The 6th ‘ask me anything’ session examined the challenges of sensitive data and emerging solutions via EOSC.
The topic of sensitive data has been gaining importance in EOSC; Services for Sensitive Data are starting to appear in the EOSC Marketplace, with more to come as the need grows.
What are the major considerations and challenges surrounding the treatment of sensitive data, and what resources are available through the EOSC Platform? The 6th ‘ask me anything’ session took these questions to task.
Sensitive data: Not just health related
To date, the most common context in which we hear about sensitive data is health related (due also to the Covid-19 pandemic). Within the EOSC community, there are currently a number of high-profile initiatives, such as the VirtualBrainCloud and HealthDataCloud, which are developing a GDPR-compliant-sensitive health data service. But health is not the only area in which sensitive data can appear in EOSC. Smart cities may involve sensitive data on citizens and even environmental data can be sensitive. When it comes to data and metadata, EOSC must also deal with different levels of sensitivity.
Sensitive data within EOSC: New and improved services
Through the DICE project, there have been developments in the EOSC Marketplace service offerings, including:
- extending Services for Sensitive Data (TSD), already in operation since 2014
- adding an extension to the familiar and popular EUDAT B2SHARE service.
The new Secure B2SHARE service will provide access to sensitive data in access-restricted secure storage, while storing metadata in B2SHARE – thereby providing the sensitive data resources without violating privacy, and yet, maintaining FAIR principles in a user-friendly way.
Given that sensitive data must be approached as a full-fledged cybersecurity management challenge, DICE undertook a full Threat Analysis and Risk Assessment for B2SHARE according to WISE cybersecurity management best practices, identifying and classifying sensitive data according to not only privacy and confidentiality concerns but also threats to availability and integrity of data.
Up in the Cloud
CINECA plans on providing services to cloud-based researchers working with sensitive data. More specifically, CINECA is working on sensitive data use cases involving:
- Platform as a Service (PaaS), whereby CINECA develops the platform using services available on the system
- Infrastructure as a Service (IaaS), whereby users build their own platform using services available on the system.
All the while, they are taking care to ensure the convenience of cloud-based workflows even while guaranteeing end-to-end security of communications and sensitive data.
Amnesia, a service developed in OpenAIRE, is also available on the EOSC Marketplace. Amnesia is a user-friendly solution for data anonymisation. Anonymisation is a powerful tool for achieving the Open Science and FAIR principles of EOSC, without violating the confidentiality of sensitive data. The data may be openly provided to third parties, but it is provided in a form such that it cannot easily be traced back to individuals or groups.
You can try out the online tool for yourself via this demo.
All of the tools and resources mentioned above can be found on the EOSC Catalogue & Marketplace. If you have a service that you would like to offer to users, you can onboard it to the EOSC Providers Dashboard.
If you did not catch the ‘ask me anything’ session on sensitive data, you can watch the full video recording here.
You can also mark your calendars for a Datathon dedicated to sensitive data, which is in the planning stages for late May 2023. The event will take place in the Netherlands, hosted by SURF, and is expected to involve experts from other EOSC projects. Information will be posted on the DICE website as it becomes available.