V2 June 2016, Daan Broeder (EUDAT), Wolfgang Kuchinke (ECRIN) 
 
The EUDAT infrastructure initiative is a consortium of several major European data & computing centers and research community centers as well as organizations that are working towards an interoperable layer of common data services and a common model for managing data. EUDAT is currently funded by the Horizon 2020 EUDAT2020 project, with the task to initiate and support working groups comprising research communities and EUDAT experts to collaborate on investigating specific data management challenges and their solution by developing and testing new technologies.
 
Problem statement
Although the large majority of researchers support open data policies, it is not practical to expect that all research data can always be made openly available. Open access is prevented by a variety of reasons, as there are: legal and privacy restrictions, data protection directives, prevention of unauthorized use, ethical reasons etc. In this context, the term “sensitive data” is used for data that needs special protection going beyond what is commonly used for legal ownership, and that can only be made available under certain conditions, like after informed consent or anonymization, and under an obligation to provide sufficiently strong access protection against any unauthorized user. Unfortunately, most research infrastructures and the supporting e-Infrastructures have only limited facilities to support such sensitive data. 
 
EUDAT Working Group
The purpose of the proposed “EUDAT Working Group on Sensitive Data” is to investigate the different requirements of communities related to sensitive data, like: necessary levels of protection, different types of consent, different anonymization procedures, use of isolated work spaces, and levels of identity assurance. Next to that, we want to inventarise technologies that could help address these requirements and are within the scope of EUDAT offering data management services to communities. 
EUDAT is aware that different communities as ECRIN, ELIXIR and BBMRI are facing challenges in this respect and are looking for solutions. We are specifically looking for collaboration with experts from those communities to develop solutions that may be employed by them. 
 
Tentative workplan
Start working on minimally two documents: 
 
1. High level requirements document 
  • protection levels, including the usefulness of encryption.
  • differences between legal systems and special regulations to consider, although EC regulations (Data Protection Directive, The EU General Data Protection Regulation, etc.) will be leading. 
  • informed consent definitions 
  • required types anonymization 
 
2. Applicable technology inventory 
  • what is available and currently used especially by the communities 
  • what is within EUDAT scope and can be integrated in or offered as a services 
 
In addition, we will investigate future mid-term collaboration and common service developments by common community & EUDAT project proposals or have EUDAT develop and operate special services on behalves of the communities. 
 
Timeline: at least two documents on requirements and technology inventarization and appraisal should be produced within 6 months with discussion and requirements transfer to the EUDAT technical commission for discussion. EUDAT has as part of task 4.3 resources available to organise meetings with community experts and will provide for the above mentioned tasks the necessary resources. 
 
Desired Outcomes
Outcomes of this working group can be documentation and requirement specifications, proof of concept implementations and a roadmap for EUDAT service development. The interaction between EUDAT and communities and the knowledge transfer will be additional key outcomes. The working group will invite community experts and EUDAT technology experts to exchange information and to jointly work on solutions. 
 
Meetings: