Big Data lay at the core of the strong data economy that is emerging in Europe. Although both large enterprises and SMEs acknowledge the potential of Big Data in disrupting the market and business models, this is not reflected in the growth of the data economy. The lack of trusted, secure, ethical-driven personal data platforms and privacy-aware analytics, hinders the growth of the data economy and creates concerns. The main considerations are related to the secure sharing of personal and proprietary/industrial data, and the definition of a fair remuneration mechanism that will be able to capture, produce, release and cash out the value of data, always for the benefit of all the involved stakeholders. This webinar will focus on how such concerns that pertain to privacy, ethics and intellectual property rights can be tackled, by allowing individuals to take ownership and control of their data and share them at will, through flexible data sharing and fair compensation schemes with other entities (companies or not), as researched by the DataVaults project.

1. DataVaults is a project co-funded by the Horizon 2020 Program of the
European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755
and is contributing to the BDV-PPP of the European Commission.
GDPR and Data Ethics considerations
in Personal Data Sharing
Marina Da Bormida (ETA), 11 December 2020, BDVe
Webinar
11/12/2020 1

2. DataVaults is a project co-funded by the Horizon 2020 Program of the
European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755
and is contributing to the BDV-PPP of the European Commission.
GDPR implications and ethics issues in the DataVaults
Workplan
T2.1 "Personal
Data Management
and GDPR
Challenges"
Technical WPs:
WP3, WP4, WP5
WP6 “Multi-Layer
Demonstrators
Setup, Operation
and Business Value
Exploration”
T9.3 “Ethics
Requirements
and Project Data
Management”
WP10 "Ethics
Requirements"
11/12/2020 2

3. DataVaults is a project co-funded by the Horizon 2020 Program of the
European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755
and is contributing to the BDV-PPP of the European Commission.
Legal and Ethical Reference Framework – first
insights
Privacy and Data Protection Law
Human Rights Law
Ethics and Soft Law
• Flexible nature
• European Courts’ case law, EC’s Communications, BDVA Position Papers, Opinion of the European Data
Protection Supervisor, Art. 29 Working Party,…
National Data Protection Legislation
• Greek Law (Demonstrator #1& 2)
• Belgian Law (Demonstrator #3)
• Spanish Law (Demonstrator #4)
• Italian Law (Demonstrator #5)
11/12/2020 3

4. DataVaults is a project co-funded by the Horizon 2020 Program of the
European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755
and is contributing to the BDV-PPP of the European Commission.
Legal and Ethical Reference Framework – wider
perspective
E-Privacy Law (Directive and Regulation Proposal)
Free-flow of non-personal data Regulation
IT Security Law, Cybersecurity Act, EU-encryption framework, Network and Information System Directive (NIS)
Competition Law and Consumer welfare Framework
Law on Trust Services, Identification, Authentication (potential impact of eIDAS Directive)
Data Governance Act
Contract Law
Advancement of Ethics and soft law
11/12/2020 4

5. DataVaults is a project co-funded by the Horizon 2020 Program of the
European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755
and is contributing to the BDV-PPP of the European Commission.
Citizen-centric vision
• Citizens’ perspective as a transversal topic key to DataVaults technology
• Operationalisation of the Ethics, Fairness & Privacy-and-Security-by-Design-and-by-Default
Approach
• Trust Building: as the ethical foundation of DataVaults (acceptance, sustainaiblity)
• Contribution to the higher level goal to grow the data economy and the amounts of personal
data available
• Alignment with EU vision (EU strategy for data, personal data spaces, «Ethics Guidelines for
Trustworthy AI», Data Governance Act, etc.) and strategic initiatives/movements (Smart Cities
Marketplace, EU customers association, etc.)
11/12/2020 5

6. DataVaults is a project co-funded by the Horizon 2020 Program of the
European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755
and is contributing to the BDV-PPP of the European Commission.
Ethics, Fairness & Privacy-and-Security-by-Design-and-by-
Default Approach
Ethics & Fairness
• Loyalty and good faith in the
whole data lifecycle
• Avoiding to process in a way that is
unduly detrimental, unexpected or
misleading to the individuals or
that could have adverse impact on
them
• Pre-requisite to ensure individuals’
real control over their data
• Procedural dimension and
substantive dimension
• Equal opportunities avoiding
unjustified impairment in the
freedom of choice
Sharing the Wealth
• Win-win data sharing ecosystem
towards contributing to unlock the
social value of personal data
beyond user consent: human
empowerment and flourishing,
common good of society,
businesses’ interests
• Case-by-case balance between
competing interests
• Alignment with social needs and
expectations (public trust,
DataVaults Technology’s uptake).
Privacy and Security -by-Design-and-
by-Default approach enriched with
the Protection Goals Method
• CIA Triad (Confidentiality, Integrity,
Availability) plus Privacy Protection
goals (unlinkability, transparency
and intervenability)
• Fundamental rights perspective
• Privacy principles into the design
process of data processing systems
since the very beginning (7
principles, Cavoukian)
• strictest privacy settings should
apply by default, without any
manual input from the end user
• risk-based approach
11/12/2020 6

7. DataVaults is a project co-funded by the Horizon 2020 Program of the
European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755
and is contributing to the BDV-PPP of the European Commission.
Legal and Ethical Requirements
• Requirements for the design, development and validation of DataVaults platform and
Personal App and, to some extent, for their future operation
• Initial elicitation
• Different nature (clearly indicated): binding or preferable/recommendation
• Methodology for requirement elicitation
• Legal survey + DoA-driven factual description of the technology
• Systematic and holistic approach, driven by Ethics, Fairness & Privacy-and-Security-by-
Design-and-by-Default Approach
• 30 Legal and Ethical Requirements (table format)
• Guidelines, recommendations and insights for their implementation
11/12/2020 7

8. DataVaults is a project co-funded by the Horizon 2020 Program of the
European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755
and is contributing to the BDV-PPP of the European Commission.
Legal and Ethical Requirements and their
operationalization process (ongoing). Some examples
ER: Risk-based approach
• Measures adetuate to the risks to data protection related to data processing considering the particular
likelihood and severity of each risk for freedoms and rights of individuals
• GDPR, Recital 75, 76
• Objective assessment of the risk by which to establish if a data processing operation is risky or highly risky
• DataVaults Supporting tool: Privacy Metrics Dashboard
• Operation “Sharing Risk Information” (MVP) for raising the awareness of the Individuals on the privacy
exposure impact of sharing data assets
• The dashboard displays current and projected risk estimations calculated based on the data assets already
shared, the data to be shared (if a sharing configuration is under design).
• Calculation of Risk Exposure Metrics considering all sharing aspects (anonymisation level, discoverability)
and the information provided by the nature of the data itself
• Notification to individuals of their risk exposure / updates
• High-value, powerful accountability tool for the fulfilment of the informed consent and user control
11/12/2020 8

9. DataVaults is a project co-funded by the Horizon 2020 Program of the
European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755
and is contributing to the BDV-PPP of the European Commission.
Legal and Ethical Requirements and their
operationalization process (ongoing). Some examples
ER: Informed Consent
• Informed, explicit and freely given: criteria for legitimating data processing
• EDPS Opinion 7/2015 (challenges of consent in Big Data environments)
• Consent and withdraw through the same kind of service-specific user interface (avoiding undue effort and
without detriment)
• Automated procedures for obtaining informed consent in user-friendly manner
• Need to avoid “consent-fatigue”
• Layered approach to be explored (Article 29 Working Party): general consent during the installation of
DataVaults personal data app plus additional consent before each data sharing operations
• “Granularity” of the consent, capable of providing distinct consent options for distinct processing operations.
• Attention to special categories of data
• Challenges given by the possible multiple purposes of data collection and processing
• DataVaults Supporting tool within the Personal App
11/12/2020 9

10. DataVaults is a project co-funded by the Horizon 2020 Program of the
European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755
and is contributing to the BDV-PPP of the European Commission.
Legal and Ethical Requirements and their
operationalization process (ongoing). Some examples
ER: User-and-Data-protection-friendly User Interface
• Facilitate as much as possible the user control features
• Attention to sensitive information (Art. 9 GDPR): filtering sensitive data for consent requests
• Challenges:
1.managing consent in a fine-grained way (including, for instance, partial granting or withdrawal of consent)
2.easy management of the own data and exercise data subject’s rights (for instance for adding, deleting and
rectifying personal data)
3.switching back and forth between different consent modalities (such as always requiring explicit consent for
personal data sharing in some situations and opting for convenient assumption of implicit consent in other)
4.ensuring data portability and exporting the own personal information
• DataVaults Supporting tool within the Personal App
11/12/2020 10

11. DataVaults is a project co-funded by the Horizon 2020 Program of the
European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755
and is contributing to the BDV-PPP of the European Commission.
The way forward
Update and enrich the Legal
Survey
Further analysis of DataVaults
technology (D1.3 MVP) and
reference to Pilots’ tools
Update and possible
enrichment of the legal and
ethical requirements (with
guidelines)
Cross-fertilization with the
other WPs towards the
operationalization of Fairness &
Privacy-by-Design-and-by-
Default enriched with the
Protection Goals method
Capturing citizens’ perspective
for identifying main
perceptions, doubts and
concerns, users openness to
use Datavaults (questionnaires
and interviews)
Synergy with key citizen-centric
initiatives
11/12/2020 11

12. DataVaults is a project co-funded by the Horizon 2020 Program of the
European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755
and is contributing to the BDV-PPP of the European Commission.
THANK YOU
Marina Da Bormida (ETA)
m.dabormida@eurolawyer.it
11/12/2020 12