CINTESIS Researcher Distinguished for Work on Health Data Protection

//CINTESIS Researcher Distinguished for Work on Health Data Protection

CINTESIS Researcher Distinguished for Work on Health Data Protection

A study with the participation of the researcher Ana Margarida Ferreira, from CINTESIS – Center for Health Technology and Services Research, received the Best Paper Award during the 5th International Conference on Information Systems Security and Privacy (ICISSP 2019), in Prague.

The investigation came up in the context of the General Data Protection Regulation (GDPR), which came into force on May 25, 2018, and the relationship of the GDPR articles with personal data transparency. The paper concluded that most of the tools used to improve data transparency are not in line with the GDPR.

These tools, known as “Transparency Enhancing Tools” (TeTs), were collected during a previous work with the aim of understanding their utility, functioning and problems. In the present study, besides identifying the articles of the Regulation that focus on the provision of transparency of personal data, the team also wanted to map the functionalities of the TeTs taking into account those same articles in order to understand if the tools are in line with the principle of transparency. The transparency is to inform the users about the purposes for which their personal data are being used, whether or not data are protected, and how.

According to the CINTESIS researcher when a user interacts with a website or an application he/she can provide, at some point, his/her personal data (name, email, address, mobile phone number…) or simply provide information from the mere interaction with the system (IP address, geolocalization, access credentials, etc.). In most of the cases, that information can be collected and used for non-authorized purposes and without the user knowledge, like when data is sold or make available to third parties.

“The regulation tries to provide users with the control of their personal data, something that did not exist and which allowed the companies to abuse that data, for their own benefit,” informs the researcher. “Big companies that are not applying the Regulation may have to pay high fines. An example of this is Google, which on January 21, 2019 was penalized with a fine of € 50 million by the French Data Protection Authority (CNIL – Commission Nationale de l’Informatique et des Libertés) for non-compliance with the principle of transparency, which is mandatory by the RGPD”, she adds.

For Ana Margarida Ferreira, “the ideal scenario would involve the aggregation of all the tools available to verify what are the functionalities that really work and comply with the GDPR, so that the current tools can be improved, or so that new tools are created, whatever makes most sense”.

The researcher warns about the legal right citizens have to know, clearly and openly, where is it that their data is “circulating, how are their data being protected and processed, and always have the possibility of deleting that data, if they wish”.

She also warns about problems that may arise in the health field related to the access and processing of patients’ personal data. If such information is not secured and if there is not clear indication about how is the data being protected and for which purposes is being processed, unauthorized use or alterations can occur and result in serious risks for patients, like for example, incorrect diagnosis or prescription of inadequate medication.

By | 2019-06-04T19:02:16+00:00 April 2nd, 2019|Categories: EN|Comments Off on CINTESIS Researcher Distinguished for Work on Health Data Protection

About the Author:

Termos e Políticas de utilização

O website www.cintesis.eu é um website pertencente ao CINTESIS – Centro de Investigação em Tecnologias e Serviços de Saúde, tendo como objetivo a prossecução das atividades realizadas no âmbito desta Unidade de I&D da Universidade do Porto e sua divulgação para o público em geral. Por favor, leia atentamente os termos e condições de utilização antes de utilizar este website.
  • Os utilizadores declaram conhecer, compreender, aceitar e cumprir integralmente os termos e condições de utilização deste website.
  • Os utilizadores obrigam-se a respeitar os direitos de autor, direitos conexos e de propriedade intelectual do CINTESIS, dos seus promotores e colaboradores.
  • Os utilizadores obrigam-se à proibição de copiar, divulgar, transmitir, reproduzir ou difundir materiais publicados neste website, respeitando os direitos legais sobre os mesmos, exceto em caso de uso livre autorizado por lei, nomeadamente o direito de citação, desde que a sua origem seja claramente identificada.
  • Os utilizadores comprometem-se a não veicular através deste website qualquer tipo de conteúdo ofensivo, difamatório, discriminatório, racista, obsceno ou violento.
  • O CINTESIS encontra-se ligado a websites externos sobre os quais não tem qualquer controlo e pelos quais não assume qualquer responsabilidade.
  • O CINTESIS não se responsabiliza por quaisquer anomalias ou danos que possam derivar da utilização do website, designadamente por vírus causados pelo acesso a hiperligações disponibilizadas.
  • Os utilizadores declaram-se totalmente responsáveis por quaisquer danos que venham a provocar, quer ao CINTESIS, quer a terceiros, pelo não cumprimento dos termos e condições aqui descritos, bem como pelo não cumprimento das normas legais.
  • O CINTESIS pode suspender ou alterar os presentes termos e condições, sem aviso, a todo e qualquer momento.
  • As questões constantes dos termos e condições são reguladas pela legislação portuguesa em vigor.