Personal Data Protection following the ENISA report
With the European Data Act
[https://ec.europa.eu/commission/presscorner/detail/en/ip_22_1113],
the EU aims to make data more accessible and drive innovation and the
reuse of data by promoting data sharing, including personal data.
However, personal data sharing brings challenges in terms of privacy,
especially in the health sector. To address this issue, the recently
published ENISA Report “Engineering personal data sharing”
[https://www.enisa.europa.eu/publications/engineering-personal-data-sharing]
looks closer at specific use cases on personal data sharing, primarily
in the health sector. It discusses how specific technologies and
considerations of implementation can be used to ensure data
protection.

Health data includes biomedical data, electronic health records and
data generated by individuals from wearable devices. When sharing
health data, it is important that the individual patient is
identifiable for diagnosis and treatment, while being pseudonymised
for third parties. Above all, the patient should be able to control
who has access to their data and for how long, to ensure transparency.

For example, a patient may use a wearable device to monitor blood
pressure and the data will be uploaded to the cloud for storage and
further processing by the patient or other entities, such as doctors.
The main challenge with data protection is how the patient can
selectively share specific generated data with specific parties. A
model of access to this data should look at parameters such as the
entity requesting access and the time frame. One potential solution is
the use of Attributed Based Encryption (ABE). ABE encrypts data with
an ABE public key and can add small pieces of information related to
the data such as year of generation. The ABE encryptions can be then
uploaded to the cloud.  

Nevertheless, there are still considerations on personal data sharing.
For instance, the patient might not know beforehand with whom they
might be sharing data. Furthermore, a switch from the currently used
asymmetric ciphers to ABE needs to be made without significant changes
in the overall process.

In conclusion, advanced techniques for personal data sharing are still
evolving. They can improve open data in the health sector and support
goals such as conducting scientific research for treatments. Do you
want to know more details or learn about other use cases? Read it in
the report
[https://www.enisa.europa.eu/publications/engineering-personal-data-sharing].

Looking to stay tuned for more news and events? Follow us on Twitter
[https://twitter.com/EU_opendata], Facebook
[https://www.facebook.com/data.europa.eu] and LinkedIn
[https://www.linkedin.com/company/publications-office-of-the-european-union/],
or subscribe to our newsletter
[https://data.europa.eu/en/newsletter].

Publication Date/Time
2023-03-03T09:00:00+00:00
Take a closer look at the latest work on how technologies can support
personal data sharing in practice