Published August 21, 2025
| Version v2
Conference paper
Open
Development of a Modular Automated Software System for Data Trust Centers
Authors/Creators
Contributors
Editor (2):
- 1. Nationale Forschungsdateninfrastruktur (NFDI) e.V.
- 2. University of Amsterdam
Description
Data trust centers facilitate the legally secure, confidential exchange of sensitive data between data providers and data users. They implement strict protocols and governance structures to safeguard privacy and compliance, making them essential in sectors like healthcare, finance, and research. However, most data trust centers still rely on manual processes involving complex organizational, legal, and technical aspects, which can hinder efficiency and scalability. The automation of these processes offers numerous advantages, including increased speed and efficiency of workflows through standardization, a lower need for specialists, and enhanced scalability to handle growing data volumes. A critical challenge for data trust centers lies in ensuring the nonidentifiability of data. While some anonymization methods, such as simple anonymization of identifying attributes, are used, there are no widely accepted standards or best practices for ensuring that data remains nonidentifiable in a robust and reliable way. Verifying the nonidentifiability of data currently requires time-consuming manual work, and the available software tools for setting thresholds for nonidentifiability factors like k-Anonymity, l-Diversity, and t-Closeness are often difficult to integrate into the existing workflows of data trust centers. This increases the operational workload of these centers, slowing down data exchange and increasing the risk of non-compliance. To address these challenges, our goal is to develop a modular, web-based, open-source software system (1) that minimizes manual work in data trust centers by automating time-consuming processes such as ensuring nonidentifiability, consent management, record linkage, and the management of data access rights and permissions. The users will be able to activate the desired modules according to their needs. The system will be designed to seamlessly integrate with existing infrastructures and workflows in data trust centers, improving operational efficiency and compliance while reducing the workload of specialized personnel. In this endeavor, we are building on existing software platforms such as gICS, gPAS, E-PIX and ARX, which provide foundational capabilities for data privacy and governance. As part of our development process, we conducted a thorough requirement analysis through a questionnaire completed by 14 data trust centers, ensuring that the software system aligns with the diverse needs of these institutions. Moreover, we are aiming to establish best practices and standards for ensuring the nonidentifiability of personal data, based on insights from a comprehensive literature review. This literature review will also contribute to the development of a unified framework for data anonymization, guiding data trust centers in adopting effective techniques for nonidentifiability. Beyond improving the efficiency of data exchange workflows, the development of this software system aims to promote transparency and trust within data trust centers. By providing quality standards and facilitating the automation of key processes, this system will enable faster integration of new processes and technologies, allowing data trust centers to better adapt to the evolving landscape of data privacy and security. Ultimately, the system aims to foster greater trust among stakeholders by ensuring the confidentiality, integrity, and nonidentifiability of shared data, thus strengthening the role of data trust centers as trusted intermediaries in the digital economy.
Files
2025-08-26_CoRDI_Abstract_updated.pdf
Files
(794.8 kB)
| Name | Size | Download all |
|---|---|---|
|
md5:2f7fc6f5789832940813c1af602f606c
|
794.8 kB | Preview Download |