2023, Articolo in rivista, ENG
Valentina Colcelli, Roberto Cippitani
The availability and circulation of data, information, knowledge and materials are essential in all fields of research, but they are particularly important in a period in which it is necessary to tackle a global phenomenon like the COVID- 19 pandemic. Awareness of the importance of the circulation of information derived from data, the European Commission has been elaborating a strategy for the circula- tion and sharing of personal and non-personal data. The European strategy needs the data to circulate and be shared in the economic, academic, and social environments. To achieve those objectives, EU documents use the metaphor of building a 'European Data Area', that is to say, legal, economic, and cultural frameworks governed at the continental and national levels, such as European Research Area ('ERA', see Article 179 TFEU) and the proposed European Health Data Space ('EHDS'). An analysis of the current legislation seems to indicate several legal constraints on the circulation of data (information, knowledge and material), able to affect the building of an effective European Data Area. These limitations aim at protecting individual rights, such as privacy or other interests. However, such limitations to the circulation of data may affect other relevant rights and interests such as freedom of research and health. For this reason, this paper intends to show what are the legal means to find the points of equilibrium between the different viewpoints and allow the sustainable function of the European Data Area. Because proper global governance of health data and materials is required, the paper tries to the analysis of the main EU instruments which at this moment are able to regulate it, in order to implement an effective system for the exchange of data, in the meantime that the scientific community is waiting for the European Data Protection Board (EDPB) guidance on the processing health data for research purposes, still pending
2023, Contributo in atti di convegno, ENG
C. Bodei (1); G. Costantino (2); M. De Vincenzi (2); I. Matteucci (2); A. Monreale
In recent years, data can be considered the new fuel for road vehicle functionalities like driver-assistance sys- tems or customized services. Therefore, the carmakers with their phone apps, synced with the infotainment system, can collect information from the drivers and vehicles to be processed inside or outside the car. In this context, we analyze different carmakers' privacy policies to define their readability and compliance with the EU General Data Protection Regulation, and provide analysis of carmakers' data collection. Besides, for the first time, we compare the most significant privacy regulations in automotive. Finally, we create an inter- active dashboard to compare the different carmakers' policies and provide users with an efficient instrument to understand some relevant privacy aspects like which data the carmakers declare to collect. We find that carmakers could collect a large number of users and vehicle data, but, in some cases, the privacy policies seem to be quite challenging to read and do not provide some information like how collected data are protected or stored.
2023, Contributo in atti di convegno, ENG
Qiqi Su, Vadim Peretokin, Ioannis Basdekis, Ioannis Kouris, Jonatan Maggesi, Mario Sicuranza, Alberto Acebes, Anca Bucur, Vinod Jaswanth Roy Mukkala, Konstantin Pozdniakov, Christos Kloukinas, Dimitrios D. Koutsouris, Elefteria Iliadou, Ioannis Leontsinis, Luigi Gallo, Giuseppe De Pietro and George Spanoudakis
The paper describes a cloud-based platform that utilizes Artificial Intelligence (AI) and Explainable AI techniques to deliver evidence-based, personalized interventions to individuals over 65 suffering or at risk of hearing loss, cardiovascular disease, cognitive impairments, balance disorders, or mental health issues, while supporting efficient remote monitoring and clinician-driven guidance. As part of the SMART BEAR integrated project, this platform has been developed to support its large-scale clinical trials. The platform consists of a standards-based data harmonization and management layer, as well as a security component, a Big Data Analytics system, a Clinical Decision Support system, and a dashboard component to facilitate efficient data collection across pilot sites.
2023, Contributo in atti di convegno, ENG
Ginevra Peruginelli, Sara Conti
Communication for lay audiences is a fundamental clinical skill that, if performed competently and efficiently, facilitates the establishment of a relationship of trust between the medical staff and the patient-customer. Organizations with strong communication policies can enrich their patients' health, while those that do not have effective procedures in place can negatively affect patient well-being. In such a context, healthcare organizations need to invest time and capital in effectively communicating legal concept related to data protection to patients. The General Data Protection Regulation (EU) 2016/679 (GDPR) sets important challenges for the health care sector, outlining stringent new policies for collecting, processing, and securing personal data Visual techniques applied to GDPR provisions can play an effective role in correctly spreading awareness and knowledge on this relevant issue. The power of visualization lies in the fact that the human brain has the potential to identify images and other visuals (images, charts, maps, infographics, videos, pull-quotes, memes, diagrams or annotations) very quickly. It not only simplifies the learning process, but also helps lay-learners to understand the concepts more clearly, reinforcing cognition and overcoming specialized languages barriers. In this regard, a feasibility study on which are the appropriate visual law techniques applied to GDPR in the context of health care has been carried out, considering all the legal and ethical implications. In particular, the experiment has focused on infographics as information design tools that combine both graphical and textual elements explaining the main points of the data protection regulation addressed to customers/patients. This is in line with many current initiatives widely using infographics as a dissemination instrument by governments and legislators around Europe.
2023, Contributo in atti di convegno, ENG
Ioannis Basdekis; Christos Kloukinas; Carlos Agostinho; Ioannis Vezakis; Andreia Pimenta; Luigi Gallo; Georgios Spanoudakis
Pseudonymisation is an important tool for protecting the privacy of individuals in medical research. It helps to ensure that personal information is not directly identifiable, while still allowing the data to be used for research purposes and for providing technical and healthcare support where needed at the same time. The SMART BEAR approach is in line with the principles of the GDPR, which requires that personal data be processed in a way that ensures appropriate security and privacy controls are in place. SMART BEAR services and organisational processes are stacked in such a way as to minimise the risk of leakage, to ensure that the data collected and processed are used only for the purpose they were intended, and that the data subjects' privacy is fully respected. One lesson from this approach is that organisations that use pseudonymisation may need to update certain procedures, to ensure the effective and secure use of pseudonymised data, and to update policies related to data access and sharing, to ensure that data are not shared with unauthorised parties.
2022, Articolo in rivista, ENG
Conte R.; Sansone F.; Tonacci A.; Pala A.P.
Electronic health records are playing an important role in todays' clinical research, with the possibility to collect a wide amount of data from different sources, not only within a structured clinical setting, but also making best use of new portable technologies, such as smartphones, sensors and Internet-of-Things, as an unprecedented spring of data. In this way, even in small clinical centers, often featuring limited financial availabilities, not only clinicians can have a complete, timely outlook on patients' health, but also data scientists could use such information to build and train tailored models in the broader perspective of "p4 medicine". However, all this should align with the strict regulations and needs concerning data privacy and security, safeguarding the rights of the individual and the confidentiality of information related to their healthcare status. Here, we present a case study dealing with Health360, a platform designed to fill in this gap, representing the ideal solution for small clinical centers, where usability and cost-affordability are key characteristics for such a system, to collect multimodal data from various sources actually employed in the framework of neuromuscular conditions. The platform, designed under the Software-as-a-Service paradigm, actually collects data from different clinical centers active in the field of neuromuscular diseases, and therefore was designed to grant access to the data to specific professionals depending on their roles. At the same time, to the benefit of data scientists, Health360 enables joint data processing, with the management of authorization principles for various health professionals from different clinical centers, which is regulated by the data minimization principle, based on the accessing profile. Under such premises, we present here the approach followed for the implementation of the platform, managing the trade-off between the need from various professionals for accessing the complete dataset and the privacy requirements, as well as confidentiality maintenance for sensitive data of patients enrolled on the project.
2022, Contributo in atti di convegno, ENG
Daoudagh S.; Marchetti E.
For replying to the strict exigencies and rules imposed by the GDPR, ICT systems are currently adopting different means for managing personal data. However, due to their critical and crucial role, effective and efficient validation methods should be applied, taking into account the peculiarity of the reference legal framework (i.e., the GDPR). In this paper, we present GROOT, a generic combinatorial testing methodology specifically conceived for assessing the GDPR compliance and its contextualization in the context of access control domain.
2022, Articolo in rivista, ENG
Kim J.; Pratesi F.; Rossetti G.; Sîrbu A.; Giannotti F.
Today, many users are actively using Twitter to express their opinions and to share information. Thanks to the availability of the data, researchers have studied behaviours and social networks of these users. International migration studies have also benefited from this social media platform to improve migration statistics. Although diverse types of social networks have been studied so far on Twitter, social networks of migrants and natives have not been studied before. This paper aims to fill this gap by studying characteristics and behaviours of migrants and natives on Twitter. To do so, we perform a general assessment of features including profiles and tweets, and an extensive network analysis on the network. We find that migrants have more followers than friends. They have also tweeted more despite that both of the groups have similar account ages. More interestingly, the assortativity scores showed that users tend to connect based on nationality more than country of residence, and this is more the case for migrants than natives. Furthermore, both natives and migrants tend to connect mostly with natives. The homophilic behaviours of users are also well reflected in the communities that we detected. Our additional privacy risk analysis showed that Twitter data can be safely used without exposing sensitive information of the users, and minimise risk of re-identification, while respecting GDPR.
2022, Contributo in atti di convegno, ENG
Peretokin, V.; Basdekis, I.; Kouris, I.; Maggesi, J.; Sicuranza, M.; Su, Q.; Acebes, A.; Bucur, A.; Mukkala, V.; Pozdniakov, K.; Kloukinas, C.; Koutsouris, D.; Iliadou, E.; Leontsinis, I.; Gallo, L.; De Pietro, G.; Spanoudakis, G.
This paper describes a cloud-based platform that offers evidence-based, personalised interventions powered by Artificial Intelligence to help support efficient remote monitoring and clinician-driven guidance to people over 65 who suffer or are at risk of hearing loss, cardiovascular diseases, cognitive impairments, balance disorders, and mental health issues. This platform has been developed within the SMART-BEAR integrated project to power its large-scale clinical pilots and comprises a standards-based data harmonisation and management layer, a security component, a Big Data Analytics system, a Clinical Decision Support tool, and a dashboard component for efficient data collection across the pilot sites.
2022, Articolo in rivista, ITA
Raffaele Conte
La contitolarità nei ruoli previsti dal GDPR in un trattamento di dati personali significa semplificare la vita all'interessato nell'esercizio dei propri diritti. L'artricolo ne spiega i concetti basilari ed evidenzia le tante situazioni in cui dovrebbe essere applicata e non lo di fa.
2021, Contributo in volume, ENG
Valentina Cocelli
The pandemic crisis currently sweeping the world provides the European Union's personal data protection system with a test of its ability to support scientific research to tackle the health emergency. This chapter aims to analyse the main questions arising from the Guidelines 03/2020 in the context of the COVID-19 outbreak adopted by the European Data Protection Board (EDPB) on 21st April 2020, which are relevant in the framework of the use of health data in the context of scientific research. According to the Guidelines, the provisions of the GDPR on scientific research - if correctly applied - are able to protect personal health data in the context of COVID-19 research activities, with some particular conditions regarding their application. While it is true that Regulation (EU) 2016/679 includes several provisions on scientific research that favour such research (or, rather, that favour an understanding of its specific needs), the application of this Regulation is not always easy in the context of research, or at least is not well understood by researchers themselves. Thus the research community needs some reactions and specific suggestions from the European Union (EU) authorities in order to harmonise and strengthen, across the EU, the application of the GDPR to research activity using health data. This chapter introduces some suggestions for the EDPB with a view to harmonising, across the EU, the application of the GDPR to research activity that uses health data
2021, Contributo in atti di convegno, ENG
V. Amenta (1); M. C. Buzzi (1); M. Buzzi (1); A. Montemurro (2)
Today the Internet of Things (IoT) empowers our lives, simplifying interaction and services in many fields including smart homes and cities, telemedicine and healthcare, transportation, security and social life. In many IoT applications, personal data are automatically collected and stored in cloud systems, processed and used for purposes such as creating user profiles, monitoring health, personalized advertising and more. The main cost of this process involves data that are collected by providers and organizations. This paper discusses important privacy and security issues raised by the main IoT devices, specifically considering the obligations imposed by the General Data Protection Regulation (GDPR) on the organizations collecting data relating to people in the European Union.
2021, Contributo in atti di convegno, ENG
Daoudagh S.; Marchetti E.
The adoption of the General Data Protection Regulation (GDPR) is enhancing different business and research opportunities that evidence the necessity of appropriate solutions supporting specification, processing, testing, and assessing the overall (personal) data management. This paper proposes GRADUATION (GdpR-bAseD mUtATION) methodology, for mutation analysis of data protection policies test cases. The new methodology provides generic mutation operators in reference to the currently applicable EU Data Protection Regulation. The preliminary implementation of the steps involved in the GDPR-based mutants derivation is also described.
2021, Contributo in atti di convegno, ENG
Daoudagh S.; Marchetti E.; Savarino V.; Di Bernardo R.; Alessi M.
This paper presents a privacy-by-design solution based on Consent Manager (CM) and Access Control (AC) to aid organizations to comply with the GDPR. The idea is to start from the GDPR's text, transform it into a machine-readable format through a given CM, and then convert the obtained outcome to a set of enforceable Access Control Policies (ACPs). As a result, we have defined a layered architecture that makes any given system privacy-aware, i.e., systems that are compliant by-design with the GDPR. Furthermore, we have provided a proof-of-concept by integrating a Consent Manager coming from an industrial context and an AC Manager coming from academia.
2021, Rapporto di progetto (Project report), ENG
Pieri G.; Gianvincenzo A.; Novellino A.; Deluca R.
This document is intended to provide recommendation on the procedures of the Information Systems and is inspired by the principles of correctness and diligence and is adopted in compliance with the provisions contained in the Privacy code and in the General Data Protection Regulation of the European Union.
2020, Software, ITA
Amenta V.; Deluca R.; Volpini F.
Realizzazione di un prototipo per la compilazione guidata del Registro del Trattamento dati secondo le procedure indicate dall'art. 30 del GDPR.
2020, Relazioni in qualità di discussant, ENG
Valentina Colcelli
How to deal with the problem that future research can often not be defined in narrow and specific terms, as it depends on the current state of research?
2020, Contributo in atti di convegno, ENG
Barsocchi P.; Calabro A.; Crivello A.; Daoudagh S.; Furfari F.; Girolami M.; Marchetti E.
The availability of mobile devices has led to an arising development of indoor location services collecting a large amount of sensitive information. However, without accurate and verified management, such information could become severe back-doors for security and privacy issues. We propose in this paper a novel Location-Based Service (LBS) architecture in line with the GDPR's provisions. For feasibility purposes and considering a representative use-case, a reference implementation, based on the popular Telegram app, is also presented.
2020, Nota tecnica, ENG
A. Marotta; F. Martinelli
The General Data Protection Regulation (GDPR) came into force to harmonize and improve data protection measures in Europe. However, although GDPR represented a significant change, it turned out to be a daunting task for many organizations. Among the challenges facing companies as a result of GDPR is the need to have a comprehensive set of guidelines that help them categorize and assess GDPR areas. Currently, there are too many assessment tools available, causing organizations to struggle with taking the right steps to achieving compliance and implementing collaborative initiatives across their business environment. This paper offers an overview of the most critical aspects of the GDPR and analyzes the existing GDPR compliance tools. In addition, it provides a comparative analysis in order to assist companies in the choice of the appropriate tools and compliance methods.
2019, Rapporto tecnico, ITA
Maria Consiglia Rasulo
Il presente rapporto tecnico descrive i principali elementi del nuovo Regolamento Europeo per la Protezione dei Dati Personali e le modalità per adeguarsi con particolare riferimento agli Istituti di ricerca del CNR