Developments in medical big data analytics may bring societal benefits but are also challenging privacy and other ethical values. At the same time, an overly restrictive data protection regime can form a serious threat to valuable observational studies. Discussions about whether data privacy or data solidarity should be the foundational value of research policies, have remained unresolved. We add to this debate with an empirically informed ethical analysis. First, experiences with the implementation of the General Data Protection Regulation (GDPR) within a European research consortium demonstrate a gap between the aims of the regulation and its effects in practice. Namely, strictly formalised data protection requirements may cause routinisation among researchers instead of substantive ethical reflection, and may crowd out trust between actors in the health data research ecosystem; while harmonisation across Europe and data sharing between countries is hampered by different interpretations of the law, which partly stem from different views about ethical values. Then, building on these observations, we use theory to argue that the concept of trust provides an escape from the privacy-solidarity debate. Lastly, the paper details three aspects of trust that can help to create a responsible research environment and to mitigate the encountered challenges: trust as multi-agent concept; trust as a rational and democratic value; and trust as method for priority setting. Mutual cooperation in research—among researchers and with data subjects—is grounded in trust, which should be more explicitly recognised in the governance of health data research.