Published September 29, 2023 | Version v1
Project milestone Open

DataTools4Heart_Milestone2_Clear policy and guidance on pseudonymised and synthetic data processing in the clinical sector.

  • 1. Panetta

Description

Notwithstanding the pivotal importance of the distinction between personal and non-personal data according to the applicable laws, it is extremely burdensome, in most of the cases, to differentiate between these categories. This is because there is no precise indication in the legislation, or by competent regulators, as to what is the correct legal test to apply to correctly categorise data as anonymous or not. Practically, the EU regulatory scenario has so far been affected by a very rigid interpretation of data anonymisation, deriving from an important opinion adopted by the Article 29 Working Party in 2014. Moreover, the different stances taken by national Supervisory Authority have made reliance on anonymisation techniques even more complex to achieve and riskier, since the degree of irreversibility that individual de-identification must achieve so that data can be deemed anonymous varies from a member State to another. In parallel, the requirements to be abided in connection with the processing and even more the reuse of health data for scientific research are not homogeneous at European level, in that every member State is empowered to adopt its own limitations or conditions which apply in addition to or in lieu of the General Data Protection Legislation. DataTools4Heart aims to set, among others, new regulatory standards for ensuring that all types of health data, both in structured and unstructured format, can securely and lawfully undergo a secondary processing for the purpose of medical research in the cardiology sector. For this reason, this report starts with a detailed analysis of the current state-of-the-art regarding pseudonymisation, for then going in-depth into the benefits that can stem from some specific Privacy-Enhancing Technologies, focusing on Federated Learning, Differential Privacy, Secure Multi-Party Computation and, particularly, on Synthetic Data, with a view to overcoming the hurdles that to date prevent the implementation of the European Health Data Space and the progress of the EU Research area. The analysis goes focusing on the legal nature of synthetic data in the light of the Artificial Intelligence Act, and evaluating in detail the promising interpretative evolutions of what constitutes pseudonymous and anonymous data based on the crucial decision issued by the EU General Court in April 2023 in relation to the Case T-557/20. Finally, conclusions are drawn regarding the robustness and the reliability of the innovative solutions put forward in the project, to enhance the protection of personal data and patients’ privacy, while achieving strong accountability and enabling a concrete progress of medical research thanks to compliant reuse of health data.

Files

MS2_achieved.pdf

Files (2.4 MB)

Name Size Download all
md5:795743ec775c741a9d025ef3acf62ef7
2.4 MB Preview Download

Additional details

Funding

European Commission
DataTools4Heart – A European Health Data Toolbox for Enhancing Cardiology Data Interoperability, Reusability and Privacy 101057849