Personal Data Protection following the ENISA report
With the European Data Act, the EU aims to make data more accessible and drive innovation and the reuse of data by promoting data sharing, including personal data. However, personal data sharing brings challenges in terms of privacy, especially in the health sector. To address this issue, the recently published ENISA Report “Engineering personal data sharing” looks closer at specific use cases on personal data sharing, primarily in the health sector. It discusses how specific technologies and considerations of implementation can be used to ensure data protection.
Health data includes biomedical data, electronic health records and data generated by individuals from wearable devices. When sharing health data, it is important that the individual patient is identifiable for diagnosis and treatment, while being pseudonymised for third parties. Above all, the patient should be able to control who has access to their data and for how long, to ensure transparency.
For example, a patient may use a wearable device to monitor blood pressure and the data will be uploaded to the cloud for storage and further processing by the patient or other entities, such as doctors. The main challenge with data protection is how the patient can selectively share specific generated data with specific parties. A model of access to this data should look at parameters such as the entity requesting access and the time frame. One potential solution is the use of Attributed Based Encryption (ABE). ABE encrypts data with an ABE public key and can add small pieces of information related to the data such as year of generation. The ABE encryptions can be then uploaded to the cloud.
Nevertheless, there are still considerations on personal data sharing. For instance, the patient might not know beforehand with whom they might be sharing data. Furthermore, a switch from the currently used asymmetric ciphers to ABE needs to be made without significant changes in the overall process.
In conclusion, advanced techniques for personal data sharing are still evolving. They can improve open data in the health sector and support goals such as conducting scientific research for treatments. Do you want to know more details or learn about other use cases? Read it in the report.