Among her other activities, Marie-José is involved in the LifeLines project and several projects with (scientific) personal data in the University Medical Centre Groningen (UMCG).
is a large-scale population study of more than 165,000 people living in the north of the Netherlands. The UMCG is an academic hospital in Groningen. Both parties cooperate in the field of Healthy Ageing. Participants of the LifeLines-cohort from three generations are being followed for at least 30 years to learn more about how people can grow older in better health and what factors play an important part in the development and course of chronic disease.
Esther Hoorn, lawyer at the University of Groningen, asked Marie-José how thinking about data management in an early stage of a research project can help also to consider innovative approaches to privacy issues. Lawyers are renowned for raising objections, but Marie-José Bonthuis is not that type of person. She studied Law and IT at Groningen and has a clear vision of the
duties of an IT lawyer.
Marie-José is working on various creative ways to help improve work processes by taking privacy protection more fully into account. She is involved in a theatre project for secondary schools, for example: Like Me and Hacker in de klas [A hacker in your class] . She is also writing a thesis about privacy in supply chain management. The implementation of privacy principles in current legislation appears to have been based on small-scale concepts such as consent and purpose limitation. In an information society that increasingly makes use of large-scale concepts such as chains and big data, however, a revision of the privacy framework is needed. In her research Marie-José uses the
supply chain automation method
‘As the person responsible for data protection I oversee the processing of personal data. A lot of anonymized data is used in the LifeLines research: making use of
. I was asked to join the LifeLines project because of the thesis I wrote in 2007 on the EPD (Electronic Patient Dossier). And then you quickly become known in the North as the legal expert who knows all about handling patient data in a responsible manner. In 2012, I came across a thesis by
about how to use
k anonymity to
measure and predict the risk of re-identification of anonymized data. When I joined LifeLines I wanted to know how to anonymize information that had been provided voluntarily as well as the patient data linked to it. The independent advisory and consultative body of European privacy authorities, the
Article 29 Working Group
, had just written an advisory report on anonymization techniques. Everything fell into place: this document together with Koot’s thesis on how to tackle the technical aspects. An innovative approach was developed from these two different worlds and on that basis we could begin a pilot study. And as it turned out, at the University there was a lot of interest in this for projects using sensitive data.’
‘It is an algorithm which can be used to determine when a piece of data or a data combination in a given data set can be considered unique (and only indirectly derivable). The principle is that the data is anonymous, and cannot be derived on the basis of a static method. This method requires a dynamic approach which takes into account both the context and the information that is available at that moment in time (e.g. Open data, Social Media, etc.). In my view, personal data should always be viewed in its own context, which is what the Koot algorithm does. If unique combinations often occur then you have a very high k = 1, which means that you can then easily link data to another file with a high k = 1. And then that data will no longer be anonymous but identifiable, albeit indirectly, and thus that it is personal data. The next step is to consider whether it is important to include in your research data precisely how old someone is (i.e. full date of birth), for example, or whether using a certain age category is sufficient. ‘
‘There is of course little law against conducting research with derivable personal data. But then you need to make agreements with the person who has provided his or her personal data about who will receive the information and who has control over it. If you intend to share your data it is important as a researcher that you think carefully about whether in reality you could also manage with an anonymized data set. It is about finding the right balance. And that is precisely what privacy legislation seeks to do – to put privacy in a personal context. So it is not so much about raising objections, but setting clear boundaries.’
‘No, unfortunately not. The concepts that currently underpin our legislation and which are reflected in the European Regulation are extremely useful but on much too small a scale. An example is that in the future it will only possible to conduct scientific research if the individual concerned has specifically given his or her consent. But given the upscaling in the use of data and the low level of awareness, I wonder whether this consent is the correct basis on which to meet the public interest of scientific research. Is it even possible for a private individual to have a clear overview of his or her privacy risks? Is a private individual the right person to hold sway over a collective interest? Privacy by design, like that afforded by k anonymity offers a better avenue in my opinion. In research this means that a researcher also has to think in advance about what type of data he or she needs and what questions he or she wants to have answered: data minimization. Beyond that, raising awareness about privacy is another important priority. There are still so many misunderstandings about the concept of privacy that it seems to have escalated out of all proportion. But I think that if we consider our autonomy to be important (which we do), this legislation will provide a vital basis for that. And if you ask me, it should remain that way too.
‘A CMIO (Chief Medical Information Officer) has recently been appointed at the University Medical Centre Groningen. The purpose of this role is that information in a hospital should be considered across disciplines and therefore not just from the narrow perspective of research, education or care. An Electronic Patient Dossier (EPD) for example, is not purely a technical or a legal matter. Patient data pervades the entire organization and therefore must be considered in this context. How do you make sure that the EPD is accessible for research in such a way that this does not interfere with the patient care, and that it is safeguarded at the same time. That is a consideration which you also have to approach dynamically. How data is used in a certain context and how this satisfies the requirements of the legislation is very much the task of the CMIO and a project like k anonymity fits in very well with that.’
De internationaal vermaarde econoom Thomas Piketty verzorgt op woensdag 23 mei van 15.15-17.30 een gastcollege aan de Faculteit Economie en Bedrijfskunde. Zijn lezing (in het Engels) gaat over groeiende ongelijkheid en globalisering. Het college is...
Agnes Schiphof, coördinator van de Green Office van de universiteit, spant zich in om de RUG duurzamer en de studenten en medewerkers bewuster te maken. En met succes.
Vermissing van een dierbare leidt in ongeveer de helft van de gevallen tot langdurige psychologische klachten bij achterblijvers. De kans op ontstaan van een langdurige rouwstoornis bij vermissing lijkt vijf keer groter dan na een natuurlijk overlijden...