Privacy and Utility of Private Synthetic Data for Medical Data Analyses

The increasing availability and use of sensitive personal data raises a set of issues regarding the privacy of the individuals behind the data. These concerns become even more important when health data are processed, as are considered sensitive (according to most global regulations). Privacy Enhancing Technologies (PETs) attempt to protect the privacy of individuals whilst preserving the utility of data. One of the most popular technologies recently is Differential Privacy (DP), which was used for the 2020 U.S. Census. Another trend is to combine synthetic data generators with DP to create so-called private synthetic data generators. The objective is to preserve statistical properties as accurately as possible, while the generated data should be as different as possible compared to the original data regarding private features. While these technologies seem promising, there is a gap between academic research on DP and synthetic data and the practical application and evaluation of these techniques for real-world use cases. In this paper, we evaluate three different private synthetic data generators (MWEM, DP-CTGAN, and PATE-CTGAN) on their use-case-specific privacy and utility. For the use case, continuous heart rate measurements from different individuals are analyzed. This work shows that private synthetic data generators have tremendous advantages over traditional techniques, but also require in-depth analysis depending on the use case. Furthermore, it can be seen that each technology has different strengths, so there is no clear winner. However, DP-CTGAN often performs slightly better than the other technologies, so it can be recommended for a continuous medical data use case

Sovereign Digital Consent through Privacy Impact Quantification and Dynamic Consent

Digitization is becoming more and more important in the medical sector. Through electronic health records and the growing amount of digital data of patients available, big data research finds an increasing amount of use cases. The rising amount of data and the imposing privacy risks can be overwhelming for patients, so they can have the feeling of being out of control of their data. Several previous studies on digital consent have tried to solve this problem and empower the patient. However, there are no complete solution for the arising questions yet. This paper presents the concept of Sovereign Digital Consent by the combination of a consent privacy impact quantification and a technology for proactive sovereign consent. The privacy impact quantification supports the patient to comprehend the potential risk when sharing the data and considers the personal preferences regarding acceptance for a research project. The proactive dynamic consent implementation provides an implementation for fine granular digital consent, using medical data categorization terminology. This gives patients the ability to control their consent decisions dynamically and is research friendly through the automatic enforcement of the patients’ consent decision. Both technologies are evaluated and implemented in a prototypical application. With the combination of those technologies, a promising step towards patient empowerment through Sovereign Digital Consent can be made

Identity Management and Protection Motivated by the General Data Protection Regulation of the European Union-A Conceptual Framework Based on State-of-the-Art Software Technologies

In times of strongly (personal) data-driven economy, the inception of the European General Data Protection Regulation (GDPR) recently reinforced the call for transparency and informational self-determination—not only due to the penalties for data protection violations becoming significantly more severe. This paper recaps the GDPR articles that should be noticed by software designers and developers and explains how, from the perspective of computer scientists, the summarized requirements can be implemented based on state-of-the-art technologies, such as data provenance tracking, distributed usage control, and remote attestation protocols. For this, the challenges for data controllers, i.e., the service providers, as well as for the data subjects, i.e., the users whose personal data are being processed by the services, are worked out. As a result, this paper proposes the ideal functionality of a next-generation privacy dashboard interacting with data provenance and usage control infrastructure implemented at the service providers to operationalize the legal rights of the data subject granted by the GDPR. Finally, it briefly outlines the options for establishing trust in data provenance tracking and usage control infrastructures operated by the service providers themselves

Steigerung der Akzeptanz von intelligenter Videoüberwachung in öffentlichen Räumen

Der Einsatz intelligenter Videoüberwachung stellt für eine Vielzahl von Überwachungsaufgaben ein probates Mittel dar. Neben der (teil-) automatischen Detektion von Gefährdungen, wie beispielsweise Überfüllung in bestimmten Bereichen oder Stürze von Patienten in Krankenhäusern oder Pflegeheimen, können intelligente Videoüberwachungssysteme wertvolle Zusatzdienste zur Lösung kritischer Situationen beitragen. Während die Leistungsfähigkeit intelligenter Videoüberwachung stetig vorangetrieben wird, steht das Verständnis über die technischen Faktoren der Akzeptanz noch ganz am Anfang. Diese bisher vernachlässigte Forschungsfrage wird in dieser Arbeit aufgegriffen. Ausgehend von der Akzeptanzforschung der Informations- und Kommunikationstechnologie wird ein Akzeptanzmodell für die intelligente Videoüberwachung erstellt. Getrieben durch ein ausgewähltes Szenario, der datenschutzfreundlichen Sturzerkennung, werden akzeptanzsteigernde Technologien entwickelt, in einen Prototyp integriert und evaluiert. Die Arbeit vereint somit theoretische Überlegungen zur Akzeptanz von Videoüberwachung mit deren gezielten Entwicklung

Steigerung der Akzeptanz von intelligenter Videoüberwachung in öffentlichen Räumen

The technical design of security systems has a high impact on its acceptance. To understand the influencing factors, an acceptance model for smart video surveillance is developed. To improve acceptance different technical components are designed and implemented. Lastly they are integrated into a prototype for fall detection in hospital environments and evaluated for the acceptance. The book combined theoretical work on understanding acceptance with practical work into developing new systems

The EU general data protection regulation and its effects on designing assistive environments

On the 25th of May 2018 the EU will start to enforce the General Data Protection Regulation (EU-GDPR)[3]. This new regulation will replace the old Data Protection Act from 1998 and will disrupt common data processing practices. While the new regulation will make it easier to develop systems that comply with data protection laws all over Europe, it will change the way we design technology. With data protection a much more important factor and huge fines for data protection violations, technology vendors will demand systems where data protection was already considered during development. This will force the research community to broaden their perspective and consider how to develop and design systems in a way, that complies with data protection. This paper focuses on some of the more important parts of the GDPR for Assistive Environments. Reading the paper will not solve all your privacy related challenges but will help you to know which questions to ask

Stakeholders and requirements of ABC

This talk will present the activities and the result of the stakeholder interaction and ABC requirements analysis in the EU project FastPass during the first eighteen months. It has been devided into two parts, namely stakeholder interactions and requirements. First, in the requirements interaction the objectives were to identify all stakeholder groups, their respective needs and constraints for ABC leading to the system requirements, their respective meaning for the project and the partners. For this, a stakeholder management system was set up to organize all stakeholder interaction activities, to store the results in a structured, special designed data base and to support the project in the collection of results that have been gathered in interviews, observations and questionairing actions. The system is comparable to a customer relationship system. In addition, stakeholder workshops are carried out to discuss the meaning of the requirements and to steer the project activities for interests of the stakeholder groups. This will also be information for the scenarios for different border types land, sea and air and the project evaluation. Second, the project requirements analysis is presented. The aim of this work was to specify system requirements for the FastPass project, and to establish an efficient and harmonised ABC solution. The requirements were derived from deep analysis of the legal and operational environment and key ABC stakeholder needs analysis. The requirements will serve as a baseline for the whole FastPass analysis, development work and demonstrations in an effort to achieve more efficiency in all processes, harmonization of practices, positive passenger experience, and consistent security levels at different border crossing points. The initial set of requirements was reported at the end of 2013 and will be updated during 2014 by amending the requirements using additional information and feedback from other work packages

Authentisierungs-Stick

Embodiments of the present invention provide a communication adapter for authentication of a user. The communication adapter comprises a receiving unit for receiving encrypted credentials, a decryption unit for decrypting the encrypted credentials and an output unit for outputting the decrypted credentials to a terminal