[FrancoisBosun]

In the article, it is mentioned that « we can grant temporary access to cardiac-related data » (paraphrased). This is where it gets difficult: how am I to know that some data is cardiac-related or not? Is it important to share my thyroid levels or not? This is a very difficult problem. I wouldn’t know what to share for medical history.

[gibsonf1]

Our[1] solution to that is to use a hierarchical semantic systems approach such that you can give access to a subsystem or entire biological systems.

[1] https://graphmetrix.com/trinpod-server

[vintermann]

The requester would know what to request.

[febusravenga]

And he would request all you have... like many apps do today ( in case of permissions)... and refuse to provide service if not given all.

[vintermann]

We have laws regulating what personal information you are allowed to ask for, and what you're allowed to do with it. These laws have teeth too, at least in the EU.

Passively snooping on health info you have no business looking on gets health personnel sanctioned regularly in the present system. It would be even more risky if they actively had to ask for the information they didn't need.

Of course, for medical information there often has to be emergency overrides because you might need immediate help and you (or your designated trusted person) might not be accessible and capable of giving active consent.

[fastball]

But doesn't this obviate the use of a specific protocol? The protocol itself does very little to help with this problem – only laws with teeth do that.

[eagleal]

Meh, there's workarounds to the GDPR framework if you're a company outside the EU. I'd say if you had a big company outside the EU, like the US, you'd have even less regulation than EU companies have to adhere to.