[en] The Open Science projects are also aimed at strongly encouraging the use of Cloud technologies and High Performance Computing (HPC), for the benefit of European researchers and universities. The emerging paradigm of Open Science enables an easier access to expert knowledge and material; however, it also raises some challenges regarding the protection of personal data, considering that part of the research data are personal data thus subjected to the EU’s General Data Protection Regulation (GDPR). This paper investigates the concept of scientific research in the field of data protection, with regard both to the European (GDPR) and national (Luxembourg Data Protection Law) legal framework for the compliance of the HPC technology. Therefore, it focuses on a case study, the HPC platform of the University of Luxembourg (ULHPC), to pinpoint the major data protection issues arising from the processing activities through HPC from the perspective of the HPC platform operators. Our study illustrates where the most problematic aspects of compliance lie. In this regard, possible solutions are also suggested, which mainly revolve around (1) standardisation of procedures; (2) cooperation at institutional level; (3) identification of guidelines for common challenges. This research is aimed to support legal researchers in the field of data protection, in order to help deepen the understanding of HPC technology’s challenges and universities and research centres holding an HPC platform for research purposes, which have to address the same issues.
Centre de recherche :
ULHPC - University of Luxembourg: High Performance Computing
Disciplines :
Sciences informatiques Droit européen & international
Auteur, co-auteur :
Paseri, Ludovica
VARRETTE, Sébastien ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)
BOUVRY, Pascal ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)
Co-auteurs externes :
yes
Langue du document :
Anglais
Titre :
Protection of Personal Data in High Performance Computing Platform for Scientific Research Purposes
Date de publication/diffusion :
juin 2021
Nom de la manifestation :
EU Annual Privacy Forum (APF) 2021
Date de la manifestation :
June 17-18, 2021
Manifestation à portée :
International
Titre de l'ouvrage principal :
Proc. of the EU Annual Privacy Forum (APF) 2021
Maison d'édition :
Springer International Publishing
ISBN/EAN :
978-3-030-76662-7
Collection et n° de collection :
Lecture Notes in Computer Science (LNCS), Volume 12703
Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. In: OJ L119/1 (2016). https://data. europa.eu/eli/reg/2016/679/oj
Council Regulation (EU) 2018/1488, establishing the European High Performance Computing Joint Undertaking. In: OJ L 252 (2018). https://data.europa.eu/eli/reg/2018/148 8/oj
Beretta, F.: Cycle of (digital) knowledge production in historical sciences. In: Cappelluti, F., et al. (eds.) Open Science: Rethinking Rewards and Evaluation the Key to Change? Zenodo (2020). https://doi.org/10.5281/zenodo.4141447
Commission Recommendation (EU) 2018/790 on access to and preservation of scientific information. In: OJ L 134, 31 May 2018 (2018). https://data.europa.eu/eli/reco/2018/790/oj
UNESCO, First draft of the UNESCO Recommendation on Open Science (2020). https://en. unesco.org/science-sustainable-future/open-science/recommendation. Accessed 03 Feb 2021
Ayris, P., et al.: Realising the European open science cloud. European Union (2016). https://doi.org/10.2777/940154
European Commission, European Cloud Initiative-Building a competitive data and knowledge economy in Europe, COM/2016/178 final (2016). https://eur-lex.europa.eu/legal-con tent/en/TXT/?uri=CELEX:52016DC0178
Saunders, G., et al.: Leveraging European infrastructures to access 1 million human genomes by 2022. Nat. Rev. Genet. 20(11), 698 (2019). https://doi.org/10.1038/s41576-019-0156-9
Budroni, P., Burgelman, J.-C., Schouppe, M.: Architectures of knowledge: the European open science cloud. ABI Tech. 39(2), 131 (2019). https://doi.org/10.1515/abitech-2019-2006
Wilkinson, M.D., et al.: The FAIR guiding principles for scientific data management and stewardship. Sci. Data 3(1), 4 (2016). https://doi.org/10.1038/sdata.2016.18
Hodson, S., et al.: Turning FAIR into reality: final report and action plan from the European Commission expert group on FAIR data. European Union (2018). https://doi.org/10.2777/1524
European Data Protection Supervisor (EDPS), A Preliminary Opinion on data protection and scientific research (2020). https://edps.europa.eu/sites/edp/files/publication/20-01-06_ opinion_research_en.pdf. Accessed 03 Feb 2021
Boniolo, G.: Il pulpito e la piazza. Democrazia, deliberazione e scienze della vita. Cortina Editore, Torino (2010)
Sjöberg, C.M.: Scientific research and academic e-learning in light of the EU’s legal framework for data protection. In: Corrales, M., Fenwick, M., Forgó, N. (eds.) New Technology, Big Data and the Law, pp. 43–63. Springer, Singapore (2017). https://doi.org/10.1007/978-981-10-5038-1_3
Ducato, R.: Data protection, scientific research, and the role of information. Comput. Law Secur. Rev. 37 (2020). https://doi.org/10.1016/j.clsr.2020.105412
Ienca, M., et al.: How the general data protection regulation changes the rules for scientific research. European Parliamentary Research Service (EPRS), Scientific Foresight Unit (STOA) (2019). https://doi.org/10.2861/17421
Manis, M.L.: The processing of personal data in the context of scientific research. The new regime under the EU-GDPR. Biolaw J. 3 (2017). https://doi.org/10.15168/2284-4503-259
Barfield, W., Pagallo, U.: Advanced Introduction to Law and Artificial Intelligence. Edward Elgar Publishing, Cheltenham (2020)
Aurucci, P.: Legal issues in regulating observational studies: the impact of the GDPR on Italian biomedical research. Eur. Data Protect. Law Rev. 5(2), 197–208 (2019). https://doi. org/10.21552/edpl/2019/2/9
Loi du 1er août 2018 portant organisation de la Commission nationale pour la protection des données et du régime général sur la protection des données (Luxembourg Data Protection Law) (2018). https://data.legilux.public.lu/eli/etat/leg/loi/2018/08/01/a686/jo
Trefois, C., Alper, P., Jones, S., Becker, R., et al.: Data protection impact assessment: general LCSB approach for processing research data. Internal report (2018)
Ganzinger, M., Glaab, E., et al.: Biomedical and clinical research data management. In: Systems Medicine: Integrative, Qualitative and Computational Approaches, vol 3. Academic Press (2021)
European Data Protection Board (EDPB), Guidelines on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak, 03 (2020). https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-032 020-processing-data-concerning-health-purpose_en. Accessed 03 Feb 2021
Durante, M.: Computational Power: The Impact of ICT on Law. Society and Knowledge. Routledge, London (2021)
Pagallo, U., Casanovas, P., Madelin, R.: The middle-out approach: assessing models of legal governance in data protection, artificial intelligence, and the web of data. Theory Pract. Legislation 7(1) (2019). https://doi.org/10.1080/20508840.2019.1664543
Pagallo, U.: The legal challenges of big data: putting secondary rules first in the field of EU data protection. Eur. Data Prot. L. Rev. 3 (2017). https://doi.org/10.21552/edpl/2017/1/7
University of Leicester. https://le.ac.uk/ias/policies-and-resources. Accessed 03 Feb 2021
ULC. https://www.ucl.ac.uk/data-protection/data-protection-overview/online-training/data-protection-online-training. Accessed 03 Feb 2021
NIST SP 800–30 Rev. 1: Guide for Conducting Risk Assessments, Technical report (2012). https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final. Accessed 03 Feb 2021
ISO/IEC 27002:2013: Information technology, Security techniques, Code of practice for information security controls. https://www.iso.org/standard/54533.html. Accessed 03 Feb 2021
