As disputes and compliance pressures over medical data intensify, how can privacy be protected while unlocking data’s value? Trusted Data Space is charting a new path forward
Medical and health data have become a strategic asset for the biopharmaceutical industry and play a critical role in innovation such as new drug development. Yet their high sensitivity and immense value are accompanied by serious legal risks, leading to frequent disputes over data privacy and security. In practice, data silos, the lack of trust among stakeholders, and the mounting compliance pressures of frameworks such as China’s Personal Information Protection Law have together formed fertile ground for conflict, while the traditional reliance on post-dispute remedies remains costly and inefficient. In response, the industry is shifting towards prevention at source. The Trusted Data Space (TDS) framework, when combined with the Technical Standards for Secure Sharing of Health and Medical Data Elements, offers a new solution: a data governance model that embeds compliance into technology and places risk prevention at its core. Through this approach, technology itself defines responsibility, strengthens trust, and reduces the scope for disputes, aligning the pursuit of data value with the demands of security and legal compliance.
The compliance conundrum
Jessie Zhang
Senior Partner
Wintell & Co
Tel: +86 138 1621 3091
E-mail: Jessie.zhang@wintell.cn
Disputes over medical data stem from inherent contradictions in its circulation and use. First, data silos make cross-entity authorisation and sharing processes complex, with unclear accountability often sparking disputes. Second, stringent compliance frameworks such as the Personal Information Protection Law impose strict requirements on consent, cross-border transfers, and data export, where any lapse may trigger litigation. Patient privacy remains an inviolable red line; any breach or misuse may lead to large-scale collective actions. Finally, the persistent trust deficit between data providers, such as hospitals, and data users, such as pharmaceutical firms, continues to sow the seeds for potential breaches and contractual conflicts.
Prevention at the source
TDS is not merely a data transmission channel but also a foundational infrastructure for secure and trusted data flows designed to prevent disputes from the outset. Its architecture naturally aligns with the front-end needs of risk prevention. At its core lies the digital contract, which translates traditional legal agreements into machine-readable and automatically executable code. By programmatically defining key terms– such as the purpose, scope, and duration of data usage – TDS eliminates ambiguity and enforces compliance, preventing disputes rooted in unclear obligations or improper performance.
On this foundation, a usage control component serves as a trusted technical supervisor, ensuring that every instance of data access and processing during the full lifecycle adheres strictly to contract terms. This creates a closed loop of ex ante prevention and real-time control, stopping violations before they occur. More importantly, TDS adopts a federated governance model that allows medical institutions to retain data locally while enabling secure, cross-site computation – data remains usable but invisible. This respects institutional control, structurally reduces the risks of large-scale leakage from centralised storage, and helps forestall collective data disputes.
Embedding compliance
The integration of TDS with the Technical Standards for Secure Sharing of Health and Medical Data translates abstract legal principles into tangible, enforceable internal risk-control mechanisms. At its core lies the codification of key regulatory requirements, such as data classification, grading, and anonymisation standards, into the standard clauses of TDS digital contracts. For instance, a digital contract may stipulate that data providers must apply the highest level of anonymisation technology recognised by industry norms. The TDS usage-control module then verifies and enforces this requirement automatically. In doing so, compliance obligations shift from being external regulatory constraints to becoming embedded, automated risk-management processes within the system itself, dramatically reducing disputes arising from differing interpretations or inconsistent implementation of standards.
Enabling industry innovation
Within the low-risk, high-trust environment fostered by TDS, innovation across the biopharmaceutical value chain can advance securely and efficiently. In drug development, pharmaceutical companies can access real-world data in full compliance through TDS, with usage permissions and scope precisely set and automatically executed via digital contracts—avoiding legal risks from data misuse or use beyond authorised limits.
For clinical trials, TDS provides an ideal secure data-exchange platform for increasingly complex decentralised trials. It ensures that all operations are fully traceable, responsibilities are clear, and data management-related disputes are considerably reduced. Most notably, by integrating cutting-edge privacy-preserving technologies such as federated learning, TDS allows AI models to train across multiple medical institutions without accessing raw data. This “data stays put, model moves” paradigm satisfies AI’s need for large datasets while maximising privacy protection, effectively mitigating large-scale privacy risks at their technical root.
Addressing the prevalent privacy and security conflicts in the medical data domain, the synergy of TDS and industry standards provides a visionary approach. It signals a fundamental shift, from passive, litigation-driven resolution after the fact to proactive risk prevention combining technology, contracts, and governance.
By embedding legal compliance directly into technical architecture, TDS builds a bridge of trust between data suppliers and users. It not only unlocks the potential of medical data but also lowers the risk of legal conflict – opening a safer, more efficient path toward compliant and sustainable growth in the biopharmaceutical sector.
Jessie Zhang, a senior partner at Wintell & Co. She can be reached by phone at +86 138 1621 3091 or by email at Jessie.zhang@wintell.cn
Wintell & Co
18-19F, Tower 1,
LJZ Financial Holdings Plaza
1788-1800 Century Avenue, Pudong
Shanghai 200122, China
Tel: +86 21 6854 4599
Fax: +86 21 6854 5667
www.wintell.cn
