Ethical and legal
GUIDANCE ON PSEUDONYMIZED AND SYNTHETIC DATA
DataTools4Heart aims to exploit the full potential of some specific Privacy Enhancing Technologies (PETs) that can enable safe and compliant reuse of health data by medical researchers. Almost all member States exploited the leeway they have been granted in the General Data Protection Regulation (GDPR) to introduce further conditions and limitations about the processing of health data, leading to a totally fragmented scenario and a patchwork of different national rules, to the detriment of the creation of the European Research Area. This wide lack of regulatory homogeneity regarding the reuse and the sharing of health data may concretely prevent the implementation of the European Health Data Space (EHDS). To overcome these hurdles, DataTools4Heart will leverage and provide legal guidance on Federated Learning (also in association with Multi-Party Computation) and differentially private Synthetic Data to ensure data security and minimization and foster a cross-border uniform approach for reusing and exchanging health datasets for medical research, enforcing privacy-by-design.
CODE OF CONDUCT FOR HEALTH DATA REUSE
The General Data Protection Regulation (GDPR) introduced a fundamental tool allowing stakeholders operating in specialized sector to achieve compliance in particularly complex scenarios. Code of Conducts are highly adaptable accountability-enabler which facilitate the effective application of the GDPR, considering the specific characteristics of the processing activities carried out in vertical sectors and the specific needs of relevant players. Clearly, the importance of this kind of tool is even greater for sectors where the gap between the legal framework and the daily reality is wider and cannot be filled in other manners. DataTools4Heart will involve all potential stakeholders (researchers, clinicians, legal and ethics experts, Artificial Intelligence and technical developers, and especially patients and citizens) to get their expectations and views on data reuse in the research field. The final aim of this journey will be transposing the best practices and recommendations assessed during the project into rules of conduct and elective commitments to enhance legal compliance and data security and strengthen patients’ trust in relation to the reuse of their data for research purposes.