Last modified by melissargos on 2024/10/11 18:12
From version 25.1
edited by melissargos
on 2024/10/11 18:12
Change comment: There is no comment for this version
To version 19.2
edited by melissargos
on 2024/10/11 17:49
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -16,7 +16,6 @@
16 16  
17 17  * HIP User Account creation
18 18  * GDPR compliant data processing on the HIP
19 -* Data Governance Principles
20 20  * HIP GDPR compliance assessment
21 21  
22 22  [[image:image-20241008135218-1.png]]
... ... @@ -23,32 +23,34 @@
23 23  
24 24  //**Figure 1:** Landing page of the Human Intracerebral EEG Platform HIP//
25 25  
25 +
26 26  == HIP User Account creation ==
27 27  
28 28  **Prerequisite – Step 1**: Access to the HIP requires a registered **EBRAINS user account**, which needs to be permitted and authenticated. EBRAINS user accounts are available to users with a legitimate interest (mainly research and development) from Europe and beyond.
29 29  
30 -Request an EBRAINS user account: [[https:~~/~~/www.ebrains.eu/page/sign-up>>url:https://www.ebrains.eu/page/sign-up]]
30 +**Request an EBRAINS user account**: [[https:~~/~~/www.ebrains.eu/page/sign-up>>url:https://www.ebrains.eu/page/sign-up]]
31 31  
32 32  The HIP endeavours to comply with national and international laws and regulations, comprising principles such as intellectual property rights and the protection of privacy, ethical considerations and security regulations when designing rules and conditions for Access and the use of the platform.
33 33  
34 -**Platform Access – Step 2 : **Only **EBRAINS authorised Users** can request access to the HIP. Currently, accreditation for this access is managed by the CHUV Leadership, oversight is granted by the Data Governance Steering Committee.
34 +**Platform Access – Step 2 : **Only **EBRAINS authorised Users** can request access to the HIP. In the initial phase, accreditations are managed by the CHUV Leadership, oversight is granted by the Data Governance Steering Committee.
35 35  
36 -Before the User tries to **log into the HIP** **with their EBRAINS account** he **HAS TO** request HIP accreditation by contacting either EBRAINS support at [[support@ebrains.eu>>path:mailto:support@ebrains.eu]], who will forward the request to the HIP team, by contacting directly [[support@thehip.app>>path:mailto:support@thehip.app]], which is the HIP specific support email or alternatively, or by contacting the HIP team via the EBRAINS website: [[https:~~/~~/www.ebrains.eu/tools/human-intracerebral-eeg-platform>>url:https://www.ebrains.eu/tools/human-intracerebral-eeg-platform]]
36 +The User tries to **log into the HIP** **with their EBRAINS account** and then **HAS TO** request access to the HIP by contacting either EBRAINS support at [[support@ebrains.eu>>path:mailto:support@ebrains.eu]], who will forward the request to the HIP team, by contacting directly [[support@thehip.app>>path:mailto:support@thehip.app]], which is the HIP specific support email or alternatively, or by contacting the HIP team via the EBRAINS website: [[https:~~/~~/www.ebrains.eu/tools/human-intracerebral-eeg-platform>>url:https://www.ebrains.eu/tools/human-intracerebral-eeg-platform]]
37 37  
38 -Accredited users access the HIP through a web-based interface** [[https:~~/~~/thehip.app/login>>https://thehip.app/login]]**, which will provide them with access to all the available tools and relevant own or shared data.
38 +Users are mandated to accept the **HIP Terms of Use** and are required to accept the **EBRAINS Terms and Policies** [[https:~~/~~/www.ebrains.eu/page/terms-and-policies>>url:https://www.ebrains.eu/page/terms-and-policies]], to indicate acceptance and compliance with all applicable laws, regulations, rules, and approvals in the use and sharing of the data, including, but not limited to, the General Data Protection Regulation (GDPR).
39 39  
40 -Upon login, users are mandated to accept the **HIP Terms of Use** and are required to accept the **EBRAINS Terms and Policies** [[https:~~/~~/www.ebrains.eu/page/terms-and-policies>>url:https://www.ebrains.eu/page/terms-and-policies]], to indicate acceptance and compliance with all applicable laws, regulations, rules, and approvals in the use and sharing of the data, including, but not limited to, the General Data Protection Regulation (GDPR).
40 +Accredited users access the HIP through a web-based interface [[https:~~/~~/thehip.app/login>>https://thehip.app/login]], which will provide them with access to all the available tools and relevant own or shared data.
41 41  
42 42  == GDPR-compliant Data Processing on the HIP ==
43 43  
44 -(% style="height:1029px; width:834px" %)
45 -|(% style="width:5px" %) |(% style="width:882px" %)[[image:image-20241010130312-1.jpeg||height="987" width="806"]]
44 +(% style="width:878px" %)
45 +|(% style="width:5px" %)
46 +|(% style="width:5px" %) |(% style="width:882px" %)[[image:image-20241010130312-1.jpeg||height="974" width="796"]]
46 46  
47 47  **Figure 2: Data Flow on the HIP: **(% class="small" %) //This diagram depicts the different legal and regulatory steps to be taken to be allowed to upload data to the institutional private space of the HIP, the process of creating a collaborative project, and the step of putting anonymised data into the public space.//
48 48  
49 49  **Terminologies: (% class="small" %)//Project Leader //(%%)**(% class="small" %)//– HIP User initiating and responsible for a collaborative project; **Project Member** – HIP User accredited to contribute to a collaborative project; **Data Controller** - The natural or legal person who determines the purposes and means of the processing of personal data provided; **DTA **– Data Transfer Agreement; **DPIA -** Data Privacy Impact Assessment//
50 50  
51 -== Data Governance Principles ==
52 +Data Governance Principles
52 52  
53 53  (% style="color:#000000" %)**Acquisition:**(%%) Data will be collected by the physicians or clinical researchers during clinical routine or within the framework of a scientific study based on specific research protocols, approved by the corresponding local and national ethical bodies. This includes that Participants consented to the procedure undertaken to collect their data by signature of an informed consent or consented to the re-use of their data for research purposes, according to EU data protection legislation, also by signature of an explicit consent for use or reuse of their data in research projects.
54 54  
... ... @@ -67,8 +67,9 @@
67 67  (% style="color:#000000" %)**Fair data:** (%%)Integration of the EBRAINS Knowledge Graph and implementation of data curation workflows are being under preparation to improve FAIRness of data on the HIP, making the metadata accessible and findable, thus fostering new collaborations.
68 68  
69 69  (% style="color:#000000" %)**Public data:**(%%) Data Controllers might wish to make their data public, which will require anonymisation of the data and transferring them to the HIP public space. Relevant ethical approval needs to be provided. Thereafter, the Data Controllers will have no more control on how, and by whom, the public data might be used, including in terms of scientific publications and authorship. Requirements for appropriate acknowledgment together with the attributed license will be published alongside the public dataset in the EBRAINS Knowledge Graph.
70 -
71 71  
72 +
73 +(% style="color:#000000" %)**Public data:**(%%) Data Controllers might wish to make their data public, which will require anonymisation of the data and transferring them to the HIP public space. Relevant ethical approval needs to be provided. Thereafter, the Data Controllers will have no more control on how, and by whom, the public data might be used, including in terms of scientific publications and authorship. Requirements for appropriate acknowledgment together with the attributed license will be published alongside the public dataset in the EBRAINS Knowledge Graph.
72 72  **Summary of legal steps to be followed, depending on the purpose of the processing or project:**
73 73  
74 74  * Patient consent for usage of data for research purposes (specific, general, re-use)
... ... @@ -78,6 +78,7 @@
78 78  * Collaboration Agreement
79 79  * Data Use agreement
80 80  
83 +(% class="wikigeneratedid" %)
81 81  == ==
82 82  
83 83  == HIP GDPR compliance assessment ==
... ... @@ -85,7 +85,7 @@
85 85  
86 86  [[image:image-20241010130312-2.png||height="398" width="401"]]
87 87  
88 -(% class="small" %)//Illustration from:** **//[[(% class="small small small small small small small small small small small small small small" %)//GDPR - Back to Basics | URM Consulting//>>url:https://www.urmconsulting.com/blog/gdpr-back-to-basics#Section-3]]
91 +(% class="small" %)//Illustration from:** **//[[(% class="small small small small small small small small" %)//GDPR - Back to Basics | URM Consulting//>>url:https://www.urmconsulting.com/blog/gdpr-back-to-basics#Section-3]]
89 89  
90 90  
91 91  Several aspects are crucial for demonstrating GDPR compliance. Hereunder is a compliance assessment for the HIP, based on the GDPR core principles:
XWiki.XWikiRights[3]
Allow/Deny
... ... @@ -1,1 +1,0 @@
1 -Allow
Levels
... ... @@ -1,1 +1,0 @@
1 -view
Users
... ... @@ -1,1 +1,0 @@
1 -XWiki.XWikiGuest