The European Health Data Space (EHDS) represents a significant advancement in
the EU’s digital and health policy. EHDS aims to create a sound and unified
framework for the secure exchange and use of health data in the European Union.
The unfettered access to data in digital technologies used in healthcare services

conditions the innovativeness and competitiveness of the healthcare sector in the EU.
In order to fight the problem of data scarcity and as a cornerstone of the European
Health Union (COM(2024)206 final), the EHDS aims to create a unified framework for
the secure exchange and use of health data across member states. The EHDS
should be analysed against the background of the existing policy and legislative
measures mostly focused on the data protection mechanisms ( ex. GDPR, Data
Governance Act).
The EHDS can be seen as another important measure deeply rooted in the ambition
to establish sound, safe and values-based environment for the development of digital
technologies. With the adoption of the EHDS both primary and secondary use of
health data will be facilitated with the strong emphasis on full compliance with the
EU’s data protection standards. The EHDS aims at promoting both individual values,
where patients will have an immediate access to their data in the electronic form, but
also more collective ones, linked with overall logic of EU’s digital sovereignty – in this
sense the EHDS will empower the use of health data for research, innovation, policy-
making and regulatory activities. It is a promising element of strengthening the
position of the EU as an important promoter and investor in novel technologies used
in healthcare.
The goal of the proposed paper is to reflect on the question on how does the EHDS
align with the efforts to strengthen EU’s digital sovereignty, by protecting values
related to data and privacy and promoting innovativeness at the same time.

Technology-neutral regulation is a popular slogan in EU lawmaking. Present in the Commission's Better Regulation Guidelines and name-checked in instruments such as the DSA and the AI Act, technology neutrality is touted as a way to regulate innovative technologies while fostering innovation. However, the operationalization of this concepts suffers from various challenges, not least a lack of consensus about what neutrality means in the first place. In this paper, I argue that the fuzziness of technology neutrality contributes to the erosion of legal limits to private and public power. This argument is grounded on the black-letter analysis of recent EU digital law instruments, as well as by the analysis of policy documents and soft law instruments that deal with lawmaking in the digital sphere and the implementation of technology-neutral regulation, as well as the theoretical literature on technology neutrality. Drawing from these sources, I begin my argument by mapping three different tools EU lawmakers use to pursue neutrality: the use of vague terms in legal instruments, the stipulation of delegated and implementing law instruments that are meant to supply technical details left open by the original legal text, and the reliance on context-specific determination of the technical contents of the law at the moment of application. After outlining how these three strategies coexist in EU law, I illustrate how they all disguise political and legal problems as technical issues, effectively delegating the power to determine the technical contents of the law. In doing so, technology neutrality allows private actors to entrench their power over digital infrastructure, while helping public actors to outsource legally questionable practices and avoid the reputational and legal costs of overreach. To conclude the paper, I show how unchecked technological neutrality might undermine some of the key aims of the digital acquis and propose potential remedies and future paths for research.

The paper explores data protection legal mobilisation (‘DPLM’) before the Court of Justice of the EU. It provides a theoretical framework to study DPLM before the CJEU and undertakes, for the first time, a comprehensive mapping of this area. It does so by studying, all the data protection-related judgments delivered by the Court between 2014-2023. The mapping is crucial to shed light on the characteristics and mechanisms of DPLM; it is also needed in order to unveil any potential blind spots of such mobilisation. The paper asks: How can data protection legal mobilisation before the CJEU be understood through general mobilisation debates and theoretical frameworks? What are its main actors, objectives, topics and outcomes? What are its potential neglected aspects and omissions? The article argues that while DPLM as it emerges from our empirical study can be considered a successful story overall; it, nevertheless, appears elitist in its objectives, problems and actors. In this regard, we call for a critical rethinking of DPLM in order to transfer the data protection collective struggles of more marginalised social movements to the CJEU juridical field.