Data Protection, Policies & Compliance

The protection of personal data in compliance with existing regulations (i.e., GDPR, ePrivacy Directive, etc.) and the development of applications, best practices and guidelines for such purpose is a tenet of IRiSC’s research. IRiSC researchers also aim to better quantify cyber risk that can inform regulatory and supervisory frameworks and to design innovative human-centered technologies to build resilience to imminent cyber threats in compliance with the NIS Directive and Cyber Security Act.

Further considering the complexity of socio-economic issues the EU needs to manage, a unified EU may be required to attend to the multiple security issues that affect its citizens and Members States. In this regard IRiSC’s researchers are investigating how the existing cyber security frameworks can be refined to be implanted in a coherent fashion with maximum co-operation from EU Member States, whilst staying true to the fundamental criteria of democratic governance, transparency, the rule of law, accountability and participation.

Within the European Digital Strategy, the flow of data across the borders of member states will be further encouraged, with the objective of designing a range of human-centered digital services, including electronic identification and personal identity managers. The blossoming of the European data space will be regulated with special laws such as the Data Governance Act which aims to create oversight mechanisms for data sharing and re-use initiatives in the EU. This highly regulated ecosystem will not only offer new opportunities, but also add to the complexity of how to navigate and apply existing regulations.

For many organisations, compliance with existing legislations is a complex, time-consuming and often costly process that requires the implementation of multiple organizational and technical measures. Lastly, compliance is only a tile within the broader framework of data ethics and responsible technological development that is increasingly under the limelight.

In various data-informed environments, our research activities cover: 

• Encryption techniques (e.g., differential privacy, homomorphic encryption, secure-multi-party computation, etc.) and data curation best practices to securely store, analyze and share sensitive data (e.g., biomedical data, genome data, financial data) across organizations 
• The design of applications that help assess the transparency and fairness of data practices and detect illegal technology designs
• E-consent applications in the eHealth domain, taking into consideration not only legal and ethical requirements, but also user cognition and UI/UX design
• Data curation best practices to allow for smart data sets to be shared across biomedical and genome research institutes
• Effective communication tools to clarify the functioning of security measures, ensure compliance and to raise awareness about how entities manage data protection and deal with information and services in terms of the e-IDAS Regulation, the PSD2, the GDPR and the NIS Directive, and the national convergence of EU law
• Ethical aspects of cybersecurity research that can be used with a dual purpose (e.g., on ransomware)