Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

GDPR and Data Ethics considerations in personal data sharing

Big Data lay at the core of the strong data economy that is emerging in Europe. Although both large enterprises and SMEs acknowledge the potential of Big Data in disrupting the market and business models, this is not reflected in the growth of the data economy. The lack of trusted, secure, ethical-driven personal data platforms and privacy-aware analytics, hinders the growth of the data economy and creates concerns. The main considerations are related to the secure sharing of personal and proprietary/industrial data, and the definition of a fair remuneration mechanism that will be able to capture, produce, release and cash out the value of data, always for the benefit of all the involved stakeholders.

This webinar will focus on how such concerns that pertain to privacy, ethics and intellectual property rights can be tackled, by allowing individuals to take ownership and control of their data and share them at will, through flexible data sharing and fair compensation schemes with other entities (companies or not), as researched by the DataVaults project.

  • Sé el primero en comentar

  • Sé el primero en recomendar esto

GDPR and Data Ethics considerations in personal data sharing

  1. 1. DataVaults is a project co-funded by the Horizon 2020 Program of the European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755 and is contributing to the BDV-PPP of the European Commission. GDPR and Data Ethics considerations in Personal Data Sharing Marina Da Bormida (ETA), 11 December 2020, BDVe Webinar 11/12/2020 1
  2. 2. DataVaults is a project co-funded by the Horizon 2020 Program of the European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755 and is contributing to the BDV-PPP of the European Commission. GDPR implications and ethics issues in the DataVaults Workplan T2.1 "Personal Data Management and GDPR Challenges" Technical WPs: WP3, WP4, WP5 WP6 “Multi-Layer Demonstrators Setup, Operation and Business Value Exploration” T9.3 “Ethics Requirements and Project Data Management” WP10 "Ethics Requirements" 11/12/2020 2
  3. 3. DataVaults is a project co-funded by the Horizon 2020 Program of the European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755 and is contributing to the BDV-PPP of the European Commission. Legal and Ethical Reference Framework – first insights Privacy and Data Protection Law Human Rights Law Ethics and Soft Law • Flexible nature • European Courts’ case law, EC’s Communications, BDVA Position Papers, Opinion of the European Data Protection Supervisor, Art. 29 Working Party,… National Data Protection Legislation • Greek Law (Demonstrator #1& 2) • Belgian Law (Demonstrator #3) • Spanish Law (Demonstrator #4) • Italian Law (Demonstrator #5) 11/12/2020 3
  4. 4. DataVaults is a project co-funded by the Horizon 2020 Program of the European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755 and is contributing to the BDV-PPP of the European Commission. Legal and Ethical Reference Framework – wider perspective E-Privacy Law (Directive and Regulation Proposal) Free-flow of non-personal data Regulation IT Security Law, Cybersecurity Act, EU-encryption framework, Network and Information System Directive (NIS) Competition Law and Consumer welfare Framework Law on Trust Services, Identification, Authentication (potential impact of eIDAS Directive) Data Governance Act Contract Law Advancement of Ethics and soft law 11/12/2020 4
  5. 5. DataVaults is a project co-funded by the Horizon 2020 Program of the European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755 and is contributing to the BDV-PPP of the European Commission. Citizen-centric vision • Citizens’ perspective as a transversal topic key to DataVaults technology • Operationalisation of the Ethics, Fairness & Privacy-and-Security-by-Design-and-by-Default Approach • Trust Building: as the ethical foundation of DataVaults (acceptance, sustainaiblity) • Contribution to the higher level goal to grow the data economy and the amounts of personal data available • Alignment with EU vision (EU strategy for data, personal data spaces, «Ethics Guidelines for Trustworthy AI», Data Governance Act, etc.) and strategic initiatives/movements (Smart Cities Marketplace, EU customers association, etc.) 11/12/2020 5
  6. 6. DataVaults is a project co-funded by the Horizon 2020 Program of the European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755 and is contributing to the BDV-PPP of the European Commission. Ethics, Fairness & Privacy-and-Security-by-Design-and-by- Default Approach Ethics & Fairness • Loyalty and good faith in the whole data lifecycle • Avoiding to process in a way that is unduly detrimental, unexpected or misleading to the individuals or that could have adverse impact on them • Pre-requisite to ensure individuals’ real control over their data • Procedural dimension and substantive dimension • Equal opportunities avoiding unjustified impairment in the freedom of choice Sharing the Wealth • Win-win data sharing ecosystem towards contributing to unlock the social value of personal data beyond user consent: human empowerment and flourishing, common good of society, businesses’ interests • Case-by-case balance between competing interests • Alignment with social needs and expectations (public trust, DataVaults Technology’s uptake). Privacy and Security -by-Design-and- by-Default approach enriched with the Protection Goals Method • CIA Triad (Confidentiality, Integrity, Availability) plus Privacy Protection goals (unlinkability, transparency and intervenability) • Fundamental rights perspective • Privacy principles into the design process of data processing systems since the very beginning (7 principles, Cavoukian) • strictest privacy settings should apply by default, without any manual input from the end user • risk-based approach 11/12/2020 6
  7. 7. DataVaults is a project co-funded by the Horizon 2020 Program of the European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755 and is contributing to the BDV-PPP of the European Commission. Legal and Ethical Requirements • Requirements for the design, development and validation of DataVaults platform and Personal App and, to some extent, for their future operation • Initial elicitation • Different nature (clearly indicated): binding or preferable/recommendation • Methodology for requirement elicitation • Legal survey + DoA-driven factual description of the technology • Systematic and holistic approach, driven by Ethics, Fairness & Privacy-and-Security-by- Design-and-by-Default Approach • 30 Legal and Ethical Requirements (table format) • Guidelines, recommendations and insights for their implementation 11/12/2020 7
  8. 8. DataVaults is a project co-funded by the Horizon 2020 Program of the European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755 and is contributing to the BDV-PPP of the European Commission. Legal and Ethical Requirements and their operationalization process (ongoing). Some examples ER: Risk-based approach • Measures adetuate to the risks to data protection related to data processing considering the particular likelihood and severity of each risk for freedoms and rights of individuals • GDPR, Recital 75, 76 • Objective assessment of the risk by which to establish if a data processing operation is risky or highly risky • DataVaults Supporting tool: Privacy Metrics Dashboard • Operation “Sharing Risk Information” (MVP) for raising the awareness of the Individuals on the privacy exposure impact of sharing data assets • The dashboard displays current and projected risk estimations calculated based on the data assets already shared, the data to be shared (if a sharing configuration is under design). • Calculation of Risk Exposure Metrics considering all sharing aspects (anonymisation level, discoverability) and the information provided by the nature of the data itself • Notification to individuals of their risk exposure / updates • High-value, powerful accountability tool for the fulfilment of the informed consent and user control 11/12/2020 8
  9. 9. DataVaults is a project co-funded by the Horizon 2020 Program of the European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755 and is contributing to the BDV-PPP of the European Commission. Legal and Ethical Requirements and their operationalization process (ongoing). Some examples ER: Informed Consent • Informed, explicit and freely given: criteria for legitimating data processing • EDPS Opinion 7/2015 (challenges of consent in Big Data environments) • Consent and withdraw through the same kind of service-specific user interface (avoiding undue effort and without detriment) • Automated procedures for obtaining informed consent in user-friendly manner • Need to avoid “consent-fatigue” • Layered approach to be explored (Article 29 Working Party): general consent during the installation of DataVaults personal data app plus additional consent before each data sharing operations • “Granularity” of the consent, capable of providing distinct consent options for distinct processing operations. • Attention to special categories of data • Challenges given by the possible multiple purposes of data collection and processing • DataVaults Supporting tool within the Personal App 11/12/2020 9
  10. 10. DataVaults is a project co-funded by the Horizon 2020 Program of the European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755 and is contributing to the BDV-PPP of the European Commission. Legal and Ethical Requirements and their operationalization process (ongoing). Some examples ER: User-and-Data-protection-friendly User Interface • Facilitate as much as possible the user control features • Attention to sensitive information (Art. 9 GDPR): filtering sensitive data for consent requests • Challenges: 1.managing consent in a fine-grained way (including, for instance, partial granting or withdrawal of consent) 2.easy management of the own data and exercise data subject’s rights (for instance for adding, deleting and rectifying personal data) 3.switching back and forth between different consent modalities (such as always requiring explicit consent for personal data sharing in some situations and opting for convenient assumption of implicit consent in other) 4.ensuring data portability and exporting the own personal information • DataVaults Supporting tool within the Personal App 11/12/2020 10
  11. 11. DataVaults is a project co-funded by the Horizon 2020 Program of the European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755 and is contributing to the BDV-PPP of the European Commission. The way forward Update and enrich the Legal Survey Further analysis of DataVaults technology (D1.3 MVP) and reference to Pilots’ tools Update and possible enrichment of the legal and ethical requirements (with guidelines) Cross-fertilization with the other WPs towards the operationalization of Fairness & Privacy-by-Design-and-by- Default enriched with the Protection Goals method Capturing citizens’ perspective for identifying main perceptions, doubts and concerns, users openness to use Datavaults (questionnaires and interviews) Synergy with key citizen-centric initiatives 11/12/2020 11
  12. 12. DataVaults is a project co-funded by the Horizon 2020 Program of the European Union (H2020-ICT-2019-2) under Grant Agreement No. 871755 and is contributing to the BDV-PPP of the European Commission. THANK YOU Marina Da Bormida (ETA) m.dabormida@eurolawyer.it 11/12/2020 12

×