European Commission unveiled its comprehensive strategy for data[1], marking a significant shift... read more

Identity Discovery: Connecting Digital Identities Without Losing Control

In the insurance industry, transparency and user consent are no longer optional—they are essential. For life insurance providers, accessing accurate... read more

Designing Consent for the Real World: Inside the CONSENTIS Schema

In today’s digital systems, consent has grown far beyond a simple checkbox. It must function as a verifiable, auditable, and... read more

Consent Management: Why It Matters More Than Ever

In the insurance industry, transparency and user consent are no longer optional—they are essential. For life insurance providers, accessing accurate... read more

Who Controls Your Identity? The Battle Between Centralised and Decentralised Models

In the insurance industry, transparency and user consent are no longer optional—they are essential. For life insurance providers, accessing accurate... read more