EU-US data transfers: an enduring challenge for health research collaborations.

EU-US data transfers for health research remain a particularly thorny issue in view of the stringent rules of the EU General Data Protection Regulation (GDPR) and the challenges related to US mass surveillance programs, particularly the manner in which US law enforcement and national security agencies can access personal data originating from the EU. Since the entry into force of the GDPR, evidence of impeded collaborations is increasing, particularly in the case of sharing data with US public institutions. The adoption of a new EU-US adequacy decision in July 2023 does not hold the promise for a long-lasting solution due to the risks of being challenged and invalidated - yet again - at the Court of Justice of the EU. As the research community is calling for answers, the new proposal for a European Health Data Space regulation may hold a key to solving some of the existing issues. In this paper, we critically discuss the current rules and outline a possible way forward for transfers between public bodies.