Marlon Domingus, profile picture
Uploaded byMarlon Domingus
PPTX, PDF406 views

Privacy and Data Protection in Research

The document outlines a summer school itinerary focused on privacy and data protection in research, exploring rights and responsibilities, GDPR principles, and privacy-enhancing technologies. Key topics include the balance between researchers' interests and individual privacy rights, data protection impact assessments, and cross-border data transfer methods. It emphasizes the importance of compliance with legal standards while promoting ethical research practices.

Embed presentation

Downloaded 14 times
Privacy & Data Protection in Research Summerschool 9-12 July 2017 Erasmus MC July 12 2017 Marlon Domingus
Itinerary •rights and responsibilities •privacy by design strategies •privacy principles •privacy enhancing technologies (PETs) •big data concerns •private, shared and public - boundary transitions •data protection impact assessment (DPIA) •cross border data transfers •derogations for research 2
The General Data Protection Regulation & (Big Data) Research July 12 2017 Marlon Domingus
Rights and Responsibilities 4 Source: http://www.privacy-regulation.eu/en/index.htm
Balancing the legitimate interests of the researcher and the privacy rights of the individual Source: Brendan Van Alsenoy (Belgian Privacy Commission), Balancing the interests of controllers and the rights of the data subject. Brussels Privacy Hub, VUB Brussel, June 30 2017. 5 “The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality.” Recital (4) GDPR “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject […]” Article 6(1)f GDPR
Balancing the legitimate interests of the researcher and the privacy rights of the individual Source: Charter of Fundamental Rights of the European Union (2012/C 326/02). Online: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:12012P/TXT&from=EN . 6 Article 8 - Protection of personal data 1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 3. Compliance with these rules shall be subject to control by an independent authority.
Balancing the legitimate interests of the researcher and the privacy rights of the individual Source: Prof. Dr. Gloria González Fuster: Recent jurisprudence of the European Court of Human Rights and the Court of Justice of the European Union. Brussels Privacy Hub, VUB Brussel, June 30 2017. 7 independent authority individual’s rights legitimate interests
Balancing. Four Steps. 8 1. Legitimate interests of controller or 3rd party • freedom of expression • direct marketing and other forms of advertisement • enforcement of legal claims • prevention of fraud, misuse of services, or money laundering • physical safety, security, IT and network security • whistle-blowing schemes 2. Impact on data subject Actual and potential repercussions • Nature of the data • How the data are processed • Reasonable expectations data subject • Nature of controller vis-à-vis data subject 3. Make provisional balance “Necessary” • Least intrusive means • Reasonably effective • Balance of interests 4. Safeguards Measures to ensure that the data cannot be used to take decisions or other actions with regard to individuals. • anonymisation techniques, aggregation of data • privacy-enhancing technologies, privacy by design • increased transparency • general and unconditional right to opt-out Source: Article 29 Data Protection Working Party. Opinion 06/2014 on the "Notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC". Adopted on 9 April 2014. Online: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp217_en.pdf
Privacy by Design Strategy (‘traditional’) 9 Source: ENISA report (2015): Privacy By Design In Big Data. Online: https://www.enisa.europa.eu/publications/big-data-protection/at_download/fullReport
Privacy by Design Strategy (Big Data) 10 Source: ENISA report (2015): Privacy By Design In Big Data. Online: https://www.enisa.europa.eu/publications/big-data-protection/at_download/fullReport
Privacy Principles 11 1. Consent and choice 2. Purpose legitimacy and specification 3. Collection limitation 4. Data minimisation 5. Use, retention and disclosure limitation 6. Accuracy and quality 7. Openness, transparency and notice 8. Individual participation and access 9. Accountability 10. Information security 11. Privacy compliance Source: Information technology — Security techniques — Privacy framework. ISO/IEC 29100:2011. Online: http://standards.iso.org/ittf/PubliclyAvailableStandards/c045123_ISO_IEC_29100_2011.zip Source: Information technology — Identification of privacy protection requirements pertaining to learning, education and training (LET) — Part 1: Framework and reference model. ISO/IEC 29187-1:2013 Online: http://standards.iso.org/ittf/PubliclyAvailableStandards/c045266_ISO_IEC_29187- 1_2013.zip
Privacy Enhancing Technologies in Big Data 12 Anonymization in big data (and beyond) Utility and privacy Attack models and disclosure risk Anonymization privacy models Anonymization privacy models and big data Anonymization methods Some current weaknesses of anonymization Centralized vs decentralized anonymization for big data Other specific challenges of anonymization in big data Challenges and future research for anonymization in big data Encryption techniques in big data Database encryption Encrypted search Security and accountability controls Granular access control Privacy policy enforcement Accountability and audit mechanisms Data provenance Transparency and access Consent, ownership and control Consent mechanisms Privacy preferences and sticky policies Personal data stores Source: ENISA report (2015): Privacy By Design In Big Data. Online: https://www.enisa.europa.eu/publications/big-data-protection/at_download/fullReport
WP Art 29: Big Data Concerns: 13 - the sheer scale of data collection, tracking and profiling, also taking into account the variety and detail of the data collected and the fact that data are often combined from many different sources; - the security of data, with levels of protection shown to be lagging behind the expansion in volume; - transparency: unless they are provided with sufficient information, individuals will be subject to decisions that they do not understand and have no control over; - inaccuracy, discrimination, exclusion and economic imbalance; - increased possibilities of government surveillance. Source: Article 29 Data Protection Working Party. Opinion 03/2013 on purpose limitation. Adopted on 2 April 2013. Online: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp203_en.pdf
Data Protection Impact Assessment Source: Dr. Paul Quinn and István Böröcz, How to do a PIA – practical session. Brussels Privacy Hub, VUB Brussel, June 27 2017. 14 Addresses: • societal concerns • technical concerns • ethical concerns • legal concerns
Our Research Assessment 1. Is the research project conducted in an international partnership? 2. Is this partnership a public-private collaboration? 3. Is personal data or confidential data used in the research? 4. Will the research project result in information and/or products that will become open access available, or commercially or both? 5. Is an infrastructure required for the processing / analysis / storage of the research data beyond which is available at the EUR workplace? 6. Will the data processing be a manual activity, or is it automated and executed by scripts? IPR, Applicable Law IPR, Valorisation Data Protection, Privacy IPR, Valorisation Research Infra, HPC IPR, Database Law 15
Data Driven Research
Private, Shared and Public - Boundary Transitions 17 Source: Personal website Andrew Treloar. Online: http://andrew.treloar.net/research/diagrams/index.shtml
Cross Border Data Transfers Source: Prof. Christopher Kuner, International Transfers of Personal Data Post-GDPR. Brussels Privacy Hub, VUB Brussel, June 29 2017. 18 Three methods to transfer data internationally: • Adequacy decisions adopted by EC (Art. 45 GDPR). • In the absence of an adequacy decision, appropriate safeguards (data transfer instruments, Art. 46 GDPR), meaning: BCRs; SCCs; approved codes of conduct and certification mechanisms with binding commitments; “ad hoc” contractual clauses authorized by DPAs. • In the absence of an adequacy decision or appropriate safeguards, derogations (Art. 49 GDPR), e.g. consent; performance of a contract; public interest under EU or Member State law; legitimate interests of a controller (with limitations).
Cross Border Data Transfers Source: Prof. Christopher Kuner, International Transfers of Personal Data Post-GDPR. Brussels Privacy Hub, VUB Brussel, June 29 2017. 19
Exemptions or Derogations for Research Source: General Data Protection Regulation. Online: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf 20
Questions? drs. Marlon Domingus Research Services coordinator Community Research Data Management T +31 10 4088006 E researchsupport@eur.nl W https://www.eur.nl/researchmatters/research_data_management/ (services and templates) Stay in touch via: https://www.linkedin.com/in/domingus/ 21
Case July 12 2017 Marlon Domingus
Take Aways July 12 2017 Marlon Domingus
Privacy: infographics Source: EUR Research Matters website. Online: https://www.eur.nl/researchmatters/research_data_management/services/rdm_legal_services/ 24
Privacy: Maturity Model Source:LCRDM.https://www1.edugroepen.nl/sites/RDM_platform/RDM_Blog/Lists/Posts/Post.aspx?ID=12
26 How to use the compass In the core, the four Denscombe principles, serve as a starting point. In the next layer, the aspects related to these principles are listed. In the outer layer, the actions for faculty and/or research support staff are listed. The arrow aligns the principles with the corresponding aspects and actions Thus four quadrants appear, with a focus on the distinct aspects of research integrity. Traditionally ethics committees look at the aspects of the lower left quadrant. How to address the aspects in the rest of the compass? Suggestion: work together with the Data Protection Officer and the Legal Department for a new governing approach to assessing proper academic practices.

More Related Content

PDF
GDPR Demystified
bySPIN Chennai
 
PPTX
Data Privacy: What you need to know about privacy, from compliance to ethics
byAT Internet
 
PPTX
Gdpr presentation
bySudarsan Reddy
 
PPTX
Introduction to GDPR
byPriyab Satoshi
 
PPTX
Privacy & Data Protection
bysp_krishna
 
PPTX
GDPR Introduction and overview
byJane Lambert
 
PDF
GDPR and Security.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPTX
General Data Protection Regulation
byBCC - Solutions for IBM Collaboration Software
 
GDPR Demystified
bySPIN Chennai
 
Data Privacy: What you need to know about privacy, from compliance to ethics
byAT Internet
 
Gdpr presentation
bySudarsan Reddy
 
Introduction to GDPR
byPriyab Satoshi
 
Privacy & Data Protection
bysp_krishna
 
GDPR Introduction and overview
byJane Lambert
 
GDPR and Security.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
General Data Protection Regulation
byBCC - Solutions for IBM Collaboration Software
 

What's hot

PDF
GDPR Basics - General Data Protection Regulation
byVicky Dallas
 
PPTX
General Data Protection Regulations (GDPR): Do you understand it and are you ...
byCvent
 
PDF
Personal Data Protection in Indonesia
byEryk Budi Pratama
 
PDF
What about GDPR?
byMartin Hawksey
 
PDF
LGPD | FASE-1: PREPARAÇÃO | JORNADA DE ADEQUAÇÃO | SGPD - SISTEMA DE GESTÃO ...
byWellington Monaco
 
PDF
Melihat RUU Pelindungan Data Pribadi
byICT Watch
 
PPTX
Cloud and Data Privacy
byMaganathin Veeraragaloo
 
PPS
Introduction to Data Protection and Information Security
byJisc Scotland
 
PPTX
Kebijakan Perlindungan Data Pribadi Melalui RUU PDP
byUnggul Sagena
 
PDF
Common Practice in Data Privacy Program Management
byEryk Budi Pratama
 
PDF
Tietosuoja verkko- ja etäopetuksessa
byHarto Pönkä
 
PPTX
GDPR training
byASL
 
PPTX
Tietosuoja opetuksessa
byHarto Pönkä
 
PPTX
Iso 27001 isms presentation
byMidhun Nirmal
 
PPTX
GDPR Presentation slides
byNaomi Holmes
 
PDF
MDM Best Practices - Konzeption. Entstehung. Betrieb und typische Probleme
byOPITZ CONSULTING Deutschland
 
PPTX
Pemahaman SMKI ISO 27001_2013 dan ISO 27001_2022 New Edition.pptx
byAli Konsultan
 
PDF
Data Protection and Privacy
byVertex Holdings
 
PPTX
PDPA Compliance Preparation
byLawPlus Ltd.
 
PPTX
Open Science, Open Access
byPaola Gargiulo
 
GDPR Basics - General Data Protection Regulation
byVicky Dallas
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
byCvent
 
Personal Data Protection in Indonesia
byEryk Budi Pratama
 
What about GDPR?
byMartin Hawksey
 
LGPD | FASE-1: PREPARAÇÃO | JORNADA DE ADEQUAÇÃO | SGPD - SISTEMA DE GESTÃO ...
byWellington Monaco
 
Melihat RUU Pelindungan Data Pribadi
byICT Watch
 
Cloud and Data Privacy
byMaganathin Veeraragaloo
 
Introduction to Data Protection and Information Security
byJisc Scotland
 
Kebijakan Perlindungan Data Pribadi Melalui RUU PDP
byUnggul Sagena
 
Common Practice in Data Privacy Program Management
byEryk Budi Pratama
 
Tietosuoja verkko- ja etäopetuksessa
byHarto Pönkä
 
GDPR training
byASL
 
Tietosuoja opetuksessa
byHarto Pönkä
 
Iso 27001 isms presentation
byMidhun Nirmal
 
GDPR Presentation slides
byNaomi Holmes
 
MDM Best Practices - Konzeption. Entstehung. Betrieb und typische Probleme
byOPITZ CONSULTING Deutschland
 
Pemahaman SMKI ISO 27001_2013 dan ISO 27001_2022 New Edition.pptx
byAli Konsultan
 
Data Protection and Privacy
byVertex Holdings
 
PDPA Compliance Preparation
byLawPlus Ltd.
 
Open Science, Open Access
byPaola Gargiulo
 

Similar to Privacy and Data Protection in Research

PPTX
An itinerary for FAIR and privacy respecting data-driven innovation and research
byMarlon Domingus
 
PDF
Legal update
byRachel Aldighieri
 
PPTX
20200504_Research Data & the GDPR: How Open is Open?
byOpenAIRE
 
PPTX
20200429_Research Data & the GDPR: How Open is Open? (updated version)
byOpenAIRE
 
DOCX
Ethics and data protection .docx
byelbanglis
 
PPT
GDPR - Thoughts on the EU Data Protection Regulation, Research and Libraries
byLIBER Europe
 
PDF
Esc gdpr oct 2018
byProf. Jacques Folon (Ph.D)
 
PPTX
1º Palestra sobre Proteção de Dados Pessoais
byIBE_USP
 
PPT
Updating the EU Data Protection Directive
byblogzilla
 
PDF
GDPR and Research Data Management
byLondon School of Hygiene and Tropical Medicine
 
PPTX
Privacy issues in data analytics
byshekharkanodia
 
PDF
Impact of GDPR on Canada May 2016 - Presented at IAPP Canada Symposium
byConstantine Karbaliotis
 
PDF
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
byFrancoise Gilbert
 
PPTX
Overview of privacy and data protection considerations for DEVELOP
byTrilateral Research
 
PPTX
GDPR – what does it mean for charities and what you need to consider - Iain P...
bym-hance
 
PDF
[REPORT PREVIEW] GDPR Beyond May 25, 2018
byAltimeter, a Prophet Company
 
PDF
GDPR 11/1/2017
byisc2-hellenic
 
PDF
Administrative and public law seminar
byBrowne Jacobson LLP
 
PPTX
Big data needs big protection
byNoel Hatch
 
PPTX
Wsgr eu data protection briefing march 20 2013 - final
byValentin Korobkov
 
An itinerary for FAIR and privacy respecting data-driven innovation and research
byMarlon Domingus
 
Legal update
byRachel Aldighieri
 
20200504_Research Data & the GDPR: How Open is Open?
byOpenAIRE
 
20200429_Research Data & the GDPR: How Open is Open? (updated version)
byOpenAIRE
 
Ethics and data protection .docx
byelbanglis
 
GDPR - Thoughts on the EU Data Protection Regulation, Research and Libraries
byLIBER Europe
 
Esc gdpr oct 2018
byProf. Jacques Folon (Ph.D)
 
1º Palestra sobre Proteção de Dados Pessoais
byIBE_USP
 
Updating the EU Data Protection Directive
byblogzilla
 
GDPR and Research Data Management
byLondon School of Hygiene and Tropical Medicine
 
Privacy issues in data analytics
byshekharkanodia
 
Impact of GDPR on Canada May 2016 - Presented at IAPP Canada Symposium
byConstantine Karbaliotis
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
byFrancoise Gilbert
 
Overview of privacy and data protection considerations for DEVELOP
byTrilateral Research
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
bym-hance
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
byAltimeter, a Prophet Company
 
GDPR 11/1/2017
byisc2-hellenic
 
Administrative and public law seminar
byBrowne Jacobson LLP
 
Big data needs big protection
byNoel Hatch
 
Wsgr eu data protection briefing march 20 2013 - final
byValentin Korobkov
 

More from Marlon Domingus

PDF
Safeguarding privacy in research design
byMarlon Domingus
 
PDF
The GDPR perspectives: Philosophy
byMarlon Domingus
 
PPTX
Open Science in Research Libraries: Research, Research Integrity and Legal As...
byMarlon Domingus
 
PPTX
VSNU gedragscode voor gebruik van persoonsgegevens in wetenschappelijk onderzoek
byMarlon Domingus
 
PPTX
Research Support @ Erasmus University Rotterdam
byMarlon Domingus
 
PPTX
Towards Privacy by Design. Key issues to unlock science.
byMarlon Domingus
 
PPTX
Responsible research: professionalism and integrity. The practical, legal and...
byMarlon Domingus
 
PPTX
Masterclass Research Support
byMarlon Domingus
 
PPTX
Finding the Law for Sharing Data in Academia
byMarlon Domingus
 
Safeguarding privacy in research design
byMarlon Domingus
 
The GDPR perspectives: Philosophy
byMarlon Domingus
 
Open Science in Research Libraries: Research, Research Integrity and Legal As...
byMarlon Domingus
 
VSNU gedragscode voor gebruik van persoonsgegevens in wetenschappelijk onderzoek
byMarlon Domingus
 
Research Support @ Erasmus University Rotterdam
byMarlon Domingus
 
Towards Privacy by Design. Key issues to unlock science.
byMarlon Domingus
 
Responsible research: professionalism and integrity. The practical, legal and...
byMarlon Domingus
 
Masterclass Research Support
byMarlon Domingus
 
Finding the Law for Sharing Data in Academia
byMarlon Domingus
 

Recently uploaded

PPTX
Agribusiness education, NUS-focused curriculum reform, and youth enterprise d...
byFrancois Stepman
 
PPTX
PANCHAYATI RAJ INSTITUTION nursing .pptx
byPrernajaswal3
 
PDF
Events Portfolio Smart Web Agency - Event Technologist
byRehan Ahmed
 
PDF
Steering Committee meeting Global Forum on Agricultural Research and Innovation
byFrancois Stepman
 
PDF
Generation and Storage Modeling Presentation
byCoalesce
 
PDF
OSMC 2025: Current State of Icinga by Bernd Erk.pdf
byNETWAYS
 
PDF
How to Safely Buy Instagram Accounts in 2026.pdf
byusatrust acc
 
PDF
The Power of Cultural Awareness & Role Modeling
byRichard Dolman
 
PPTX
Patterns of nursing education in india.pptx
byPrernajaswal3
 
PPTX
Bob Stewart Interruptions 12 14 2025.pptx
byFamilyWorshipCenterD
 
PPTX
2025-12-14 Moses 11 (shared slides).pptx
byDale Wells
 
PPTX
Novel Optimization – Evolutionary Algorithms​.pptx
byCoalesce
 
PDF
Bank Negara Indonesia (BNI) Corporate Presentation 1H 2024
bySofiaWENugrahani
 
PPTX
VBYLD 2026 - Template Presentation .pptx_20251212_021639_0000 (1).pptx
byp9745542
 
PDF
OSMC 2025: Building Trustworthy AI: Open Source Monitoring in Action by Samue...
byNETWAYS
 
PDF
Bank Negara Indonesia (BNI) Corporate Presentation 3Q2025
bySofiaWENugrahani
 
PDF
Blueprint to build quality before the code exists - StackConnect Milan 2025
byLudovico Besana
 
PPTX
this document provide the information about lines & angles of class 9th
byanjalichauhan126150
 
PPTX
Tagging is dead, meet their weird cousin Service Groups
bystijn40
 
PDF
Building communication skills of early career researchers
byFrancois Stepman
 
Agribusiness education, NUS-focused curriculum reform, and youth enterprise d...
byFrancois Stepman
 
PANCHAYATI RAJ INSTITUTION nursing .pptx
byPrernajaswal3
 
Events Portfolio Smart Web Agency - Event Technologist
byRehan Ahmed
 
Steering Committee meeting Global Forum on Agricultural Research and Innovation
byFrancois Stepman
 
Generation and Storage Modeling Presentation
byCoalesce
 
OSMC 2025: Current State of Icinga by Bernd Erk.pdf
byNETWAYS
 
How to Safely Buy Instagram Accounts in 2026.pdf
byusatrust acc
 
The Power of Cultural Awareness & Role Modeling
byRichard Dolman
 
Patterns of nursing education in india.pptx
byPrernajaswal3
 
Bob Stewart Interruptions 12 14 2025.pptx
byFamilyWorshipCenterD
 
2025-12-14 Moses 11 (shared slides).pptx
byDale Wells
 
Novel Optimization – Evolutionary Algorithms​.pptx
byCoalesce
 
Bank Negara Indonesia (BNI) Corporate Presentation 1H 2024
bySofiaWENugrahani
 
VBYLD 2026 - Template Presentation .pptx_20251212_021639_0000 (1).pptx
byp9745542
 
OSMC 2025: Building Trustworthy AI: Open Source Monitoring in Action by Samue...
byNETWAYS
 
Bank Negara Indonesia (BNI) Corporate Presentation 3Q2025
bySofiaWENugrahani
 
Blueprint to build quality before the code exists - StackConnect Milan 2025
byLudovico Besana
 
this document provide the information about lines & angles of class 9th
byanjalichauhan126150
 
Tagging is dead, meet their weird cousin Service Groups
bystijn40
 
Building communication skills of early career researchers
byFrancois Stepman
 

Privacy and Data Protection in Research

  • 1.
    Privacy & DataProtection in Research Summerschool 9-12 July 2017 Erasmus MC July 12 2017 Marlon Domingus
  • 2.
    Itinerary •rights and responsibilities •privacyby design strategies •privacy principles •privacy enhancing technologies (PETs) •big data concerns •private, shared and public - boundary transitions •data protection impact assessment (DPIA) •cross border data transfers •derogations for research 2
  • 3.
    The General DataProtection Regulation & (Big Data) Research July 12 2017 Marlon Domingus
  • 4.
    Rights and Responsibilities 4 Source:http://www.privacy-regulation.eu/en/index.htm
  • 5.
    Balancing the legitimateinterests of the researcher and the privacy rights of the individual Source: Brendan Van Alsenoy (Belgian Privacy Commission), Balancing the interests of controllers and the rights of the data subject. Brussels Privacy Hub, VUB Brussel, June 30 2017. 5 “The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality.” Recital (4) GDPR “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject […]” Article 6(1)f GDPR
  • 6.
    Balancing the legitimateinterests of the researcher and the privacy rights of the individual Source: Charter of Fundamental Rights of the European Union (2012/C 326/02). Online: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:12012P/TXT&from=EN . 6 Article 8 - Protection of personal data 1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 3. Compliance with these rules shall be subject to control by an independent authority.
  • 7.
    Balancing the legitimateinterests of the researcher and the privacy rights of the individual Source: Prof. Dr. Gloria González Fuster: Recent jurisprudence of the European Court of Human Rights and the Court of Justice of the European Union. Brussels Privacy Hub, VUB Brussel, June 30 2017. 7 independent authority individual’s rights legitimate interests
  • 8.
    Balancing. Four Steps. 8 1.Legitimate interests of controller or 3rd party • freedom of expression • direct marketing and other forms of advertisement • enforcement of legal claims • prevention of fraud, misuse of services, or money laundering • physical safety, security, IT and network security • whistle-blowing schemes 2. Impact on data subject Actual and potential repercussions • Nature of the data • How the data are processed • Reasonable expectations data subject • Nature of controller vis-à-vis data subject 3. Make provisional balance “Necessary” • Least intrusive means • Reasonably effective • Balance of interests 4. Safeguards Measures to ensure that the data cannot be used to take decisions or other actions with regard to individuals. • anonymisation techniques, aggregation of data • privacy-enhancing technologies, privacy by design • increased transparency • general and unconditional right to opt-out Source: Article 29 Data Protection Working Party. Opinion 06/2014 on the "Notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC". Adopted on 9 April 2014. Online: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp217_en.pdf
  • 9.
    Privacy by DesignStrategy (‘traditional’) 9 Source: ENISA report (2015): Privacy By Design In Big Data. Online: https://www.enisa.europa.eu/publications/big-data-protection/at_download/fullReport
  • 10.
    Privacy by DesignStrategy (Big Data) 10 Source: ENISA report (2015): Privacy By Design In Big Data. Online: https://www.enisa.europa.eu/publications/big-data-protection/at_download/fullReport
  • 11.
    Privacy Principles 11 1. Consentand choice 2. Purpose legitimacy and specification 3. Collection limitation 4. Data minimisation 5. Use, retention and disclosure limitation 6. Accuracy and quality 7. Openness, transparency and notice 8. Individual participation and access 9. Accountability 10. Information security 11. Privacy compliance Source: Information technology — Security techniques — Privacy framework. ISO/IEC 29100:2011. Online: http://standards.iso.org/ittf/PubliclyAvailableStandards/c045123_ISO_IEC_29100_2011.zip Source: Information technology — Identification of privacy protection requirements pertaining to learning, education and training (LET) — Part 1: Framework and reference model. ISO/IEC 29187-1:2013 Online: http://standards.iso.org/ittf/PubliclyAvailableStandards/c045266_ISO_IEC_29187- 1_2013.zip
  • 12.
    Privacy Enhancing Technologiesin Big Data 12 Anonymization in big data (and beyond) Utility and privacy Attack models and disclosure risk Anonymization privacy models Anonymization privacy models and big data Anonymization methods Some current weaknesses of anonymization Centralized vs decentralized anonymization for big data Other specific challenges of anonymization in big data Challenges and future research for anonymization in big data Encryption techniques in big data Database encryption Encrypted search Security and accountability controls Granular access control Privacy policy enforcement Accountability and audit mechanisms Data provenance Transparency and access Consent, ownership and control Consent mechanisms Privacy preferences and sticky policies Personal data stores Source: ENISA report (2015): Privacy By Design In Big Data. Online: https://www.enisa.europa.eu/publications/big-data-protection/at_download/fullReport
  • 13.
    WP Art 29:Big Data Concerns: 13 - the sheer scale of data collection, tracking and profiling, also taking into account the variety and detail of the data collected and the fact that data are often combined from many different sources; - the security of data, with levels of protection shown to be lagging behind the expansion in volume; - transparency: unless they are provided with sufficient information, individuals will be subject to decisions that they do not understand and have no control over; - inaccuracy, discrimination, exclusion and economic imbalance; - increased possibilities of government surveillance. Source: Article 29 Data Protection Working Party. Opinion 03/2013 on purpose limitation. Adopted on 2 April 2013. Online: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp203_en.pdf
  • 14.
    Data Protection ImpactAssessment Source: Dr. Paul Quinn and István Böröcz, How to do a PIA – practical session. Brussels Privacy Hub, VUB Brussel, June 27 2017. 14 Addresses: • societal concerns • technical concerns • ethical concerns • legal concerns
  • 15.
    Our Research Assessment 1.Is the research project conducted in an international partnership? 2. Is this partnership a public-private collaboration? 3. Is personal data or confidential data used in the research? 4. Will the research project result in information and/or products that will become open access available, or commercially or both? 5. Is an infrastructure required for the processing / analysis / storage of the research data beyond which is available at the EUR workplace? 6. Will the data processing be a manual activity, or is it automated and executed by scripts? IPR, Applicable Law IPR, Valorisation Data Protection, Privacy IPR, Valorisation Research Infra, HPC IPR, Database Law 15
  • 16.
  • 17.
    Private, Shared andPublic - Boundary Transitions 17 Source: Personal website Andrew Treloar. Online: http://andrew.treloar.net/research/diagrams/index.shtml
  • 18.
    Cross Border DataTransfers Source: Prof. Christopher Kuner, International Transfers of Personal Data Post-GDPR. Brussels Privacy Hub, VUB Brussel, June 29 2017. 18 Three methods to transfer data internationally: • Adequacy decisions adopted by EC (Art. 45 GDPR). • In the absence of an adequacy decision, appropriate safeguards (data transfer instruments, Art. 46 GDPR), meaning: BCRs; SCCs; approved codes of conduct and certification mechanisms with binding commitments; “ad hoc” contractual clauses authorized by DPAs. • In the absence of an adequacy decision or appropriate safeguards, derogations (Art. 49 GDPR), e.g. consent; performance of a contract; public interest under EU or Member State law; legitimate interests of a controller (with limitations).
  • 19.
    Cross Border DataTransfers Source: Prof. Christopher Kuner, International Transfers of Personal Data Post-GDPR. Brussels Privacy Hub, VUB Brussel, June 29 2017. 19
  • 20.
    Exemptions or Derogationsfor Research Source: General Data Protection Regulation. Online: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf 20
  • 21.
    Questions? drs. Marlon Domingus ResearchServices coordinator Community Research Data Management T +31 10 4088006 E researchsupport@eur.nl W https://www.eur.nl/researchmatters/research_data_management/ (services and templates) Stay in touch via: https://www.linkedin.com/in/domingus/ 21
  • 22.
  • 23.
    Take Aways July 122017 Marlon Domingus
  • 24.
    Privacy: infographics Source: EURResearch Matters website. Online: https://www.eur.nl/researchmatters/research_data_management/services/rdm_legal_services/ 24
  • 25.
  • 26.
    26 How to usethe compass In the core, the four Denscombe principles, serve as a starting point. In the next layer, the aspects related to these principles are listed. In the outer layer, the actions for faculty and/or research support staff are listed. The arrow aligns the principles with the corresponding aspects and actions Thus four quadrants appear, with a focus on the distinct aspects of research integrity. Traditionally ethics committees look at the aspects of the lower left quadrant. How to address the aspects in the rest of the compass? Suggestion: work together with the Data Protection Officer and the Legal Department for a new governing approach to assessing proper academic practices.