Hostname: page-component-cb9f654ff-c75p9 Total loading time: 0 Render date: 2025-09-05T14:11:07.054Z Has data issue: false hasContentIssue false
  • English
  • Français

A polytopic approach to democratising decision-making on health data reuse in the European Union

Published online by Cambridge University Press:  03 September 2025

Anna Colom  and
Marta Poblet Open the ORCID record for Marta Poblet [Opens in a new window]
Anna Colom
Affiliation:
https://ror.org/05mzfcs16 The Open University , UK The Data Tank, Belgium
Marta Poblet*
Affiliation:
The Data Tank, Belgium School of Law, https://ror.org/04ttjf776 RMIT University , Australia
*
Corresponding author: Marta Poblet; Emails: marta.pobletbalcell@rmit.edu.au; marta.poblet@datatank.org

Abstract

In our digital world, reusing data to inform: decisions, advance science, and improve people’s lives should be easier than ever. However, the reuse of data remains limited, complex, and challenging. Some of this complexity requires rethinking consent and public participation processes about it. First, to ensure the legitimacy of uses, including normative aspects like agency and data sovereignty. Second, to enhance data quality and mitigate risks, especially since data are proxies that can misrepresent realities or be oblivious to the original context or use purpose. Third, because data, both as a good and infrastructure, are the building blocks of both technologies and knowledge of public interest that can help societies work towards the well-being of their people and the environment. Using the case study of the European Health Data Space, we propose a multidimensional, polytopic framework with multiple intersections to democratising decision-making and improving the way in which meaningful participation and consent processes are conducted at various levels and from the point of view of institutions, regulations, and practices.

Keywords

data governancedata reusedemocratic participationdigital healthpolytopic approach

Information

Type
Translational Article
Information
Data & Policy , Volume 7 , 2025 , e60
Check for updates
Creative Commons
Creative Common License - CCCreative Common License - BY
This is an Open Access article, distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/licenses/by/4.0), which permits unrestricted re-use, distribution and reproduction, provided the original article is properly cited.
Copyright
© The Author(s), 2025. Published by Cambridge University Press

Policy Significance Statement

As the European Union implements the European Health Data Space, policymakers face a critical challenge: how to enable health data reuse while maintaining public trust and democratic oversight. Current approaches often focus on technical compliance or individual consent alone, missing the complex, dynamic interconnections between different types of data, stakeholders, governance levels, and democratic processes. Our framework provides policymakers with a practical tool to map these multiple dimensions simultaneously—identifying who should participate in data governance decisions, at what level, and through which mechanisms. This matters because fragmented approaches risk excluding vulnerable communities and undermining public trust. By adopting this multidimensional framework, policymakers can design more inclusive, accountable, and effective health data governance systems that better serve all citizens while unlocking data’s potential for the common good.

1. Introduction

Data are increasingly everywhere and nowhere at the same time due to power imbalances in who holds data, where, and for what purposes, and due to the inadequacy of current ecosystems for reusing data in ways that are sustainable, inclusive, and responsible. There are, however, a range of efforts to change this.

First, we see efforts to create infrastructure and institutions, such as collaboratives and intermediaries, for data reuse to unlock the value of public-interest data (e.g. Kariotis et al., Reference Kariotis, Ball, Greshake, Dennis, Sahama, Johnston, Almond and Borda2020; Lauer et al., Reference Lauer, Merkel, Bosompem, Langer, Naeve, Herten, Burmann, Vollmar and Otte2024; Paprica et al., Reference Paprica, Crichlow, Curtis Maillet, Kesselring, Pow, Scarnecchia, Schull, Cartagena, Cumyn, Dostmohammad, Elliston, Greiver, Hawn Nelson, Hill, Isaranuwatchai, Loukipoudis, McDonald, McLaughlin, Rabinowitz, Razak, Verhulst, Verma, Victor, Young, Yu and McGrail2023; Ponti et al., Reference Ponti, Portela, Pierri, Daly, Milan, Kaukonen, Maccani, Peter and Thabit2024). Many of these are bottom-up efforts like small data cooperatives or data trusts, which are often built on the premise that people should have agency and control over data and decisions on whether and how it should be reused. Others are top-down, larger ecosystems, such as the European Union (EU) common data spaces, which involve countries, transnational infrastructure, governance systems, and legislation.

Second, we also see regulatory efforts. At the EU level, the European Data Strategy is an attempt to provide a legislative bedrock for this range of ecosystems for data reuse. The Data Governance Act (DGA), the Data Act (DA), and the European Health Data Space (EHDS) are examples of this and are complemented by a range of other related acts and directives, such as the Interoperable Europe Act, the Open Data Directive or the General Data Protection Regulation (GDPR), as well as a range of infrastructure and legislation at the national level. Likewise, the EU AI Act has emerged as a blueprint for governing AI-related risks, although it so far comes without clear guidelines for how the data underpinning these systems, especially general-purpose models and their “scrap-it-all” approach to data, should be legitimately used. In April 2025, the European Commission announced an AI Continent Action Plan and introduced a new Data Union Strategy to address the “scarcity of robust and high-quality data” needed for training and validating AI models (European Commission, 2025: 11), yet it remains unclear how it will align with the implementation of the EHDS (Poblet, Reference Poblet2025).

Despite the growing regulatory framework, the implementation and sustainability of these ecosystems for data reuse remain a challenge. The pioneering EHDS should enable citizens to access their health data and share it with their healthcare professionals across countries (primary use), but also enable these data to be reused by researchers, innovators, and policymakers (secondary uses). The Interoperable Europe Act, National Data Spaces, and federated data infrastructures, such as the European Open Science Cloud, should contribute to this effort with legal and technical infrastructure. However, there are concerns about the gaps and potential contradictions across different regulations (e.g., the DGA, the DA, and the GDPR) and across different constituencies. In addition, meaningful public participation in decisions about and governance of these regulations and institutions remains limited, which can risk their effectiveness, uptake, and trustworthiness. Some of these issues, which are explored below, include the inadequacy of processes for meaningful consent when data is to be reused and, therefore, applied to secondary uses, different from the uses for which consent may have been obtained in the first place. As raised by scholars like Hildebrandt (Reference Hildebrandt2023), reusing data in an interoperable ecosystem can result in de-contextualised data or distorted interpretations of reality, impacting the integrity of such data itself, or in an insufficient understanding of the “relationality of data” (Aleixos-Borrás and López, Reference Aleixos-Borrás and López2024).

Therefore, it is becoming increasingly urgent to link democratic institutions and practices with data, technology, and its users (Casanovas et al., Reference Casanovas, Mendelson and Poblet2017). If we conceive data as a public relational good, it needs to be exploited for the public good in a participatory, inclusive, and democratic way for the reasons we argue below. In this study, our theoretical framework provides a multidimensional approach to democratic engagement in decisions on data as a basis to identify, inform, develop, and monitor governance, regulatory frameworks, and practices across contexts and levels through iterative and multifaceted public participation. We argue that the EU’s vision for a single market for data and a data-driven society (European Commission, 2020), whether in relation to small data collaboratives or transnational public data spaces, can only be achieved through multidimensional, interlinked, two-way inclusive, and participatory approaches to decision-making. Below, we expand on some of these unsolved issues using health data and the EHDS as a case study to ground our arguments.

The polytopic, multidimensional approach we propose addresses a fundamental gap in current health data governance frameworks, which is to apply siloed solutions to a multidimensional challenge. Existing frameworks often focus exclusively on legal compliance (e.g., GDPR requirements), technical infrastructure, or individual consent mechanisms, without acknowledging how these dimensions interact across different scales and contexts. This siloed approach has contributed to the implementation challenges facing initiatives like the EHDS, where legal, governance, and participatory dimensions have not been sufficiently integrated.

Our framework recognises that democratising health data reuse requires simultaneously addressing multiple dimensions, including who participates, at what governance level, through which democratic mechanisms, at which stage of the data cycle, and with respect to what type of data and governance instrument. The polytopic approach creates a flexible, adaptable framework that allows policymakers and stakeholders to identify critical intersection points where democratic participation is most needed and likely to be most effective. This multidimensional perspective enables a more coherent and comprehensive governance ecosystem that can adapt to the complex and evolving nature of health data reuse.

2. The case for democratising data reuse ecosystems

Current processes and ecosystems of data reuse need to ensure legitimacy and integrity, and this requires rethinking consent processes (Carter et al., Reference Carter, Laurie and Dixon-Woods2015; Staunton et al., Reference Staunton, Shabani, Mascalzoni, Mežinska and Slokenberga2024). First, current binary and static approaches to consent are not sufficient because data is not only an individual good but also a collective and relational one (Smuha, Reference Smuha2021; Tennison, Reference Tennison2024; Aleixos-Borrás and López, Reference Aleixos-Borrás and López2024). Its reuse can have consequences for groups and individuals from different communities that individual consent does not account for. As Tennison writes: “The use of data about other people in making decisions about us can limit our effective rights. It can mean that we are not informed and that our consent is not sought because it has already been given by another data subject” (Reference Tennison2024: 3). Second, initial consent does not adequately address the multiple different needs and contexts that data reuse might entail. Therefore, it loses legitimacy when used for secondary and multiple data uses. Important metadata, such as information on the initial purpose and context that a data point or data set represents, can be lost when data are reused, which has implications for the validity and safety of these data (Hildebrandt, Reference Hildebrandt2023). Persson also highlights that the nature of data and its implications change over time and stresses the importance of understanding data as more than a static, immutable commodity: “data governance requires a multidimensional approach to understanding what data is—not just substance, but traceability, context, and meaning across the data life cycle” (Reference Persson2025). Thus, as data travel and are commodified, there is an increased shared responsibility and need for transparency in stewarding its use, consent, and legitimacy. In addition, emerging and advanced technologies still rely on opting out rather than ensuring explicit opt-in first (Radsch, Reference Radsch2025), or do not use consent processes at all and set a precedent for the illegitimate expropriation of data and intellectual property rights, as it has happened with the training of generative and General-Purpose AI systems (Suresh et al., Reference Suresh, Tseng, Young, Gray, Pierson and Levy2024).

In addition to the integrity and legitimacy of consent processes, it is a challenge to align meaningful participation with scale and the seamless travelling of data, starting at the micro level (e.g., meaningful consent and participation in the governance of a data collaborative), the meso level (e.g., consent in national data spaces or participation in national data governance frameworks), or the macro level in transnational ecosystems and across regulations. Without meaningful participation, it is difficult to imagine that people can maintain their agency over data, that processes can account for data’s relational nature and collective impact, that the integrity and “ground truth” (Hildebrandt, Reference Hildebrandt2023) of the data can be respected, that people will trust these spaces enough to use them (Bartlett et al., Reference Bartlett, Ainsworth, Cunningham, Davidge, Harding, Holm, Neumann and Devaney2024), and that there can be alignment across entities, countries, and transnational constituencies.

3. The EHDS as a case in point

The EHDS regulation entered into force on 26 March 2025 and aims to create a single market for electronic health records, facilitating the responsible (primary and secondary) use of health data for various purposes, including improving public health and healthcare delivery, informing government policies, teaching and education, and conducting scientific research (European Parliament and The Council, 2024: Article 34(1)). However, it is important to distinguish between the EHDS regulation and the EHDS as a digital infrastructure, which will require additional regulatory work. Thus, while the Regulation is legally binding as of March 2025, the full deployment of the digital infrastructure will require the European Commission to adopt several implementing acts for operationalisation. In practice, this means that the EHDS will go through a gradual, staggered process where rules on secondary use for most data categories, for example, will only start to apply in March 2029, while full implementation (including third countries and international organisations being able to join in) will extend towards March 2034.

To ensure data privacy and security, the EHDS requires each member state to establish a Health Data Access Body (HDAB). These bodies play a crucial role in enabling the secondary use of health data by reviewing data access requests, ensuring compliance with data protection regulations, and providing secure environments for data analysis. However, the implementation of the EHDS faces several challenges, particularly concerning legal and governance aspects. Some key concerns include potential inconsistencies with existing legislation. For instance, the EHDS may not adequately clarify its relationship with other relevant legal frameworks, such as the GDPR, DGA, and DA (EUCOPE, 2024). Furthermore, there are concerns that the EHDS could even undermine GDPR transparency requirements by introducing waivers related to the provision of individual-level information to data subjects (Article 7), or disfavouring consent as a legal basis for sharing electronic health data (Article 33.5) (Marelli et al., Reference Marelli, Stevens, Sharon, Van Hoyweghen, Boeckhout, Colussi, Degelsegger-Márquez, El-Sayed, Hoeyer, van Kessel and Zając2023). Others have alerted that “the focus on individual control is significantly less prominent in the EHDS considerations on the secondary use of health data” compared to considerations in its primary use (Saelaert et al., Reference Saelaert, Mathieu, Van Hoof and Devleesschauwer2023: 3). From a governance standpoint, questions remain regarding the coordination and collaboration between HDABs, Ethics Review Boards, and Data Protection Authorities, or about ensuring effective and responsible data stewardship across the entire EHDS ecosystem (idem).

The EHDS2 Pilot project is currently building and testing a pilot version of the EHDS by developing both a cross-border network infrastructure and guidelines for data and metadata standards, data quality, data security, and data transfers. Nevertheless, there have been concerns about the limited involvement by the public in the drafting of the EHDS (Saelaert et al., Reference Saelaert, Mathieu, Van Hoof and Devleesschauwer2023). As stated by Staunton et al., “a social licence and public acceptance to access data for research cannot be assumed simply by having a legal framework in place” (Reference Staunton, Shabani, Mascalzoni, Mežinska and Slokenberga2024: 501). This is also in line with the key messages by the OECD with regard to “establishing ongoing channels for public participation” to facilitate the secondary use of health data for public interest (OECD 2025: 28), as well as in line with existing lessons learnt in the space of health data reuse that “legal authority does not necessarily command social legitimacy” (Carter et al., Reference Carter, Laurie and Dixon-Woods2015: 404).

4. Public attitudes and normative frameworks for democratising decision-making on health data reuse

Although it cannot replace ongoing, up-to-date, and meaningful participation in decision-making, understanding what we already know about what different public think about the reuse of data is important and can inform policy development. Similarly, there have been collaborative, deliberated, and co-designed processes by different communities to set standards and principles for the use and reuse of data. In this section, we therefore draw on (i) public attitudes research and (ii) existing sets of principles as epistemic and normative references for supporting the argument that a multidimensional approach to participation is needed.

First, there is a growing body of knowledge about the expectations, attitudes, and visions of people and different communities on data governance and AI systems (Colom et al., Reference Colom, Modhvadia and Reeve2023). The literature on data reuse specifically is still emerging and limited (Skovgaard et al., Reference Skovgaard, Wadmann and Hoeyer2019). While it generally shows an in-principle agreement of people to reuse data for the common good (e.g., OECD 2025), the evidence is limited to a few geographical contexts and points towards unresolved issues and concerns related to, for example, its security and its commercial uses (Skovgaard et al., Reference Skovgaard, Ekstrøm, Svendsen and Hoeyer2024), which reinforces the need for meaningful engagement in decisions on data reuse at multiple levels and across contexts.

Second, we look at four sets of principles as a reference for standards that different communities expect to be respected when using data. These four sets are: (1) FAIR principles—findable, accessible, interoperable, and reusable (Wilkinson et al., Reference Wilkinson, Dumontier, Aalbersberg, Appleton, Axton, Baak, Blomberg, Boiten, Bonino da, Bourne, Bouwman, Brookes, Clark, Crosas, Dillo, Dumon, Edmunds, Evelo, Finkers, Gonzalez-Beltran, Gray, Groth, Goble, Grethe, Heringa, ’t Hoen, Hooft, Kuhn, Kok, Kok, Lusher, Martone, Mons, Packer, Persson, Rocca-Serra, Roos, van Schaik, Sansone, Schultes, Sengstag, Slater, Strawn, Swertz, Thompson, van der Lei, van Mulligen, Velterop, Waagmeester, Wittenburg, Wolstencroft, Zhao and Mons2016); (2) CARE principles—collective benefit, authority to control, responsibility, and ethics (Carroll et al., Reference Carroll, Garba, Plevel, Small-Rodriguez, Hiratsuka, Hudson and Garrison2022); (3) the Maori Data Governance Model, with a specific focus on pou/pillar 6 on data use and reuse (Kukutai et al., Reference Kukutai, Campbell-Kamariera, Mead, Mikaere, Moses, Whitehead and Cormack2023; Sterling et al., Reference Sterling, Kukutai, Chambers and Chen2024); and, finally, (4) The Work of the High-Level Expert Group on AI as the Precursor of the AI Act, and in particular the third requirement, on privacy and data governance (Smuha, Reference Smuha, Forgó, Pehlivan and Valke2025). The criteria used to establish these as references include: (a) is a well-established set of principles, (b) their creation has undertaken a multistakeholder negotiated process, and (c) they have been developed by populations likely to be affected by data misuse, such as oppressed peoples or First Nations. While some of these sets do not emerge from an EU context, they can bring a more comprehensive view of value systems and an inclusion and anti-oppression lens that can improve how we look at issues of bias, impact, agency, and relationality.

While we are not attempting to do an analysis of their content here, these sets of principles point towards the importance of people’s sovereignty, to the importance of collective and relational approaches to understanding data, and to involving people whose data comes from or is about in assessing its potential and impact. Likewise, it is important to note that our polytopic approach does not prescribe a single “best” consent model, but rather offers a framework for considering which participatory practices are most appropriate at different intersection points of our dimensions, ensuring both individual agency and collective deliberation.

Thus, both public attitudes research and multi-stakeholder processes of deliberation suggest that meaningful engagement of diverse publics is paramount in designing innovative policies, infrastructure, and practices for data reuse that are responsible, effective, and trustworthy.

5. A polytopic approach to democratising decisions about data reuse

To represent the dimensions and angles involved in democratising decisions on health data reuse, we can think of a six-dimensional (6D) hyper-cube or hexeract (a 6D polytope). A polytope is often found in mathematical literature to refer to polyhedra that can be generalised to more than three dimensions. We borrow the term as a metaphor for the need to consider a multiplicity of dimensions and angles that are necessary to apply a democratic approach to complex policy puzzles, such as the case of meaningful engagement in data reuse. A polytope may not be an immediately intuitive figure to visualise the multidimensionality we argue for. Yet, our point is precisely that meaningful participation and governance of health data is complex (even counterintuitive or non-obvious) and requires stepping back to consider the many possible dimensions at play and how they intersect. There are no shortcuts to doing participation well. If we were to visualise the hexeract in motion, we would appreciate how the hypercube is seemingly changing its structure, as it would rotate around a plane rather than an axis (creating the effect of cubes popping in and out constantly). This motion also mirrors the difficulty in fully comprehending socio-technical systems operating across multiple (often hidden) dimensions. Likewise, the multiple sides to a democratic approach in health data reuse surface and subside dynamically depending on the perspective we adopt.

From our perspective, there are more than three dimensions to consider in a democratic approach and, as we argue below, there is a need for a framework that is flexible enough to admit multiple dimensions. The polytop, therefore, enables us to identify democratic approaches that are relevant to the different angles in which these dimensions intersect. Fig. 1 below offers a high-level representation of a polytopic approach to democracy.

Figure 1. A high-level representation of a polytopic approach to democracy.

The dimensions we consider here include: (1) the type and meaning of data; (2) the type of governance instrument; (3) the scale of the setting in which participation applies; (4) the models of democracy; (5) the stage of the data reuse cycle; and (6) who participates. Yet, this is an open list, and we chose the metaphor of the polytope because it points to the combinations and intersections across dimensions and because it is open-ended. The six dimensions we include here are derived from our own work in this field. They do not come from a systematic analysis of existing frameworks and their dimensions, and hence we do not suggest this is a fixed or exhaustive list either, but they are dimensions that are recurrent across analyses we have conducted in previous work (Casanovas et al., Reference Casanovas, Mendelson and Poblet2017; Poblet et al., Reference Poblet, Casanovas, Rodríguez-Doncel, Poblet, Casanovas and Rodríguez-Doncel2019; Colom et al., Reference Colom, Modhvadia and Reeve2023) and we, therefore, think are central in any framework to inform a democratic approach to data governance, including in the EHDS. We briefly outline these below.

5.1. Dimension 1: Type and meaning of data

Data increasingly come from different sources, in different ways, and is increasingly multi-modal and non-traditional. In the EHDS, article 51 lists 17 “minimum categories of electronic health data for secondary use,” a broad range (both unstructured and structured) that includes electronic medical records, administrative data, genetic data, data from biobanks, data generated automatically from medical devices and wellness applications, or population-based health data from public registries, among others. These data not only have different access regimes (some non-personal data will be either publicly accessible in open datasets or protected, while personal data will be categorised as sensitive and non-public) but will keep changing over time, and people and organisations will attach different meanings to them. Moreover, there are different streams in the literature analysing data as an economic good, but exhibiting different (and conflicting) features. Thus, data can be considered as a public-interest and non-rivalrous good (e.g., Delacroix, Reference Delacroix2024), a subtractable, hard-to-exclude commons (e.g., van Maanen et al., Reference van Maanen, Ducuing and Fia2024), a club good (e.g., Minervini, Reference Minervini2020), or a private good. In contrast to these approaches, a critical perspective considers that this focus on data as an economic good, regardless of its subtractability/excludability properties, is unproductive as it does not allow attaining goals such as protecting privacy and other fundamental rights and/or interests (e.g., Purtova and van Maanen, Reference Purtova and van Maanen2024). Some others have argued that seeing data as “infrastructure” means it is a connector that serves collective interests and which requires “embracing well-designed public interest regulation in tech markets” (Bietti, Reference Bietti2025: 37). As stated by Casanovas et al. (Reference Casanovas, Mendelson and Poblet2017), we live in an era of “Linked Data,” which “calls for a new approach to democratic theory that pays attention to the interplay between people, technology, and data” (p.520). Data commodification tends to reinforce power asymmetries and undermine public trust, so our framework considers health data as a relational good that requires democratic oversight and stewardship across multiple dimensions.

In sum, the different types and meanings attached to data underscore its dynamic and connected nature, and recognising these features is crucial for developing effective and responsive governance in the health data landscape.

5.2. Dimension 2: Governance instruments

We think of participation and democratisation as applied to a range of governance instruments. The current context of health data reuse requires considering all these different instruments, which include hard law (laws, acts, and regulations), soft law (codes, standards, guidelines, etc.), policies, ethical principles, and so forth (Poblet et al., Reference Poblet, Casanovas, Rodríguez-Doncel, Poblet, Casanovas and Rodríguez-Doncel2019). At the same time, these will also apply to other dimensions, including the context of the governance (legislation, institutional governance, practices, etc.), which also relates to the dimension below on scale. The effectiveness of these instruments will often depend on how they intersect with other dimensions in the polytopic framework. For instance, article 19 of the EHDS mandates national states to designate “digital health authorities” and entrusts them, among other functions, with “the implementation of the rights and obligations provided for (in Chapters II and III EHDS) by adopting necessary national, regional or local technical solutions and by establishing relevant rules and mechanisms.” Digital national health authorities will, therefore, implement the EHDS while also operating under national legislation (hard law at the meso level), but their success will also rely on institutional governance practices (soft law at the micro level) that enable meaningful patient participation in data sharing decisions. Similarly, ethics boards and committees at different levels will have to be included for comprehensive governance frameworks to address both legal compliance and social license for health data reuse.

5.3. Dimension 3: Scale of the governance setting

As the case of health data reuse shows, data are held and governed within different settings of different scales, which for now we classify as micro, meso, or macro levels. At the micro level, individual hospitals and research institutions operate their own data governance frameworks, where patients should be able to participate not only through individual consent mechanisms but also through patient associations and/or advisory boards to shape data reuse policies. For example, in Belgium, the seven Belgian university hospitals have jointly developed their own principles, practices, and guidelines for data reuse in the “Common position establishing a framework for secondary use of real-world data (routinely) collected in hospitals” (Belgian University Hospitals, 2024).

Some data may be held in data collaboratives, intermediaries, or cooperatives built on infrastructure that enables individuals to decide and consent on different types of data to be reused or not by different stakeholders and for different purposes. At this micro level, participation in decision-making refers, however, not only to individual consent but can also involve participation in the statutes and governance of the institution, or additional participation processes that are initiated to deal with questions on data reuse that require a more collective and relational approach to consent. At the meso level, participation may involve engaging in decisions in law, regulation, or principles at the national-level government layers, whereas at the macro level, participation needs to be thought of to fit decisions on reusing data across constituencies, governments, and value systems. In practice, these scales will often interact. For instance, a local hospital in Spain sharing cancer registry data with the European Network of Cancer Registries needs to navigate governance requirements at all three levels: its own institutional processes (micro), national health data protection laws (meso), and EU-wide frameworks such as the EHDS itself (macro).

5.4. Dimension 4: Models of democracy

There are different approaches to democracy and their relevance to improve decision-making on data reuse can be based on both normative, epistemic, or pragmatic reasons, or a combination of these. For example, we may consider the strengths and value of deliberative approaches, of representative democracy and its established mechanisms, such as voting or submitting petitions, or of civil and political rights-based approaches that protect the right to spaces and rights to be claimed and be led from the bottom-up (Wilson and Mellier, Reference Wilson and Mellier2023). One can also consider models that are often used within organisations, such as sociocracy or consensus democracy. Some may be more relevant at the micro level, while others may be at the meso or macro levels. For example, in the context of the EHDS, the Health Data Access Bodies are meant to provide “trusted governance for providing access to health data” (European Parliament and The Council, 2024) and, in this context, a standing and deliberative citizens’ jury could complement the democratic governance and oversight on the decisions of these state member-level institutions. As an example, a 2024 Citizens Committee for Digital Health in France explored how to integrate the EHDS regulation into French law and made 52 recommendations to address gaps in regulation, concerns over ethics, and the control citizens had over data reuse, with at least 50% of these recommendations having been included in government strategies (OECD, 2025).

This dimension also relates to considering the different public attitudes research methods, which the literature has pointed out need to be more deliberative and dialogic for more meaningful engagement and for a more effective link between research and policy (Sorbie, Reference Sorbie2020; Colom et al., Reference Colom, Modhvadia and Reeve2023).

There is no set list of models of democracy or engagement methods, and this is non-exhaustive. The point of a polytopic approach is that it assumes there may be a multiplicity of dimensions and a multiplicity of elements within each. For example, related to this dimension is considering the extent to which power is shared during the participatory process. For decades now, Arnstein’s participation ladder has served as a key framework in the participation literature as it sets out different levels of participation depending on how much participants have power to influence the outcomes of the process (Reference Arnstein1969). Arnstein’s ladder and its evolution have been applied to many fields and contexts, including as a lens for analysing the extent to which people have agency over decisions on data governance (Ada Lovelace Institute, 2021). Gaventa’s participation cube also centres power as a framework to understand participation in a complex, interlinked world. Gaventa defines the power cube as “an approach to power analysis which can be used to examine the multiple forms, levels and spaces of power, and their interactions.” (Gaventa, Reference Gaventa2019: 1). A dimension that makes levels of power more explicit, then, can well be separate from this dimension on models of democracy to help centre power in the polytope. Similarly, Leslie et al. developed a framework for policymakers and stakeholder engagement based on six data justice pillars, including access, equity, identity, or knowledge, alongside power and participation (2022). A Data Justice Framework, then, could also be a separate dimension in this polytope.

5.5. Dimension 5: Who participates

An important problem in democracy and participation in decision-making in general, and on health data reuse specifically, relates to who is included and who is not. This is not only a normative and justice problem but also has implications for data quality, bias, and who may benefit or be harmed from the reuse of data. As Tacheva and Ramasubramanian write, there is an urgent need to “radically transform not just the technology itself, but our ideas about it, and develop it from the bottom up, from the perspectives of those who stand the most risk of being harmed” (Reference Tacheva and Ramasubramanian2023: 1). This dimension is essential to arguing for a democratic approach to decisions on data reuse in the first place. Including it as an explicit dimension can help to identify gaps or power imbalances in who is represented in decision-making and what different models of democracy and approaches to participation need to be considered, added, or combined to ensure that underrepresented or affected populations are centred in the framework or polytope. Being explicit about this dimension can also bring clarity on the need for different engagement strategies for different stakeholders or on the different needs and interests present or missing in a decision-making process.

The question of participation in health data governance also reveals significant power imbalances, particularly evident during the development of the EHDS. The European Patients’ Forum (EPF), representing 78 patient organizations across Europe, highlighted critical gaps in patient involvement during the EHDS development process. For instance, while the EHDS aims to give citizens control over their health data, the EPF pointed out that patient organisations were insufficiently consulted on key aspects such as the design of data access mechanisms and opt-out procedures (EPF, 2022). Other civil society coalitions have expressed similar concerns, urging to include the voice of EU citizens in the decisions granting access to health data (Schipper and Ollivier de Leth, Reference Schipper and Ollivier de Leth2024). In addition, specific groups with experience of stigma, discrimination, or other barriers to trusting and accessing health systems might need particular attention to ensure their views are meaningfully included in how data related to them should be reused in ways that respect their agency and concerns to improve diagnosis and treatment. For example, the sickle cell disease population has been both historically underserved and potentially reluctant to trust health systems due to experiences of discrimination (McCormick et al., Reference McCormick, Osei-Anto and Martinez2020). Yet, health data from this population can help to improve services and health outcomes for patients (Kunz and Tagliaferri, Reference Kunz and Tagliaferri2024). However, there is still variation in the extent to which this data is available through newborn screening programmes in Europe (Rodrigues et al., Reference Rodrigues, Marcão, Lopes, Ventura, Faria, Ferrão, Gonçalves, Kjöllerström, Castro, Fraga, Almeida, Maia, Gomes, Lachado, Guerra, Ferreira, Trigo, Bento and Vilarinho2025). As with other health data that might be rare or attached to stigma, thinking about which groups and how are involved in decisions about the reuse of such data is particularly important.

Exploring “who participates” is also connected to responsibility and how to distribute it across different actors and governance levels. Rather than assigning responsibility for data reuse to either individual data holders (via consent mechanisms) or to centralised regulatory bodies such as HDABs (via legal compliance), our polytopic approach helps to identify which additional stakeholders across the dimensions should have shared agency and responsibility.

5.6. Dimension 6: Stage of the data reuse cycle

Another dimension to consider is the stage of the data reuse cycle. How are different publics involved and in what way, depending on what decisions need to be made? Participation may be different depending on whether decisions are about which data to reuse, how to reuse, who will be reusing it, or deciding how its impact will be monitored and accounted for. These stages, therefore, may include need identification, data access, governance, management, or monitoring and evaluation. At the same time, these elements will be linked to other dimensions and, therefore, present different compositions of the polytope and the shape that participation and democratic engagement will take. For example, within the governance stage of data reuse, there will be a need to identify whether this stage intersects with a specific policy cycle—agenda setting, policy formulation, adoption, implementation, and evaluation as per Leslie et al. (Reference Leslie, Katell, Aitken, Singh, Briggs, Powell, Rincon, Perini and Jayadeva2022). Additionally, at the same time, this policy cycle will take different forms depending on whether it takes place at the micro level—that is, within the governance of a data collaborative; at the meso level—that is, at the policy development of a national government; or at the macro level—that is, within EU policy. For example, in the development of the French Health Data Hub, the initial need identification stage aligned with national policy agenda-setting through public consultations, while the implementation stage involved local hospital systems and regional health authorities in determining practical data sharing protocols (Health Data Hub, 2024). At the EU (macro) level, the EHDS replicates this complexity: during its policy formulation stage, the EPF participated in defining data reuse principles, while at the implementation stage, national Health Data Access Bodies will have to establish their own participatory mechanisms for monitoring data reuse impacts.

6. Conclusions

The reuse of health data represents one of the most complex policy challenges in our emergent digital health ecosystems. Data and its reuse come in many forms, involve all sorts of stakeholders, have the potential for multiple benefits and harms, and have to overcome different governance frameworks within and across constituencies and contexts. Approaching how to democratise it necessitates a framework that embeds both multiplicity and flexibility. The one we presented here does not intend to offer an exhaustive list of dimensions or the elements within them. This is the point of a polytope, it acknowledges the n-possibilities so it can be adapted and remain relevant. A polytopic approach aims to capture this complexity while at the same time providing clarity by thinking in terms of dimensions, their multiple elements within them, and the needs created at their intersections.

The polytopic approach also highlights critical areas that require attention in current and future health data governance frameworks. Our future work should focus on developing evaluation frameworks to assess—for example, the effectiveness of different participatory mechanisms within each dimension of the polytope and at the intersections. We will also need additional research to understand how the framework can be applied to emerging applications and technologies such as AI systems in healthcare, where data reuse patterns and governance needs may differ significantly from traditional health data applications. There is ultimately a need to build case studies of how the polytopic approach can be operationalised in practice, particularly in the context of cross-border health data sharing initiatives like the EHDS, and how it can help address the growing challenges of data sovereignty and algorithmic governance in digital healthcare systems.

Data availability statement

This study offers a general framework of analysis and does not provide any specific datasets.

Acknowledgements

The authors are grateful to the organisers of the Participatory AI Research & Practice Symposium celebrated in Paris on Saturday, 8 February 2025, for facilitating an interactive session where they received valuable feedback on an earlier version of this article.

Author contribution

Both authors have equally contributed to the conceptualisation and writing of the different sections of the article. All authors approved the final submitted draft.

Funding statement

This work received no specific grant from any funding agency, commercial, or not-for-profit sectors.

Competing interests

The authors declare none.

References

Ada Lovelace Institute (2021) Participatory Data Stewardship. Available at https://www.adalovelaceinstitute.org/wp-content/uploads/2021/11/ADA_Participatory-Data-Stewardship.pdf.Google Scholar
Aleixos-Borrás, and López, JJ (2024) A hermeneutic dialogical understanding of data reuse across different access regimes. Science as Culture, 122.Google Scholar
Arnstein, S (1969) A ladder of citizen. Participation Journal of the American Planning Association 35(4), 216224.Google Scholar
Bartlett, B, Ainsworth, J, Cunningham, J, Davidge, G, Harding, M, Holm, S, Neumann, V and Devaney, S (2024) Health data stewardship: Achieving trust through accountability in health data sharing for research. Law, Innovation and Technology 16(2), 517557.10.1080/17579961.2024.2392937CrossRefGoogle Scholar
Belgian University Hospitals (2024) Common Position Establishing a Framework for Secondary Use of Data Routinely Collected in Hospitals. Available at https://www.univ-hospitals.be/common-position-establishing-a-framework-for-secondary-use-of-real-world-data-routinely-collected-in-hospitals/.Google Scholar
Bietti, E (2025) Data is infrastructure. Theoretical Inquiries in Law 26(1): 5587. https://doi.org/10.1515/til-2025-0004.CrossRefGoogle Scholar
Carroll, SR, Garba, I, Plevel, R, Small-Rodriguez, D, Hiratsuka, VY, Hudson, M and Garrison, N’A (2022) Using indigenous standards to implement the CARE principles: Setting expectations through tribal research codes. Frontiers in Genetics 13, 823309.Google ScholarPubMed
Carter, P, Laurie, GT and Dixon-Woods, M (2015) The social licence for research: Why care.Data ran into trouble. Journal of Medical Ethics 41(5), 404409.CrossRefGoogle ScholarPubMed
Casanovas, P, Mendelson, D and Poblet, M (2017) A linked democracy approach for regulating public health data. Health and Technology 7(4), 519537.CrossRefGoogle Scholar
Colom, A, Modhvadia, R and Reeve, O (2023) What Do the Public Think about AI? Understanding Public Attitudes and Involving the Public in Decision-Making about Artificial Intelligence. Evidence Review. London: Ada Lovelace Institute. Available at https://www.adalovelaceinstitute.org/wp-content/uploads/2023/11/ALI-2023_What-do-public-think-about-AI_Evidence-review.pdf.Google Scholar
Delacroix, S (2024) Sustainable data rivers? Rebalancing the data ecosystem that underlies generative AI. Critical AI, 2(1), https://doi.org/10.1215/2834703X-11205224CrossRefGoogle Scholar
EPF (2022) EPF Statement On EHDS. Available at https://www.eu-patient.eu/news/latest-epf-news/2022/epf-statement-on-ehds/.Google Scholar
EUCOPE (2024) The European Health Data Space: Concerns and Opportunities Following Ongoing Trilogues. Available at https://www.eucope.org/the-european-health-data-space-challenges-and-opportunities-with-respect-to-the-different-proposals-currently-subject-to-the-trilogue-negotiations/.Google Scholar
European Commission (2020) Communication From the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions - A European Strategy for Data. Available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52020DC0066.Google Scholar
European Commission (2025) The AI Continent Action Plan. Available at https://digital-strategy.ec.europa.eu/en/library/ai-continent-action-plan.Google Scholar
European Parliament and The Council (2024) European Health Data Space Regulation – Compromise Text. Brussels: Council of the European Union. Available at https://www.consilium.europa.eu/media/70909/st07553-en24.pdf.Google Scholar
Gaventa, J (2019) Applying power analysis: Using the ‘powercube’ to explore forms, levels and spaces In: Power, Empowerment and Social Change. London: Routledge.Google Scholar
Health Data Hub (2024) Suite à l’Adoption du Règlement EHDS, le HDH Collabore Avec Ses Partenaires Pour Faire de L’EHDS Une Réalité. Available at https://www.health-data-hub.fr/actualites/adoption-reglement-ehds-le-hdh-collabore.Google Scholar
Hildebrandt, M., 2023. Ground-truthing in the European health data space. In BIOSTEC , pp. 1522. https://www.scitepress.org/Papers/2023/119559/119559.pdf 10.5220/0011955900003414CrossRefGoogle Scholar
Kariotis, T, Ball, MP, Greshake, Tzovaras B, Dennis, S, Sahama, T, Johnston, C, Almond, H and Borda, A (2020) Emerging health data platforms: From individual control to collective data governance. Data & Policy, 2:e13. doi:10.1017/dap.2020.14CrossRefGoogle Scholar
Kukutai, T, Campbell-Kamariera, K, Mead, A, Mikaere, K, Moses, C, Whitehead, J and Cormack, D (2023) Māori Data Governance Model. Rotorua, NZ: Te Kāhui RaraungaGoogle Scholar
Kunz, JB and Tagliaferri, L (2024) Sickle cell disease. Transfusion Medicine and Hemotherapy 51(5), 332344.10.1159/000540149CrossRefGoogle ScholarPubMed
Lauer, R, Merkel, S, Bosompem, J, Langer, H, Naeve, P, Herten, B, Burmann, A, Vollmar, HC and Otte, I (2024) (data-) cooperatives in health and social care: A scoping review. Journal of Public Health, 119.Google Scholar
Leslie, D, Katell, M, Aitken, M, Singh, J, Briggs, M, Powell, R, Rincon, C, Perini, A and Jayadeva, S (2022) Data justice in practice: A guide for policymakers. SSRN Electronic Journal. Epub ahead of print 2022. https://doi.org/10.2139/ssrn.4080050.Google Scholar
Marelli, L, Stevens, M, Sharon, T, Van Hoyweghen, I, Boeckhout, M, Colussi, I, Degelsegger-Márquez, A, El-Sayed, S, Hoeyer, K, van Kessel, R, Zając, DK (2023) The European health data space: Too big to succeed?. Health Policy, 135, 104861. Available at https://www.sciencedirect.com/science/article/pii/S016885102300146X.Google ScholarPubMed
McCormick, M, Osei-Anto, HA and Martinez, RM (2020) Addressing Sickle Cell Disease: A Strategic Plan and Blueprint for Action. Washington DC: The National Academies Press.CrossRefGoogle Scholar
Minervini, M (2020) Essays in Data Governance: Evidence from the Health Sector. Available at https://iris.unibocconi.it/bitstream/11565/4058673/2/Tesi%20MINERVINI_1239946.pdf.Google Scholar
OECD (2025) Facilitating the secondary use of health data for public interest purposes across borders. OECD Digital Economy Papers 376, June 2025. Available at https://www.oecd.org/en/publications/facilitating-the-secondary-use-of-health-data-for-public-interest-purposes-across-borders_d7b90d15-en.htmlGoogle Scholar
Paprica, PA, Crichlow, M, Curtis Maillet, D, Kesselring, S, Pow, C, Scarnecchia, TP, Schull, MJ, Cartagena, RG, Cumyn, A, Dostmohammad, S, Elliston, KO, Greiver, M, Hawn Nelson, A, Hill, SL, Isaranuwatchai, W, Loukipoudis, E, McDonald, JT, McLaughlin, JR, Rabinowitz, A, Razak, F, Verhulst, SG, Verma, AA, Victor, JC, Young, A, Yu, J and McGrail, K (2023) Essential requirements for the governance and management of data trusts, data repositories, and other data collaborations. International Journal of Population Data Science 8(4).10.23889/ijpds.v8i4.2142CrossRefGoogle ScholarPubMed
Persson, J (2025) Ignoring the role of time in data governance. In: Jen Persson’s Blog. Available at https://jenpersson.com/ignoring-the-role-of-time-in-data-governance/.Google Scholar
Poblet, M (2025) The data union strategy: Game changer or déjà vu?. In: Data & Policy Blog. Available at https://medium.com/data-policy/the-union-data-strategy-game-changer-or-d%C3%A9j%C3%A0-vu-df78ad56778e.Google Scholar
Poblet, M, Casanovas, P and Rodríguez-Doncel, V, Poblet, M, Casanovas, P, Rodríguez-Doncel, V (2019) Legal linked data ecosystems and the rule of law. In: Linked Democracy. SpringerBriefs in Law. Cham: Springer International Publishing, pp. 87126. https://doi.org/10.1007/978-3-030-13363-4_5 (accessed 7 August 2024).CrossRefGoogle Scholar
Ponti, M, Portela, M, Pierri, P, Daly, A, Milan, S, Kaukonen, Lindholm R, Maccani, G, Peter, de Souza S and Thabit, Gonzalez S (2024) Unlocking Green Deal Data: Innovative Approaches for Data Governance and Sharing in Europe. Luxembourg: Science for Policy. Joint Research Centre.Google Scholar
Purtova, N and van Maanen, G (2024) Data as an economic good, data as a commons, and data governance. Law, Innovation and Technology 16(1), 142.CrossRefGoogle Scholar
Radsch, C (2025) The Case for Requiring Explicit Consent From Rights Holders for AI Training. Available at https://www.techpolicy.press/the-case-for-requiring-explicit-consent-from-rights-holders-for-ai-training/.Google Scholar
Rodrigues, D, Marcão, A, Lopes, L, Ventura, A, Faria, T, Ferrão, A, Gonçalves, C, Kjöllerström, P, Castro, A, Fraga, S, Almeida, M, Maia, T, Gomes, J, Lachado, A, Guerra, I, Ferreira, F, Trigo, F, Bento, C and Vilarinho, L (2025) Newborn screening for sickle cell disease: Results from a pilot study in the Portuguese population. International Journal of Neonatal Screening 11(1), 10. https://doi.org/10.3390/ijns11010010.CrossRefGoogle ScholarPubMed
Saelaert, M, Mathieu, L, Van Hoof, W and Devleesschauwer, B (2023) Expanding citizen engagement in the secondary use of health data: An opportunity for national health data access bodies to realise the intentions of the European health data space. Archives of Public Health 81(1), 168.10.1186/s13690-023-01182-4CrossRefGoogle ScholarPubMed
Schipper, I and Ollivier de Leth, D (2024) Civil Society Coalition Urges EU to Put the Interests of Patients and Citizens at the Heart of the European Health Data Space. SOMO. Available at https://www.somo.nl/civil-society-coalition-urges-eu-to-put-the-interests-of-patients-and-citizens-at-the-heart-of-the-european-health-data-space/Google Scholar
Skovgaard, L, Ekstrøm, CT, Svendsen, MN, Hoeyer, K (2024) Survey of attitudes in a Danish public towards reuse of health data. PLoS One 19(12), e0312558.10.1371/journal.pone.0312558CrossRefGoogle Scholar
Skovgaard, LL, Wadmann, S and Hoeyer, K (2019) A review of attitudes towards the reuse of health data among people in the European Union: The primacy of purpose and the common good. Health Policy 123(6), 564571.CrossRefGoogle ScholarPubMed
Smuha, NA (2021) Beyond the individual: Governing AI’s societal harm. Internet Policy Review 10(3).10.14763/2021.3.1574CrossRefGoogle Scholar
Smuha, NA (2025) The work of the high-level expert group on AI as the precursor of the AI act. In Forgó, N, Pehlivan, CN and Valke, P (eds.), AI Governance and Liability in Europe: A Primer. Alphen Aan Den Rijn, Netherlands, Wolters Kluwer.Google Scholar
Sorbie, A (2020) Sharing confidential health data for research purposes in the UK: Where are ‘publics’ in the public interest? Evidence & Policy 16(2), 249265.10.1332/174426419X15578209726839CrossRefGoogle Scholar
Staunton, C, Shabani, M, Mascalzoni, D, Mežinska, S and Slokenberga, S (2024) Ethical and social reflections on the proposed European health data space. European Journal of Human Genetics 32(5), 498505.CrossRefGoogle ScholarPubMed
Sterling, R, Kukutai, T, Chambers, T and Chen, ATY (2024) A Māori data governance assessment of the NZ COVID tracer app. Discover Social Science and Health 4(1), 32.10.1007/s44155-024-00092-2CrossRefGoogle Scholar
Suresh, H, Tseng, E, Young, M, Gray, ML, Pierson, E and Levy, K (2024) Participation in the Age of Foundation Models. Available at http://arxiv.org/abs/2405.19479 (accessed 3 June 2024).Google Scholar
Tacheva, J and Ramasubramanian, S (2023) AI empire: Unraveling the interlocking systems of oppression in generative AI’s global order. Big Data & Society 10(2), 20539517231219241.CrossRefGoogle Scholar
Tennison, J (2024) Developing a Framework for Collective Data Rights. Special Report. Waterloo, Canada: Centre for International Governance Innovation. Available at https://www.cigionline.org/static/documents/Tennison_Special_Report.pdf.Google Scholar
van Maanen, G, Ducuing, C and Fia, T (2024) Data commons. Internet Policy Review, 13(2), 113.10.14763/2024.2.1748CrossRefGoogle Scholar
Wilkinson, MD, Dumontier, M, Aalbersberg, IJ, Appleton, G, Axton, M, Baak, A, Blomberg, N, Boiten, JG, Bonino da, Silva Santos L, Bourne, PE, Bouwman, J, Brookes, AJ, Clark, T, Crosas, M, Dillo, I, Dumon, O, Edmunds, S, Evelo, CT, Finkers, R, Gonzalez-Beltran, A, Gray, AJG, Groth, P, Goble, C, Grethe, JS, Heringa, J, ’t Hoen, PAC, Hooft, R, Kuhn, T, Kok, R, Kok, J, Lusher, SJ, Martone, ME, Mons, A, Packer, AL, Persson, B, Rocca-Serra, P, Roos, M, van Schaik, R, Sansone, SA, Schultes, E, Sengstag, T, Slater, T, Strawn, G, Swertz, MA, Thompson, M, van der Lei, J, van Mulligen, E, Velterop, J, Waagmeester, A, Wittenburg, P, Wolstencroft, K, Zhao, J and Mons, B (2016) The FAIR guiding principles for scientific data management and stewardship. Scientific Data 3(1), 160018.CrossRefGoogle ScholarPubMed
Wilson, R and Mellier, C (2023) Getting real about citizens’ assemblies: A new theory of change for citizens’ assemblies. In: European Democracy Hub. Available at https://europeandemocracyhub.epd.eu/getting-real-about-citizens-assemblies-a-new-theory-of-change-for-citizens-assemblies/.Google Scholar
Figure 0

Figure 1. A high-level representation of a polytopic approach to democracy.

Submit a response

Comments

No Comments have been published for this article.