Health data processing fields face ethical and legal problems regarding fundamental rights. As we know, patients can benefit in the Digital Era from having health or medical information available, and medical decisions can be more effective with a better understanding of clinical histories, medical and health data thanks to the development of Artificial Intelligence, Internet of Things and other Digital technologies. However, at the same time, we need to guarantee fundamental rights, including privacy ones. The complaint about ethical and legal requirements – including constitutional ones – is particularly relevant in the processing of health data. This paper is focused on the problem of the consent required to the processing of health data and the exceptions established in the new European Union General Data Regulation, which cover the processing of this special data -within other aims- for scientific, historical and statistical research as legitimate purposes, which include biomedical research. The conclusion is that these open concepts are problematic both for the protection of privacy rights and for the legal security/certainty of research. On one hand there are several interpretation problems, regarding the processing of health data and the protection of information privacy. On the other hand, professionals must follow the Multilevel legal framework and to guarantee fundamental rights in the processing of health data, so there are also problems of interpretation for researchers. Therefore, we need a clearer legal framework for biomedical research.