Recording: Webinar on data sharing in digital healthy ageing projects
You were 70 to attend our webinar on data sharing in digital healthy ageing projects. We hope you find it interesting and that we will keep the conversation going! You could not attend? You want to share what you learnt? You have additional questions? Find your response below!
When profiling needs to be avoided but that large amount of data need to be gathered, one common mistake is to work with different database and thus cumulate data. In a world where users demand sound data protection and minimal use of data, whereas the digital innovation is grounded on extensive and growing data use, NESTORE decided to produce a privacy report and developed an ethical approach based on principles such as legitimate purpose, proportionality and data minimisation.
Yet the implementation of these principles remain challenging. NESTORE worked closely with domain experts and technical partners to minimise the data and the risks associated to the use of those data. We share in this article our main lessons learnt.
Download the recording of our webinar here! [MP4 format]
Our take-away messages
This generation of projects are the first ones to experience the General Data Protection Regulation (GDPR) since its implementation. Here are some suggestions for projects and partners dealing with data protection in research and innovation:
- identify which data is needed
- divide it in categories e.g. basic, sensible, and sensible & important
- design the project’s architecture using the privacy-by-design methodoly
- clarify the access rights to the collected data
- include in the Data Sharing Agreement the “special cases” addressing data sharing and use in the context of Brexit and in Switzerland.
This webinar shared some models available to comply with the latest regulations (see the Data Sharing Agreement of NESTORE or the Joint Controllers Agreement signed in CAPTAIN) but many more can see the light in the next future. NESTORE intends to sustain a pool of proactive consortia on the implementation of the GDPR, serving the European Commission in debating data sharing issues and models in practice; all in all, GDPR should not be considered as a threat, but an opportunity for research.
The most challenging part is to define pseudonymisation and to set up a clear policy for the services on innovation (see the EMPATHIC data flow). Every project team should be reminded that it is not possible to start pilot activities without a data sharing agreement in place. It should ideally be set up since the preparation of the consortium agreement. The coordinator should be in charge of setting up both documents.
Presentations from our three case studies
The NESTORE case study: Data Sharing Agreement and Data Protection Impact Assessment
The CAPTAIN case study: The “GDPR research exception" and the Agile ethical application
The EMPATHIC case study: Data Flow inside and Data Sharing outside the project
Resources to go further
On the occasion of our webinar, we shared the CNIL Privacy Impact Assessment (PIA), a set of documents (PIA methodology, knowledge base, glossary, and case studies) aiming to assess the privacy risks of a processing, the EDPS Guidelines on the concepts of controller, processor and joint controllership under Regulation (EU) 2018/1725, and the ENISA handbook on security of personal data processing.