RESULTS FROM 1 TO 20 OF 24

2023, Articolo in rivista, ENG

Circulation of personal data and non-personal data within the European Research Area for research and health purposes

Valentina Colcelli, Roberto Cippitani

The availability and circulation of data, information, knowledge and materials are essential in all fields of research, but they are particularly important in a period in which it is necessary to tackle a global phenomenon like the COVID- 19 pandemic. Awareness of the importance of the circulation of information derived from data, the European Commission has been elaborating a strategy for the circula- tion and sharing of personal and non-personal data. The European strategy needs the data to circulate and be shared in the economic, academic, and social environments. To achieve those objectives, EU documents use the metaphor of building a 'European Data Area', that is to say, legal, economic, and cultural frameworks governed at the continental and national levels, such as European Research Area ('ERA', see Article 179 TFEU) and the proposed European Health Data Space ('EHDS'). An analysis of the current legislation seems to indicate several legal constraints on the circulation of data (information, knowledge and material), able to affect the building of an effective European Data Area. These limitations aim at protecting individual rights, such as privacy or other interests. However, such limitations to the circulation of data may affect other relevant rights and interests such as freedom of research and health. For this reason, this paper intends to show what are the legal means to find the points of equilibrium between the different viewpoints and allow the sustainable function of the European Data Area. Because proper global governance of health data and materials is required, the paper tries to the analysis of the main EU instruments which at this moment are able to regulate it, in order to implement an effective system for the exchange of data, in the meantime that the scientific community is waiting for the European Data Protection Board (EDPB) guidance on the processing health data for research purposes, still pending

Journal of open access to law 11 (2), pp. 1–24

2023, Contributo in atti di convegno, ENG

Vehicle Data Collection: A Privacy Policy Analysis and Comparison

C. Bodei (1); G. Costantino (2); M. De Vincenzi (2); I. Matteucci (2); A. Monreale

In recent years, data can be considered the new fuel for road vehicle functionalities like driver-assistance sys- tems or customized services. Therefore, the carmakers with their phone apps, synced with the infotainment system, can collect information from the drivers and vehicles to be processed inside or outside the car. In this context, we analyze different carmakers' privacy policies to define their readability and compliance with the EU General Data Protection Regulation, and provide analysis of carmakers' data collection. Besides, for the first time, we compare the most significant privacy regulations in automotive. Finally, we create an inter- active dashboard to compare the different carmakers' policies and provide users with an efficient instrument to understand some relevant privacy aspects like which data the carmakers declare to collect. We find that carmakers could collect a large number of users and vehicle data, but, in some cases, the privacy policies seem to be quite challenging to read and do not provide some information like how collected data are protected or stored.

9th International Conference on Information Systems Security and Privacy - ICISSP, Lisbon, Portugal, 22-24/02/2023

2023, Contributo in atti di convegno, ENG

The SMART BEAR Project: An Overview of Its Infrastructure

Qiqi Su, Vadim Peretokin, Ioannis Basdekis, Ioannis Kouris, Jonatan Maggesi, Mario Sicuranza, Alberto Acebes, Anca Bucur, Vinod Jaswanth Roy Mukkala, Konstantin Pozdniakov, Christos Kloukinas, Dimitrios D. Koutsouris, Elefteria Iliadou, Ioannis Leontsinis, Luigi Gallo, Giuseppe De Pietro and George Spanoudakis

The paper describes a cloud-based platform that utilizes Artificial Intelligence (AI) and Explainable AI techniques to deliver evidence-based, personalized interventions to individuals over 65 suffering or at risk of hearing loss, cardiovascular disease, cognitive impairments, balance disorders, or mental health issues, while supporting efficient remote monitoring and clinician-driven guidance. As part of the SMART BEAR integrated project, this platform has been developed to support its large-scale clinical trials. The platform consists of a standards-based data harmonization and management layer, as well as a security component, a Big Data Analytics system, a Clinical Decision Support system, and a dashboard component to facilitate efficient data collection across pilot sites.

7th International Conference, ICT4AWE 2021, Virtual Event, April 24-26, 2021, and 8th International Conference, ICT4AWE 2022, Virtual Event, April 23-25, 2022, Revised Selected Papers, April 24-26, 2021

DOI: 10.1007/978-3-031-37496-8_21

2023, Contributo in atti di convegno, ENG

Healthcare Sector and Data Protection: A New Way of Communicating Legal Concepts

Ginevra Peruginelli, Sara Conti

Communication for lay audiences is a fundamental clinical skill that, if performed competently and efficiently, facilitates the establishment of a relationship of trust between the medical staff and the patient-customer. Organizations with strong communication policies can enrich their patients' health, while those that do not have effective procedures in place can negatively affect patient well-being. In such a context, healthcare organizations need to invest time and capital in effectively communicating legal concept related to data protection to patients. The General Data Protection Regulation (EU) 2016/679 (GDPR) sets important challenges for the health care sector, outlining stringent new policies for collecting, processing, and securing personal data Visual techniques applied to GDPR provisions can play an effective role in correctly spreading awareness and knowledge on this relevant issue. The power of visualization lies in the fact that the human brain has the potential to identify images and other visuals (images, charts, maps, infographics, videos, pull-quotes, memes, diagrams or annotations) very quickly. It not only simplifies the learning process, but also helps lay-learners to understand the concepts more clearly, reinforcing cognition and overcoming specialized languages barriers. In this regard, a feasibility study on which are the appropriate visual law techniques applied to GDPR in the context of health care has been carried out, considering all the legal and ethical implications. In particular, the experiment has focused on infographics as information design tools that combine both graphical and textual elements explaining the main points of the data protection regulation addressed to customers/patients. This is in line with many current initiatives widely using infographics as a dissemination instrument by governments and legislators around Europe.

Cutting Through Medicine, Law and Other Disciplines - Interdisciplinary Challenges and Opportunities, Naples, 20-22/5/2021

2023, Contributo in atti di convegno, ENG

Pseudonymisation in the context of GDPR-compliant medical research

Ioannis Basdekis; Christos Kloukinas; Carlos Agostinho; Ioannis Vezakis; Andreia Pimenta; Luigi Gallo; Georgios Spanoudakis

Pseudonymisation is an important tool for protecting the privacy of individuals in medical research. It helps to ensure that personal information is not directly identifiable, while still allowing the data to be used for research purposes and for providing technical and healthcare support where needed at the same time. The SMART BEAR approach is in line with the principles of the GDPR, which requires that personal data be processed in a way that ensures appropriate security and privacy controls are in place. SMART BEAR services and organisational processes are stacked in such a way as to minimise the risk of leakage, to ensure that the data collected and processed are used only for the purpose they were intended, and that the data subjects' privacy is fully respected. One lesson from this approach is that organisations that use pseudonymisation may need to update certain procedures, to ensure the effective and secure use of pseudonymised data, and to update policies related to data access and sharing, to ensure that data are not shared with unauthorised parties.

2023 19th International Conference on the Design of Reliable Communication Networks (DRCN), Vilanova i la Geltru, Spain, 17-20/04/2023

DOI: 10.1109/DRCN57075.2023.10108370

2022, Articolo in rivista, ENG

Privacy-by-Design and Minimization within a Small Electronic Health Record: The Health360 Case Study

Conte R.; Sansone F.; Tonacci A.; Pala A.P.

Electronic health records are playing an important role in todays' clinical research, with the possibility to collect a wide amount of data from different sources, not only within a structured clinical setting, but also making best use of new portable technologies, such as smartphones, sensors and Internet-of-Things, as an unprecedented spring of data. In this way, even in small clinical centers, often featuring limited financial availabilities, not only clinicians can have a complete, timely outlook on patients' health, but also data scientists could use such information to build and train tailored models in the broader perspective of "p4 medicine". However, all this should align with the strict regulations and needs concerning data privacy and security, safeguarding the rights of the individual and the confidentiality of information related to their healthcare status. Here, we present a case study dealing with Health360, a platform designed to fill in this gap, representing the ideal solution for small clinical centers, where usability and cost-affordability are key characteristics for such a system, to collect multimodal data from various sources actually employed in the framework of neuromuscular conditions. The platform, designed under the Software-as-a-Service paradigm, actually collects data from different clinical centers active in the field of neuromuscular diseases, and therefore was designed to grant access to the data to specific professionals depending on their roles. At the same time, to the benefit of data scientists, Health360 enables joint data processing, with the management of authorization principles for various health professionals from different clinical centers, which is regulated by the data minimization principle, based on the accessing profile. Under such premises, we present here the approach followed for the implementation of the platform, managing the trade-off between the need from various professionals for accessing the complete dataset and the privacy requirements, as well as confidentiality maintenance for sensitive data of patients enrolled on the project.

Applied sciences 12

DOI: 10.3390/app12178441

2022, Contributo in atti di convegno, ENG

GROOT: a GDPR-based combinatorial testing approach

Daoudagh S.; Marchetti E.

For replying to the strict exigencies and rules imposed by the GDPR, ICT systems are currently adopting different means for managing personal data. However, due to their critical and crucial role, effective and efficient validation methods should be applied, taking into account the peculiarity of the reference legal framework (i.e., the GDPR). In this paper, we present GROOT, a generic combinatorial testing methodology specifically conceived for assessing the GDPR compliance and its contextualization in the context of access control domain.

ICTSS 2021 - 33rd IFIP WG 6.1 International Conference on Testing Software Systems, London, UK, 10-11/11/2021

DOI: 10.1007/978-3-031-04673-5_17

2022, Articolo in rivista, ENG

Where do migrants and natives belong in a community: a Twitter case study and privacy risk analysis

Kim J.; Pratesi F.; Rossetti G.; Sîrbu A.; Giannotti F.

Today, many users are actively using Twitter to express their opinions and to share information. Thanks to the availability of the data, researchers have studied behaviours and social networks of these users. International migration studies have also benefited from this social media platform to improve migration statistics. Although diverse types of social networks have been studied so far on Twitter, social networks of migrants and natives have not been studied before. This paper aims to fill this gap by studying characteristics and behaviours of migrants and natives on Twitter. To do so, we perform a general assessment of features including profiles and tweets, and an extensive network analysis on the network. We find that migrants have more followers than friends. They have also tweeted more despite that both of the groups have similar account ages. More interestingly, the assortativity scores showed that users tend to connect based on nationality more than country of residence, and this is more the case for migrants than natives. Furthermore, both natives and migrants tend to connect mostly with natives. The homophilic behaviours of users are also well reflected in the communities that we detected. Our additional privacy risk analysis showed that Twitter data can be safely used without exposing sensitive information of the users, and minimise risk of re-identification, while respecting GDPR.

Social Network Analysis and Mining 13 (15)

DOI: 10.1007/s13278-022-01017-0

2022, Contributo in atti di convegno, ENG

Overview of the SMART-BEAR Technical Infrastructure

Peretokin, V.; Basdekis, I.; Kouris, I.; Maggesi, J.; Sicuranza, M.; Su, Q.; Acebes, A.; Bucur, A.; Mukkala, V.; Pozdniakov, K.; Kloukinas, C.; Koutsouris, D.; Iliadou, E.; Leontsinis, I.; Gallo, L.; De Pietro, G.; Spanoudakis, G.

This paper describes a cloud-based platform that offers evidence-based, personalised interventions powered by Artificial Intelligence to help support efficient remote monitoring and clinician-driven guidance to people over 65 who suffer or are at risk of hearing loss, cardiovascular diseases, cognitive impairments, balance disorders, and mental health issues. This platform has been developed within the SMART-BEAR integrated project to power its large-scale clinical pilots and comprises a standards-based data harmonisation and management layer, a security component, a Big Data Analytics system, a Clinical Decision Support tool, and a dashboard component for efficient data collection across the pilot sites.

8th International Conference on Information and Communication Technologies for Ageing Well and e-Health (ICT4AWE 2022), Online, 23-25/04/2022

DOI: 10.5220/0011082700003188

2022, Articolo in rivista, ITA

Gdpr, chi ha paura della contitolarità? Cos'è e i problemi.

Raffaele Conte

La contitolarità nei ruoli previsti dal GDPR in un trattamento di dati personali significa semplificare la vita all'interessato nell'esercizio dei propri diritti. L'artricolo ne spiega i concetti basilari ed evidenzia le tante situazioni in cui dovrebbe essere applicata e non lo di fa.

Agenda Digitale

2021, Contributo in volume, ENG

The Pandemic Crisis as Test Case to Verify the European Union's Personal Data Protection System Ability to Support Scientific Research

Valentina Cocelli

The pandemic crisis currently sweeping the world provides the European Union's personal data protection system with a test of its ability to support scientific research to tackle the health emergency. This chapter aims to analyse the main questions arising from the Guidelines 03/2020 in the context of the COVID-19 outbreak adopted by the European Data Protection Board (EDPB) on 21st April 2020, which are relevant in the framework of the use of health data in the context of scientific research. According to the Guidelines, the provisions of the GDPR on scientific research - if correctly applied - are able to protect personal health data in the context of COVID-19 research activities, with some particular conditions regarding their application. While it is true that Regulation (EU) 2016/679 includes several provisions on scientific research that favour such research (or, rather, that favour an understanding of its specific needs), the application of this Regulation is not always easy in the context of research, or at least is not well understood by researchers themselves. Thus the research community needs some reactions and specific suggestions from the European Union (EU) authorities in order to harmonise and strengthen, across the EU, the application of the GDPR to research activity using health data. This chapter introduces some suggestions for the EDPB with a view to harmonising, across the EU, the application of the GDPR to research activity that uses health data

2021, Contributo in atti di convegno, ENG

Internet of things and privacy

V. Amenta (1); M. C. Buzzi (1); M. Buzzi (1); A. Montemurro (2)

Today the Internet of Things (IoT) empowers our lives, simplifying interaction and services in many fields including smart homes and cities, telemedicine and healthcare, transportation, security and social life. In many IoT applications, personal data are automatically collected and stored in cloud systems, processed and used for purposes such as creating user profiles, monitoring health, personalized advertising and more. The main cost of this process involves data that are collected by providers and organizations. This paper discusses important privacy and security issues raised by the main IoT devices, specifically considering the obligations imposed by the General Data Protection Regulation (GDPR) on the organizations collecting data relating to people in the European Union.

IADIS International Conference e-Society (ES 2021), online/virtuale, 03-05/03/2021

2021, Contributo in atti di convegno, ENG

GRADUATION: a GDPR-based mutation methodology

Daoudagh S.; Marchetti E.

The adoption of the General Data Protection Regulation (GDPR) is enhancing different business and research opportunities that evidence the necessity of appropriate solutions supporting specification, processing, testing, and assessing the overall (personal) data management. This paper proposes GRADUATION (GdpR-bAseD mUtATION) methodology, for mutation analysis of data protection policies test cases. The new methodology provides generic mutation operators in reference to the currently applicable EU Data Protection Regulation. The preliminary implementation of the steps involved in the GDPR-based mutants derivation is also described.

QUATIC 2021 - 14th International Conference on the Quality of Information and Communications Technology, Online conference, 08-10/09/2021

DOI: 10.1007/978-3-030-85347-1_23

2021, Contributo in atti di convegno, ENG

How to improve the GDPR compliance through consent management and access control

Daoudagh S.; Marchetti E.; Savarino V.; Di Bernardo R.; Alessi M.

This paper presents a privacy-by-design solution based on Consent Manager (CM) and Access Control (AC) to aid organizations to comply with the GDPR. The idea is to start from the GDPR's text, transform it into a machine-readable format through a given CM, and then convert the obtained outcome to a set of enforceable Access Control Policies (ACPs). As a result, we have defined a layered architecture that makes any given system privacy-aware, i.e., systems that are compliant by-design with the GDPR. Furthermore, we have provided a proof-of-concept by integrating a Consent Manager coming from an industrial context and an AC Manager coming from academia.

ICISSP 2021 - 7th International Conference on Information Systems Security and Privacy, Online conference, 11-13/02/2021

DOI: 10.5220/0010260205340541

2021, Rapporto di progetto (Project report), ENG

NAUTILOS - POPD - Requirement No. 2

Pieri G.; Gianvincenzo A.; Novellino A.; Deluca R.

This document is intended to provide recommendation on the procedures of the Information Systems and is inspired by the principles of correctness and diligence and is adopted in compliance with the provisions contained in the Privacy code and in the General Data Protection Regulation of the European Union.

2020, Software, ITA

Prototipo per l'integrazione della Privacy nella piattaforma del CNR "PDGP GEPRO"

Amenta V.; Deluca R.; Volpini F.

Realizzazione di un prototipo per la compilazione guidata del Registro del Trattamento dati secondo le procedure indicate dall'art. 30 del GDPR.

2020, Relazioni in qualità di discussant, ENG

"Future research" in the light of GDPR

Valentina Colcelli

How to deal with the problem that future research can often not be defined in narrow and specific terms, as it depends on the current state of research?

Conference Biobanking for Global Challenges Europe Biobank Week 2020, Virtual Conference, 18/11/2020

2020, Contributo in atti di convegno, ENG

A privacy-by-design architecture for indoor localization systems

Barsocchi P.; Calabro A.; Crivello A.; Daoudagh S.; Furfari F.; Girolami M.; Marchetti E.

The availability of mobile devices has led to an arising development of indoor location services collecting a large amount of sensitive information. However, without accurate and verified management, such information could become severe back-doors for security and privacy issues. We propose in this paper a novel Location-Based Service (LBS) architecture in line with the GDPR's provisions. For feasibility purposes and considering a representative use-case, a reference implementation, based on the popular Telegram app, is also presented.

13th International Conference on the Quality of Information and Communications Technology (QUATIC 2020), Faro, Portugal, September 9-11, 2020

DOI: 10.1007/978-3-030-58793-2_29

2020, Nota tecnica, ENG

GDPR Survey: An Analysis of The Tools Used for Assessing GDPR Compliance

A. Marotta; F. Martinelli

The General Data Protection Regulation (GDPR) came into force to harmonize and improve data protection measures in Europe. However, although GDPR represented a significant change, it turned out to be a daunting task for many organizations. Among the challenges facing companies as a result of GDPR is the need to have a comprehensive set of guidelines that help them categorize and assess GDPR areas. Currently, there are too many assessment tools available, causing organizations to struggle with taking the right steps to achieving compliance and implementing collaborative initiatives across their business environment. This paper offers an overview of the most critical aspects of the GDPR and analyzes the existing GDPR compliance tools. In addition, it provides a comparative analysis in order to assist companies in the choice of the appropriate tools and compliance methods.

2019, Rapporto tecnico, ITA

GDPR, il nuovo Regolamento Europeo per la Protezione dei Dati Personali: come funziona e come adeguarsi

Maria Consiglia Rasulo

Il presente rapporto tecnico descrive i principali elementi del nuovo Regolamento Europeo per la Protezione dei Dati Personali e le modalità per adeguarsi con particolare riferimento agli Istituti di ricerca del CNR

InstituteSelected 0/8
    ISTI, Istituto di scienza e tecnologie dell'informazione "Alessandro Faedo" (8)
    IIT, Istituto di informatica e telematica (5)
    ICAR, Istituto di calcolo e reti ad alte prestazioni (3)
    IFAC, Istituto di fisica applicata "Nello Carrara" (3)
    IFC, Istituto di fisiologia clinica (1)
    IREA, Istituto per il rilevamento elettromagnetico dell'ambiente (1)
    IRISS, Istituto di Ricerca su Innovazione e Servizi per lo Sviluppo (1)
    ISAFoM, Istituto per i sistemi agricoli e forestali del mediterraneo (1)
AuthorSelected 0/30
    Daoudagh Said (5)
    Marchetti Eda (5)
    Amenta Valentina (3)
    Colcelli Valentina (3)
    Gallo Luigi (3)
    Conte Raffaele (2)
    De Pietro Giuseppe (2)
    Sicuranza Mario (2)
    Abba Laura (1)
    Barsocchi Paolo (1)
TypeSelected 0/9
    Contributo in atti di convegno (11)
    Articolo in rivista (5)
    Contributo in volume (2)
    Nota tecnica (1)
    Rapporto di progetto (Project report) (1)
    Rapporto di ricerca (Research report) (1)
    Rapporto tecnico (1)
    Relazioni in qualità di discussant (1)
    Software (1)
Research programSelected 0/11
    DIT.AD009.095.001, SMART BEAR (2)
    DIT.AD004.106.001, HumMingBird - ROSSETTI (KDD) - ISTI (1)
    DIT.AD004.110.001, SoBigData-PlusPlus - TRASARTI (KDD) - ISTI (1)
    DIT.AD005.026.001, Relazioni Internazionali (1)
    DIT.AD006.043.003, CyberSec4Europe - Cyber Security Network of Competence Centres for Europe - ISTI (1)
    DIT.AD006.054.001, COSCA (1)
    DIT.AD009.080.001, WAFI - Sistemi ICT per la salute (1)
    DIT.AD010.042.001, An Imaging Biobank to Precisely Prevent and Predict cancer, and facilitate the Participation of oncologic patients to Diagnosis and Treatment (NAVIGATOR) (1)
    DIT.AD019.114.001, NAUTILOS - PIERI (SI) - ISTI (1)
    DSB.AD008.843.001, ConfidHealth - rif. Conte (1)
EU Funding ProgramSelected 0/1
    H2020 (9)
EU ProjectSelected 0/5
    CyberSec4Europe (4)
    SMART BEAR (3)
    BIECO (1)
    NAUTILOS (1)
    SoBigData-PlusPlus (1)
YearSelected 0/6
    2021 (5)
    2022 (5)
    2023 (5)
    2020 (4)
    2019 (3)
    2018 (2)
LanguageSelected 0/2
    Inglese (20)
    Italiano (4)
Keyword

GDPR

RESULTS FROM 1 TO 20 OF 24