The Importance of Data Protection for Critical Infrastructures
SUNRISE Celebrates European Data Protection Day
Friday 27th January 2023
This Saturday the 28th of January marks European Data Protection Day in the European Union. To provide some context, the Council of Europe decided to launch a Data Protection Day in 2006 to be celebrated each year on 28 January, the date on which the Council of Europe’s data protection convention, known as “Convention 108”, was opened for signature. Data Protection Day is now celebrated globally and is called Privacy Day outside Europe. On this date, governments, parliaments, national data protection bodies, researchers and more carry out activities to raise awareness about the rights to personal data protection and privacy (Council of Europe, 2022).
Many of our vital services (energy, water, health etc.) require the use of personal data to operate and today, the term critical infrastructure goes beyond physical roads and energy grids to include data infrastructures. Data infrastructures are defined as ‘a digital infrastructure that is known for promoting data consumption and sharing. A strong data infrastructure enhances the efficiency and productivity of the environment in which it is employed, increasing the collaboration and interoperability’ (Techopedia, 2023). With this in mind, it’s essential for society’s data collectors to enable responsible data use to create a better world and protect fundamental human rights.
SUNRISE is an EU-funded Horizon Europe project that aims to strengthen the availability, reliability and continuity of critical infrastructures across the EU that are affected by pandemics and other major threats. With 41 partners in the SUNRISE consortium, each using various research methods with critical infrastructure experts that are internal and external to the project, ethics and data protection is essential to meeting the project’s goal.
Gathering, storing and processing data collected from individuals generate considerable social and economic benefits. These benefits include greater everyday access to goods and services; but they also extend to enhanced pandemic preparedness and the kind of critical infrastructure resilience that the SUNRISE project seeks to enhance.
However, the benefits of data collection, processing and storage must be balanced against the rights of the individuals from whom this data is collected and the weighty interests that these individuals have in their autonomy, privacy and protection from harms associated with the data being used improperly or falling into the wrong hands. We all have an interest in ensuring that we have some meaningful control over genuinely private information.
These individual rights and interests are acknowledged in the EU General Data Protection Regulation (GDPR) and the corresponding legal duties that the organisations collecting, processing and storing data have. The duties include ensuring that meaningful consent is obtained in the collection of this data; being open about how data is to be used before consent is given; deidentifying the data; storing it securely so that it cannot be seen by unauthorised audiences; and, finally, disposing of it once the purposes of collecting it are achieved.
Projects like SUNRISE are designed with the protection of the autonomy and privacy interests of individuals very much in mind. Novel technological solutions to the secure storage of data and access to data is a big part of this project and, as in other research projects funded by the European Commission, GDPR compliance is baked into its operations.
In addition, EU research projects will typically have an ethics specialist as a contributing partner to the consortium. In SUNRISE, this partner is the University of Warwick who advises on the ethics of data collection in the project such as its various national and regional workshops as well as the ethical risks that may be associated with the technology developed in the project.
Further information on the SUNRISE tools and strategies and their pilot applications will become available on this website as the project develops. In the meantime, follow our story on social media via Twitter and LinkedIn.
Author: Jethro Butler, University of Warwick
References
- Council of Europe: 28 January – Data Protection Day [online]. Accessed 25.01.2023. Available at: https://www.coe.int/en/web/portal/28-january-data-protection-day
- Techopedia: Data Infrastructure [online]. Accessed 26.01.23. Available at: https://www.techopedia.com/definition/31682/data-infrastructure