Routes for breaching and protecting genetic privacy

We are entering the era of ubiquitous genetic information for research, clinical care, and personal curiosity. Sharing these datasets is vital for rapid progress in understanding the genetic basis of human diseases. However, one growing concern is the ability to protect the genetic privacy of the data originators. Here, we technically map threats to genetic privacy and discuss potential mitigation strategies for privacy-preserving dissemination of genetic data.Comment: Draft for comment

Pseudonymisation in the context of GDPR-compliant medical research

Pseudonymisation is a data protection technique often used to protect the privacy of individuals when their personal data are being used for research purposes. Not only is it a key ingredient of the General Data Protection Regulation (GDPR) that requires organisations to ensure that the personal data they process is handled in a secure manner, but it is particularly important in assisting medical research given that often relies on sensitive personal data, since it reduces the risk that medical data could be misused or mishandled. For managing their medical data, it is important to ensure that such data are protected against unauthorised access, and can be reutilised in an anonymous fashion, while still authorised personnel is able to identify the study participant that some data belong to (e.g., for personalised interventions, technical alerts, technical support). In addition, the re-identification of a study participant is a pre-requisite for exercising their rights under the GDPR, since it assists organisations in meeting GDPR requirements (such as the right to access, rectify and portability of data). We argue that the application of pseudonymisation is particularly effective when considered during the early stages (Privacy by Design) of digital services implementation, as well as when defining the complementary to these organizational procedures. Aim of this paper is to present the way in which the pseudonymisation mechanism of the SMART BEAR H2020 project supports the triptych of research activities conducted within the context of an observational medical study, legal obligations arising from the regulatory framework for the protection of personal data, and reutilisation of data for research purposes. Evidence-based security and privacy assessments will be conducted on two different H2020 projects to evaluate such privacy practice

The ethical and legal landscape of brain data governance

Neuroscience research is producing big brain data which informs both advancements in neuroscience research and drives the development of advanced datasets to provide advanced medical solutions. These brain data are produced under different jurisdictions in different formats and are governed under different regulations. The governance of data has become essential and critical resulting in the development of various governance structures to ensure that the quality, availability, findability, accessibility, usability, and utility of data is maintained. Furthermore, data governance is influenced by various ethical and legal principles. However, it is still not clear what ethical and legal principles should be used as a standard or baseline when managing brain data due to varying practices and evolving concepts. Therefore, this study asks what ethical and legal principles shape the current brain data governance landscape? A systematic scoping review and thematic analysis of articles focused on biomedical, neuro and brain data governance was carried out to identify the ethical and legal principles which shape the current brain data governance landscape. The results revealed that there is currently a large variation of how the principles are presented and discussions around the terms are very multidimensional. Some of the principles are still at their infancy and are barely visible. A range of principles emerged during the thematic analysis providing a potential list of principles which can provide a more comprehensive framework for brain data governance and a conceptual expansion of neuroethics

Ethical and Governance Challenges in Population Biobanking: the case of the global Anti-Doping Administration & Management System

This study is an ethical analysis of the governance and regulatory dimensions of biobanking with specific reference to the Anti-Doping Administration Management System (ADAMS) of the global regulator of anti-doping in sports, the World Anti-Doping Agency (WADA). The study focuses on four key ethico-governance issues: (i) consent; (ii) benefit-sharing; (iii) harmonization of ethics and governance; and (iv) conditions for the secondary research uses of data originally collected for doping control purposes. It is argued that the consent process prior to data collection, storage and analysis is problematic, since athletes may not refuse the request to provide data sought by anti-doping authorities without forfeiting their eligibility to compete. The process requires simultaneous permission for research and testing which creates ambiguity, compounded by the unequal relationship between athletes and WADA. A range of alternative models are explored and a case is made for an approach that combines broad consent with iterative, or ‘reflexive’ governance and stakeholder involvement including education around research. Furthermore, ethical issues remain concerning governance and regulation for population research and use of data more generally between legal jurisdictions and within diverse populations. It is also argued that WADA’s claim to harmonization through its operational methods, regulation and governance, is not sufficiently well-defined outside of specific legal uses and is therefore too blunt a tool for ethical governance in global sport contexts. This thesis proposes reforms to existing WADA processes including consent processes and moves toward more reflexive governance frameworks that allow contextual nuance and iterative development, respecting differing needs within a shared structure. Specific recommendations are made to enhance accountability for potential secondary uses of ADAMS data for research. A distinction is drawn between anti-doping and broader biomedical research in developing ethically justifiable pathways that reduce the potential for coercion and empower athletes as contributors and potential beneficiaries

A conceptualisation of a governance model for biobanks in the digital society

Biobanks are key infrastructures in data-driven biomedical research. The counterpoint of this optimistic vision is the reality of biobank governance, which must address various ethical, legal and social issues, especially in terms of open consent, privacy and secondary uses which, if not sufficiently resolved, may undermine participants’ and society’s trust in biobanking. The effect of the digital paradigm on biomedical research has only accentuated these issues by adding new pressure for the data protection of biobank participants against the risks of covert discrimination, abuse of power against individuals and groups, and critical commercial uses. Moreover, the traditional research-ethics framework has been unable to keep pace with the transformative developments of the digital era, and has proven inadequate in protecting biobank participants and providing guidance for ethical practices. To this must be added the challenge of an increased tendency towards exploitation and the commercialisation of personal data in the field of biomedical research, which may undermine the altruistic and solidaristic values associated with biobank participation and risk losing alignment with societal interests in biobanking. My research critically analyses, from a bioethical perspective, the challenges and the goals of biobank governance in data-driven biomedical research in order to understand the conditions for the implementation of a governance model that can foster biomedical research and innovation, while ensuring adequate protection for biobank participants and an alignment of biobank procedures and policies with society’s interests and expectations. The main outcome is a conceptualisation of a socially-oriented and participatory model of biobanks by proposing a new ethical framework that relies on the principles of transparency, data protection and participation to tackle the key challenges of biobanks in the digital age and that is well-suited to foster these goals

The Ethics of Medical Data Donation

This open access book presents an ethical approach to utilizing personal medical data. It features essays that combine academic argument with practical application of ethical principles. The contributors are experts in ethics and law. They address the challenges in the re-use of medical data of the deceased on a voluntary basis. This pioneering study looks at the many factors involved when individuals and organizations wish to share information for research, policy-making, and humanitarian purposes. Today, it is easy to donate blood or even organs, but it is virtually impossible to donate one’s own medical data. This is seen as ethically unacceptable. Yet, data donation can greatly benefit the welfare of our societies. This collection provides timely interdisciplinary research on biomedical big data. Topics include the ethics of data donation, the legal and regulatory challenges, and the current and future collaborations. Readers will learn about the ethical and regulatory challenges associated with medical data donations. They will also better understand the special nature of using deceased data for research purposes with regard to ethical principles of autonomy, beneficence, and justice. In addition, the contributors identify the key governance issues of such a scheme. The essays also look at what we can learn in terms of best practice from existing medical data schemes

The Ethics of Medical Data Donation

This open access book presents an ethical approach to utilizing personal medical data. It features essays that combine academic argument with practical application of ethical principles. The contributors are experts in ethics and law. They address the challenges in the re-use of medical data of the deceased on a voluntary basis. This pioneering study looks at the many factors involved when individuals and organizations wish to share information for research, policy-making, and humanitarian purposes. Today, it is easy to donate blood or even organs, but it is virtually impossible to donate one’s own medical data. This is seen as ethically unacceptable. Yet, data donation can greatly benefit the welfare of our societies. This collection provides timely interdisciplinary research on biomedical big data. Topics include the ethics of data donation, the legal and regulatory challenges, and the current and future collaborations. Readers will learn about the ethical and regulatory challenges associated with medical data donations. They will also better understand the special nature of using deceased data for research purposes with regard to ethical principles of autonomy, beneficence, and justice. In addition, the contributors identify the key governance issues of such a scheme. The essays also look at what we can learn in terms of best practice from existing medical data schemes

Contributions to the privacy provisioning for federated identity management platforms

Identity information, personal data and user’s profiles are key assets for organizations and companies by becoming the use of identity management (IdM) infrastructures a prerequisite for most companies, since IdM systems allow them to perform their business transactions by sharing information and customizing services for several purposes in more efficient and effective ways. Due to the importance of the identity management paradigm, a lot of work has been done so far resulting in a set of standards and specifications. According to them, under the umbrella of the IdM paradigm a person’s digital identity can be shared, linked and reused across different domains by allowing users simple session management, etc. In this way, users’ information is widely collected and distributed to offer new added value services and to enhance availability. Whereas these new services have a positive impact on users’ life, they also bring privacy problems. To manage users’ personal data, while protecting their privacy, IdM systems are the ideal target where to deploy privacy solutions, since they handle users’ attribute exchange. Nevertheless, current IdM models and specifications do not sufficiently address comprehensive privacy mechanisms or guidelines, which enable users to better control over the use, divulging and revocation of their online identities. These are essential aspects, specially in sensitive environments where incorrect and unsecured management of user’s data may lead to attacks, privacy breaches, identity misuse or frauds. Nowadays there are several approaches to IdM that have benefits and shortcomings, from the privacy perspective. In this thesis, the main goal is contributing to the privacy provisioning for federated identity management platforms. And for this purpose, we propose a generic architecture that extends current federation IdM systems. We have mainly focused our contributions on health care environments, given their particularly sensitive nature. The two main pillars of the proposed architecture, are the introduction of a selective privacy-enhanced user profile management model and flexibility in revocation consent by incorporating an event-based hybrid IdM approach, which enables to replace time constraints and explicit revocation by activating and deactivating authorization rights according to events. The combination of both models enables to deal with both online and offline scenarios, as well as to empower the user role, by letting her to bring together identity information from different sources. Regarding user’s consent revocation, we propose an implicit revocation consent mechanism based on events, that empowers a new concept, the sleepyhead credentials, which is issued only once and would be used any time. Moreover, we integrate this concept in IdM systems supporting a delegation protocol and we contribute with the definition of mathematical model to determine event arrivals to the IdM system and how they are managed to the corresponding entities, as well as its integration with the most widely deployed specification, i.e., Security Assertion Markup Language (SAML). In regard to user profile management, we define a privacy-awareness user profile management model to provide efficient selective information disclosure. With this contribution a service provider would be able to accesses the specific personal information without being able to inspect any other details and keeping user control of her data by controlling who can access. The structure that we consider for the user profile storage is based on extensions of Merkle trees allowing for hash combining that would minimize the need of individual verification of elements along a path. An algorithm for sorting the tree as we envision frequently accessed attributes to be closer to the root (minimizing the access’ time) is also provided. Formal validation of the above mentioned ideas has been carried out through simulations and the development of prototypes. Besides, dissemination activities were performed in projects, journals and conferences.Programa Oficial de Doctorado en Ingeniería TelemáticaPresidente: María Celeste Campo Vázquez.- Secretario: María Francisca Hinarejos Campos.- Vocal: Óscar Esparza Martí