GDPR/Open Science Compliance in Scientific Research

Interested to know more on the EU’s General Data Protection Regulation (GDPR) and Open Science compliance arising from the processing activities performed through HPC from the perspective of the HPC platform operators ?

Then check out our latest paper [1] to appear as part of the EU Annual Privacy Forum (APF) 2021 (LNCS 12703, pp. 124–142)!

This article is a wrap-up of the work I’ve done with Ludovica Paseri, a brilliant PhD. student from the University of Bologna with a strong legal backgroung when she visited us at the occasion of the LAST-JD program. We used the ULHPC Facility as a concrete use case for this compliance study, and challenging legal expectations with technical expertise counter-arguments was a very fruitful reflexion.

Data processing interactions for HPC workflows on the ULHPC facility [1]

   Protection of Personal Data in High Performance Computing Platform for Scientific Research Purposes

1. L. Paseri, S. Varrette, and P. Bouvry, “Protection of Personal Data in High Performance Computing Platform for Scientific Research Purposes,” in Proc. of the EU Annual Privacy Forum (APF) 2021, Online Event, 2021, vol. 12703, pp. 123–142.
   
   BibTeX doi Abstract
   ×

   BibTeX

   @inproceedings{PVB_APF21,
     author = {Paseri, L. and Varrette, S. and Bouvry, P.},
     title = {{Protection of Personal Data in High Performance Computing Platform for Scientific Research Purposes}},
     booktitle = {Proc. of the EU Annual Privacy Forum (APF) 2021},
     year = {2021},
     series = {Lecture Notes in Computer Science (LNCS)},
     publisher = {Springer International Publishing},
     volume = {12703},
     pages = {123-142},
     month = jun,
     address = {Online Event},
     url = {https://privacyforum.eu/},
     isbn = {978-3-030-76662-7},
     doi = {10.1007/978-3-030-76663-4_7}
   }
   

Abstract:

The Open Science projects are also aimed at strongly encouraging the use of Cloud technologies and High Performance Computing (HPC), for the benefit of European researchers and universities. The emerging paradigm of Open Science enables an easier access to expert knowledge and material; however, it also raises some challenges regarding the protection of personal data, considering that part of the research data are personal data thus subjected to the EU’s General Data Protection Regulation (GDPR). This paper investigates the concept of scientific research in the field of data protection, with regard both to the European (GDPR) and national (Luxembourg Data Protection Law) legal framework for the compliance of the HPC technology. Therefore, it focuses on a case study, the HPC platform of the University of Luxembourg (ULHPC), to pinpoint the major data protection issues arising from the processing activities through HPC from the perspective of the HPC platform operators. Our study illustrates where the most problematic aspects of compliance lie. In this regard, possible solutions are also suggested, which mainly revolve around (1) standardisation of procedures; (2) cooperation at institutional level; (3) identification of guidelines for common challenges. This research is aimed to support legal researchers in the field of data protection, in order to help deepen the understanding of HPC technology’s challenges and universities and research centres holding an HPC platform for research purposes, which have to address the same issues.