Skip to ContentSkip to Navigation
About us News and events Kiosk

‘Not objections but clear boundaries!’

16 September 2015

Among her other activities, Marie-José is involved in the LifeLines project and several projects with (scientific) personal data in the University Medical Centre Groningen (UMCG). LifeLines is a large-scale population study of more than 165,000 people living in the north of the Netherlands. The UMCG is an academic hospital in Groningen. Both parties cooperate in the field of Healthy Ageing. Participants of the LifeLines-cohort from three generations are being followed for at least 30 years to learn more about how people can grow older in better health and what factors play an important part in the development and course of chronic disease.

Esther Hoorn, LL.M
Esther Hoorn, LL.M

Esther Hoorn, lawyer at the University of Groningen, asked Marie-José how thinking about data management in an early stage of a research project can help also to consider innovative approaches to privacy issues. Lawyers are renowned for raising objections, but Marie-José Bonthuis is not that type of person. She studied Law and IT at Groningen and has a clear vision of the duties of an IT lawyer.

Marie-José is working on various creative ways to help improve work processes by taking privacy protection more fully into account. She is involved in a theatre project for secondary schools, for example: Like Me and Hacker in de klas [A hacker in your class] . She is also writing a thesis about privacy in supply chain management. The implementation of privacy principles in current legislation appears to have been based on small-scale concepts such as consent and purpose limitation. In an information society that increasingly makes use of large-scale concepts such as chains and big data, however, a revision of the privacy framework is needed. In her research Marie-José uses the supply chain automation method .

How are you involved with privacy and data management in LifeLines ?

‘As the person responsible for data protection I oversee the processing of personal data. A lot of anonymized data is used in the LifeLines research: making use of k anonymity . I was asked to join the LifeLines project because of the thesis I wrote in 2007 on the EPD (Electronic Patient Dossier). And then you quickly become known in the North as the legal expert who knows all about handling patient data in a responsible manner. In 2012, I came across a thesis by Matthijs Koot about how to use k anonymity to measure and predict the risk of re-identification of anonymized data. When I joined LifeLines I wanted to know how to anonymize information that had been provided voluntarily as well as the patient data linked to it. The independent advisory and consultative body of European privacy authorities, the Article 29 Working Group , had just written an advisory report on anonymization techniques. Everything fell into place: this document together with Koot’s thesis on how to tackle the technical aspects. An innovative approach was developed from these two different worlds and on that basis we could begin a pilot study. And as it turned out, at the University there was a lot of interest in this for projects using sensitive data.’

Marie-José Bonthuis, LL.M
Marie-José Bonthuis, LL.M

How does k anonymity work in this context?

‘It is an algorithm which can be used to determine when a piece of data or a data combination in a given data set can be considered unique (and only indirectly derivable). The principle is that the data is anonymous, and cannot be derived on the basis of a static method. This method requires a dynamic approach which takes into account both the context and the information that is available at that moment in time (e.g. Open data, Social Media, etc.). In my view, personal data should always be viewed in its own context, which is what the Koot algorithm does. If unique combinations often occur then you have a very high k = 1, which means that you can then easily link data to another file with a high k = 1. And then that data will no longer be anonymous but identifiable, albeit indirectly, and thus that it is personal data. The next step is to consider whether it is important to include in your research data precisely how old someone is (i.e. full date of birth), for example, or whether using a certain age category is sufficient. ‘

But what if that obstructs the research?

‘There is of course little law against conducting research with derivable personal data. But then you need to make agreements with the person who has provided his or her personal data about who will receive the information and who has control over it. If you intend to share your data it is important as a researcher that you think carefully about whether in reality you could also manage with an anonymized data set. It is about finding the right balance. And that is precisely what privacy legislation seeks to do – to put privacy in a personal context. So it is not so much about raising objections, but setting clear boundaries.’

Do you expect that the forthcoming European Regulation will provide ready answers for research using personal data?

‘No, unfortunately not. The concepts that currently underpin our legislation and which are reflected in the European Regulation are extremely useful but on much too small a scale. An example is that in the future it will only possible to conduct scientific research if the individual concerned has specifically given his or her consent. But given the upscaling in the use of data and the low level of awareness, I wonder whether this consent is the correct basis on which to meet the public interest of scientific research. Is it even possible for a private individual to have a clear overview of his or her privacy risks? Is a private individual the right person to hold sway over a collective interest? Privacy by design, like that afforded by k anonymity offers a better avenue in my opinion. In research this means that a researcher also has to think in advance about what type of data he or she needs and what questions he or she wants to have answered: data minimization. Beyond that, raising awareness about privacy is another important priority. There are still so many misunderstandings about the concept of privacy that it seems to have escalated out of all proportion. But I think that if we consider our autonomy to be important (which we do), this legislation will provide a vital basis for that. And if you ask me, it should remain that way too.

Have there been other innovations at University Medical Centre Groningen?

‘A CMIO (Chief Medical Information Officer) has recently been appointed at the University Medical Centre Groningen. The purpose of this role is that information in a hospital should be considered across disciplines and therefore not just from the narrow perspective of research, education or care. An Electronic Patient Dossier (EPD) for example, is not purely a technical or a legal matter. Patient data pervades the entire organization and therefore must be considered in this context. How do you make sure that the EPD is accessible for research in such a way that this does not interfere with the patient care, and that it is safeguarded at the same time. That is a consideration which you also have to approach dynamically. How data is used in a certain context and how this satisfies the requirements of the legislation is very much the task of the CMIO and a project like k anonymity fits in very well with that.’

Can you summarize in two sentences what you consider to be important in relation to privacy and data management?

‘Privacy is something which needs to be seen in a context. The supply chain automation method of Jan Grijpink, Professor of Information Science at the University of Utrecht, is useful here. In his view you do not need to know everything, you need only look for a strategy. In order to get the right answer you first have to have the right question, the answer will not simply appear at the top of your large pile of data. It is simply an illusion to think that, in my view. This idea of data minimization will therefore be introduced at an early stage of the research. Conversely, privacy should not have the effect of throwing up barriers. That is something I also want to work on over the next few years.’
Last modified:24 January 2020 09.33 a.m.

More news