TSKY: a dependable middleware solution for data privacy using public storage clouds

Dissertação para obtenção do Grau de Mestre em Engenharia Informática

The Feasibility of Applying EU Data Protection Law to Biological Materials: Challenging ‘Data’ as Exclusively Informational

Though controversial the question of applying data protection laws to biological materials has only gotten a little attention in data privacy discourse. This article aims to contribute to this dearth by arguing that despite absence of positive intention from the architects to apply the EU Data privacy law to biological materials, a range of developments in Molecular Biology and nano-technology—usually mediated by advances in ICT—may provide persuasive grounds to do so. In addition, paucity of sufficient explication of key terms like ‘data/information’ in these legislations may fuel such tendency whereby laws originally intended for the informational world may end up applying to the biological world. The article also analyzes various predicaments that may arise from applying data privacy laws to biological materials. A focus is made on legislative sources at the EU level though national laws are relied on when pertinent.

Availability, Data Privacy and Copyrights – Opening Knowledge via Contracts and Pilots

Availability, Data Privacy and Copyrights – Opening Knowledge via Contracts and Pilots, discusses how in Aviisi-project of National Library of Finland, the digital contents, and their availability topics dealt together with pilot organizations

Data privacy in interoperability environments – a case study in the Portuguese healthcare sector

Data sharing between organizations through interoperability initiatives involving multiple information systems is fundamental to promote the collaboration and integration of services. However, in terms of data, the considerable increase in its exposure to additional risks, require a special attention to issues related to privacy of these data. For the Portuguese healthcare sector, where the sharing of health data is, nowadays, a reality at national level, data privacy is a central issue, which needs solutions according to the agreed level of interoperability between organizations. This context led the authors to study the factors with influence on data privacy in a context of interoperability, through a qualitative and interpretative research, based on the method of case study. This article presents the final results of the research that successfully identifies 10 subdomains of factors with influence on data privacy, which should be the basis for the development of a joint protection program, targeted at issues associated with data privacy.

Das Biobankgeheimnis : Schutz der Persönlichkeitsrechte in der biomedizinischen Forschung

Biobanken sind Sammlungen von Körpersubstanzen, die mit umfangreichen gesundheits- und lebensstilbezogenen sowie geneologischen Daten ihrer Spender verknüpft sind. Sie dienen der Erforschung weit verbreiteter Krankheiten. Diese sog. Volkskrankheiten sind multifaktoriell bedingte Krankheiten. Dies bedeutet, dass diese Krankheiten das Ergebnis eines komplizierten Zusammenspiels von umwelt- und verhaltensrelevanten Faktoren mit individuellen genetischen Prädispositionen sind. Forschungen im Bereich von Pharmakogenomik und Pharmakogenetik untersuchen den Einfluss von Genen und Genexpressionen auf die individuelle Wirksamkeit von Medikamenten sowie auf die Entstehung ungewollter Nebenwirkungen und könnten so den Weg zu einer individualisierten Medizin ebnen. Menschliches Material ist ein wichtiger Bestandteil dieser Forschungen und die Nachfrage nach Sammlungen, die Proben mit Daten verknüpfen, steigt. Einerseits sehen Mediziner in Biobanken eine Chance für die Weiterentwicklung der medizinischen Forschung und des Gesundheitswesens. Andererseits lösen Biobanken auch Ängste und Misstrauen aus. Insbesondere wird befürchtet, dass Proben und Daten unkontrolliert verwendet werden und sensible Bereiche des Persönlichkeitsrechts und der persönlichen Identität betroffen sind. Diese Gefahren und Befürchtungen sind nicht neu, sondern bestanden schon in der Vergangenheit bei jeglicher Form der Spende von Körpersubstanzen. Neu ist aber der Umfang an Informationen, der durch die Genanalyse entsteht und den Spender in ganz besonderer Weise betreffen kann. Bei der Speicherung und Nutzung der medizinischen und genetischen Daten ergibt sich somit ein Spannungsfeld insbesondere zwischen dem Recht der betroffenen Datenspender auf informationelle Selbstbestimmung und den Forschungsinteressen der Datennutzer. Im Kern dreht sich die ethisch-rechtliche Bewertung der Biobanken um die Frage, ob diese Forschung zusätzliche Regeln braucht, und falls ja, wie umfassend diese sein müssten. Im Zentrum dieser Diskussion stehen dabei v.a. ethische Fragen im Zusammenhang mit der informierten Einwilligung, dem Datenschutz, der Wiederverwendung von Proben und Daten, der Information der Spender über Forschungsergebnisse und der Nutzungsrechte an den Daten. Ziel dieser Arbeit ist es, vor dem Hintergrund des Verfassungsrechts, insbesondere dem Recht auf informationelle Selbstbestimmung, das Datenschutzrecht im Hinblick auf die Risiken zu untersuchen, die sich aus der Speicherung, Verarbeitung und Kommunikation von persönlichen genetischen Informationen beim Aufbau von Biobanken ergeben. Daraus ergibt sich die weitere Untersuchung, ob und unter welchen Voraussetzungen die sich entgegenstehenden Interessen und Rechte aus verfassungsrechtlichem Blickwinkel in Einklang zu bringen sind. Eine wesentliche Frage lautet, ob die bisherigen rechtlichen Rahmenbedingungen ausreichen, um den Schutz der gespeicherten höchstpersönlichen Daten und zugleich ihre angemessene Nutzung zu gewährleisten. Das Thema ist interdisziplinär im Schnittfeld von Datenschutz, Verfassungsrecht sowie Rechts- und Medizinethik angelegt. Aus dem Inhalt: Naturwissenschaftliche und empirische Grundlagen von Biobanken – Überblick über Biobankprojekte in Europa und im außereuropäischen Ausland – Rechtsgrundlagen für Biobanken - Recht auf informationelle Selbstbestimmung - Recht auf Nichtwissen - Forschungsfreiheit - Qualitätssicherung und Verfahren – informierte Einwilligung – globale Einwilligung - Datenschutzkonzepte - Forschungsgeheimnis –– Biobankgeheimnis - Biobankgesetz

The legality of online Privacy-Enhancing Technologies

L’utilisation d’Internet prend beaucoup d’ampleur depuis quelques années et le commerce électronique connaît une hausse considérable. Nous pouvons présentement acheter facilement via Internet sans quitter notre domicile et avons accès à d’innombrables sources d’information. Cependant, la navigation sur Internet permet également la création de bases de données détaillées décrivant les habitudes de chaque utilisateur, informations ensuite utilisées par des tiers afin de cerner le profil de leur clientèle cible, ce qui inquiète plusieurs intervenants. Les informations concernant un individu peuvent être récoltées par l’interception de données transactionnelles, par l’espionnage en ligne, ainsi que par l’enregistrement d’adresses IP. Afin de résoudre les problèmes de vie privée et de s’assurer que les commerçants respectent la législation applicable en la matière, ainsi que les exigences mises de l’avant par la Commission européenne, plusieurs entreprises comme Zero-knowledge Systems Inc. et Anonymizer.com offrent des logiciels permettant la protection de la vie privée en ligne (privacy-enhancing technologies ou PETs). Ces programmes utilisent le cryptage d’information, une méthode rendant les données illisibles pour tous à l’exception du destinataire. L’objectif de la technologie utilisée a été de créer des systèmes mathématiques rigoureux pouvant empêcher la découverte de l’identité de l’auteur même par le plus déterminé des pirates, diminuant ainsi les risques de vol d’information ou la divulgation accidentelle de données confidentielles. Malgré le fait que ces logiciels de protection de la vie privée permettent un plus grand respect des Directives européennes en la matière, une analyse plus approfondie du sujet témoigne du fait que ces technologies pourraient être contraires aux lois concernant le cryptage en droit canadien, américain et français.

Global Standards: Recent Developments betweend the Poles of Privacy and Cloud Computing

The development of the Internet has made it possible to transfer data ‘around the globe at the click of a mouse’. Especially fresh business models such as cloud computing, the newest driver to illustrate the speed and breadth of the online environment, allow this data to be processed across national borders on a routine basis. A number of factors cause the Internet to blur the lines between public and private space: Firstly, globalization and the outsourcing of economic actors entrain an ever-growing exchange of personal data. Secondly, the security pressure in the name of the legitimate fight against terrorism opens the access to a significant amount of data for an increasing number of public authorities.And finally,the tools of the digital society accompany everyone at each stage of life by leaving permanent individual and borderless traces in both space and time. Therefore, calls from both the public and private sectors for an international legal framework for privacy and data protection have become louder. Companies such as Google and Facebook have also come under continuous pressure from governments and citizens to reform the use of data. Thus, Google was not alone in calling for the creation of ‘global privacystandards’. Efforts are underway to review established privacy foundation documents. There are similar efforts to look at standards in global approaches to privacy and data protection. The last remarkable steps were the Montreux Declaration, in which the privacycommissioners appealed to the United Nations ‘to prepare a binding legal instrument which clearly sets out in detail the rights to data protection and privacy as enforceable human rights’. This appeal was repeated in 2008 at the 30thinternational conference held in Strasbourg, at the 31stconference 2009 in Madrid and in 2010 at the 32ndconference in Jerusalem. In a globalized world, free data flow has become an everyday need. Thus, the aim of global harmonization should be that it doesn’t make any difference for data users or data subjects whether data processing takes place in one or in several countries. Concern has been expressed that data users might seek to avoid privacy controls by moving their operations to countries which have lower standards in their privacy laws or no such laws at all. To control that risk, some countries have implemented special controls into their domestic law. Again, such controls may interfere with the need for free international data flow. A formula has to be found to make sure that privacy at the international level does not prejudice this principle.

An E-government Interoperability Platform Supporting Personal Data Protection Regulations

Public agencies are increasingly required to collaborate with each other in order to provide high-quality e-government services. This collaboration is usually based on the service-oriented approach and supported by interoperability platforms. Such platforms are specialized middleware-based infrastructures enabling the provision, discovery and invocation of interoperable software services. In turn, given that personal data handled by governments are often very sensitive, most governments have developed some sort of legislation focusing on data protection. This paper proposes solutions for monitoring and enforcing data protection laws within an E-government Interoperability Platform. In particular, the proposal addresses requirements posed by the Uruguayan Data Protection Law and the Uruguayan E-government Platform, although it can also be applied in similar scenarios. The solutions are based on well-known integration mechanisms (e.g. Enterprise Service Bus) as well as recognized security standards (e.g. eXtensible Access Control Markup Language) and were completely prototyped leveraging the SwitchYard ESB product.

Privacy in data publishing for tailored recommendation scenarios

Personal information is increasingly gathered and used for providing services tailored to user preferences, but the datasets used to provide such functionality can represent serious privacy threats if not appropriately protected. Work in privacy-preserving data publishing targeted privacy guarantees that protect against record re-identification, by making records indistinguishable, or sensitive attribute value disclosure, by introducing diversity or noise in the sensitive values. However, most approaches fail in the high-dimensional case, and the ones that don’t introduce a utility cost incompatible with tailored recommendation scenarios. This paper aims at a sensible trade-off between privacy and the benefits of tailored recommendations, in the context of privacy-preserving data publishing. We empirically demonstrate that significant privacy improvements can be achieved at a utility cost compatible with tailored recommendation scenarios, using a simple partition-based sanitization method.

Secure and Privacy-aware Data Collection and Processing in Mobile Health Systems

Healthcare systems have assimilated information and communication technologies in order to improve the quality of healthcare and patient's experience at reduced costs. The increasing digitalization of people's health information raises however new threats regarding information security and privacy. Accidental or deliberate data breaches of health data may lead to societal pressures, embarrassment and discrimination. Information security and privacy are paramount to achieve high quality healthcare services, and further, to not harm individuals when providing care. With that in mind, we give special attention to the category of Mobile Health (mHealth) systems. That is, the use of mobile devices (e.g., mobile phones, sensors, PDAs) to support medical and public health. Such systems, have been particularly successful in developing countries, taking advantage of the flourishing mobile market and the need to expand the coverage of primary healthcare programs. Many mHealth initiatives, however, fail to address security and privacy issues. This, coupled with the lack of specific legislation for privacy and data protection in these countries, increases the risk of harm to individuals. The overall objective of this thesis is to enhance knowledge regarding the design of security and privacy technologies for mHealth systems. In particular, we deal with mHealth Data Collection Systems (MDCSs), which consists of mobile devices for collecting and reporting health-related data, replacing paper-based approaches for health surveys and surveillance. This thesis consists of publications contributing to mHealth security and privacy in various ways: with a comprehensive literature review about mHealth in Brazil; with the design of a security framework for MDCSs (SecourHealth); with the design of a MDCS (GeoHealth); with the design of Privacy Impact Assessment template for MDCSs; and with the study of ontology-based obfuscation and anonymisation functions for health data.