Companies like Google, for instance, could obtain access to the details of a patient’s cancer treatment or the results of a psychotherapy session to train its new AI for some well-being app. The outcome of that might feed into the company’s advertising business. The European Health Data Space (EHDS) does not foresee patients being asked for their permission; it does not even include a right to object to this kind of excessive data sharing.
GDPR was a bit of an accident, there’s no way they could do something like that again.
That’s unfortunate, that was quite a good approach privacy-wise