Trusted environments for sensitive data management in EOSC
The data sets of public authorities are often very sensitive and therefore restricted for access. Sensitive data is not only offered by public authorities, but also commercial entities. It is vital for EOSC to enable its users to engage with such sensitive data sources.
Safe rooms, safe pods and secure remote access environments all present challenges to physical and logical security even within a single discipline, whilst transdisciplinary norms and transnational legislation present additional challenges. The providers of the sensitive data need environments with high standards of security and privacy guarantees that these datasets require. At the same time the solutions should enable easy access for users and offer practical solutions for working at large scale of data sources, computational resources, and users.
The aim of this topic is to develop and implement a robust set of methods, practices and environments to effectively enable sensible data sharing/processing. They should be general enough to be applicable in a certain country/region and in cross-border scenarios. Proposals should take into account the existing and forthcoming work and policies in the area (e.g. Medical Informatics Platform[[https://ebrains.eu/service/medical-informatics-platform/]] European Health Data Space[[https://ec.europa.eu/health/ehealth-digital-health-and-care/european-health-data-space_en]]) but also engage with additional challenges and domains, for example where governmental statistical data or location and time sensitive data are required for analytics, machine learning and/or artificial intelligence.
Proposals are expected to cover the following activities:
- Explore the possibility of creating specific Public Authorities’ Government Zones in EOSC, providing tailored access control and engaging closely with public authorities to establish safe and secure access to their data for FAIR data processing.
The proposed work should include:
- exploring possible solutions to move all or parts of a workflow on sensitive data to a secure data storage and to allow users to receive only aggregated and desensitised results;
- support for publishing anonymised data into repositories that are compliant with the EOSC Interoperability Framework;
- exploration and demonstration of possible solutions and approaches for data anonymization, including (subsets of) sensitive metadata;
- exploration and demonstration of possible solutions and approaches, such as blockchain, for access control management and maintenance of a secure and decentralized record of transactions of trusted and non-trusted parties;
- data processing workflows that keep sensitive data encrypted on disk and memory, including assessment of the cost of the encryption;
- investigation on data protection legislations on national and European level on the impact of using sensitive data in cloud hosted workflows across computer centres in different countries/regions;
- explore and demonstrate compliance with federated architecture solutions.
To ensure complementarity of outcomes, proposals are expected to demonstrate how they intend to cooperate and align with activities of the EOSC Partnership. They should also demonstrate how they will coordinate with other relevant EOSC projects and provide concrete plans and sustainable solutions on how to integrate with the operational EOSC to benefit future users. The proposals should engage with public authorities, and if appropriate also private sector, to showcase the benefit of this data-sharing for their own research and data analytics. The proposals should include data from more than one sector to demonstrate the general applicability of the proposed solutions.
The proposed work should demonstrate how the impact of developed solutions on data governance and stewardship is documented. It should highlight good practices for providing sensitive data in a cloud environment and provide solutions on how a high-level of security can be maintained in a fast changing (cloud) technology landscape. Appropriate handling of sensitive data through third-party security audits and approaches and standards to record access to sensitive data for monitoring purposes should be considered. Links to related projects from relevant topics, e.g. HORIZON-HLTH-2022-IND-13-02[[Scaling up multi-party computation, data anonymisation techniques, and synthetic data generation.]] should be established.
In this topic the integration of the gender dimension (sex and gender analysis) in research and innovation content is not a mandatory requirement.