Last modified by melissargos on 2024/10/11 18:22
From version 22.1
edited by bschaffha
on 2024/10/10 14:36
Change comment: There is no comment for this version
To version 25.1
edited by bschaffha
on 2024/10/11 16:21
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -40,13 +40,12 @@
40 40  
41 41  == Creation of a MIP User Account ==
42 42  
43 -**Prerequisite – Step 1**: Access to the MIP requires an **EBRAINS user account, **which needs to be permitted and authenticated. EBRAINS user accounts are available to users with a legitimate interest (mainly research and development) from Europe and beyond.
43 +**Prerequisite – Step 1**: Access to the MIP requires an EBRAINS user account, which needs to be permitted and authenticated. EBRAINS user accounts are available to users with a legitimate interest (mainly research and development) from Europe and beyond.
44 44  
45 -**Request an EBRAINS user account**: [[https:~~/~~/www.ebrains.eu/page/sign-up>>url:https://www.ebrains.eu/page/sign-up]]
46 -The EBRAINS user account allows users to directly access the **Public MIP** ([[https:~~/~~/mip.ebrains.eu/>>url:https://mip.ebrains.eu/]]) with no further accreditation being required.
47 -EBRAINS authorised Users with an active EBRAINS account can request access to a specific federation by contacting [[support@ebrains.eu>>path:mailto:support@ebrains.eu]], who will forward the specific request to the MIP Management team.
45 +Request an EBRAINS user account: [[https:~~/~~/www.ebrains.eu/page/sign-up>>url:https://www.ebrains.eu/page/sign-up]]
46 +The EBRAINS user account allows users to directly access the Public MIP ([[https:~~/~~/mip.ebrains.eu/>>url:https://mip.ebrains.eu/]]) with no further accreditation being required.
48 48  
49 -Users can also get in direct contact with the MIP team via the online form on the **EBRAINS website**: [[https:~~/~~/www.ebrains.eu/tools/medical-informatics-platform>>url:https://www.ebrains.eu/tools/medical-informatics-platform]]
48 +**Access to a specific federation – Step 2:** EBRAINS authorised Users with an active EBRAINS account can request access to a specific federation by contacting [[support@ebrains.eu>>path:mailto:support@ebrains.eu]], who will forward the specific request to the MIP Management team. Users can also get in direct contact with the MIP team via the online form on the EBRAINS website: [[https:~~/~~/www.ebrains.eu/tools/medical-informatics-platform>>url:https://www.ebrains.eu/tools/medical-informatics-platform]]
50 50  
51 51  The Data Science Steering Committee (DSSC) of the specific federation will be involved in the accreditation process to receive access approvals.
52 52  
... ... @@ -54,6 +54,7 @@
54 54  
55 55  Upon login to the MIP, users are mandated to accept the Terms of Use of the MIP. Accredited users access the MIP through a web-based interface, which will provide them with access to the respective federation on the MIP.
56 56  
56 +
57 57  == MIP Data Governance ==
58 58  
59 59  [[image:1728560441625-436.png]]
... ... @@ -67,12 +67,10 @@
67 67  === //MIP and data anonymisation// ===
68 68  
69 69  
70 -**Note**: (% style="color:#27ae60" %)**The MIP is handling anonymised data.**(%%) The definition for anonymisation (//ISO standard (ISO 29100:2011)//) of personal data is the process of encrypting or removing personally identifiable data from datasets so that a person can no longer be identified directly or indirectly (see also **Recital 26 of the GDPR)**. As soon a person cannot be re-identified the data is no longer considered personal data and the GDPR does not apply for further use.
70 +**Note**: (% style="color:#27ae60" %)**The MIP is handling anonymised data.**(%%) The definition for anonymisation (//ISO standard (ISO 29100:2011)//) of personal data is the process of encrypting or removing personally identifiable data from data so that a person can no longer be directly or indirectly identified (see also **Recital 26 of the GDPR)**. As soon a person cannot be re-identified the data is no longer considered personal data and the GDPR does not apply for further use.
71 71  
72 -However, processing personal data **for the purpose to anonymise the data** is still processing that must have a **legal basis under Article 6 of GDPR**. The anonymisation process is what is known as “**further processing**”. As such the new processing must be compliant with the principle of purpose limitation. Most often, the legal basis of the controller’s/processor’s fulfilling contract or legitimate interest will apply, if the principles of collection, purpose, retention have been complied with.
72 +However, processing personal data **for the purpose of anonymisation** is still processing that must have a **legal basis under Article 6 of GDPR**. The anonymisation process is defined as “**further processing**” and this processing must be compliant with the principle of purpose limitation. The process of data anonymisation can be used to improve data protection compliance, e.g., as part of the “**privacy by design**” strategy, with the goal to improve the protection of the processed data; or as part of the “**data minimisation**” strategy, where data can be anonymised and used without the risk of harming the data subjects.
73 73  
74 -The process of anonymization can be used to improve data protection compliance in two main ways: i.e., as part of the “**privacy by design**” strategic work, with the goal to improve the protection of the processed data; or as part of the “**data minimisation**” strategy – where data can be anonymized and used without the risk of harming the data subjects.
75 -
76 76  (% style="color:#27ae60" %)**Both strategies are followed by the MIP.**
77 77  
78 78  === MIP concepts and definitions ===
... ... @@ -158,6 +158,16 @@
158 158  (% style="color:#27ae60" %)**Data Transfers (Articles 44-50)**
159 159  
160 160  The MIP ensures that any data transfers comply with GDPR’s requirements for international data transfers. This is achieved using DTAs and DSAs, ensuring that data transferred across borders is protected under equivalent data protection standards. If data is transferred, secure file transfer solutions are used.
159 +
160 +**Summary of legal steps to be followed, depending on the purpose of the processing or project:**
161 +
162 +* Patient consent for usage of data for research purposes (specific, general, re-use, anonymisation)
163 +* Ethical clearance for research projects and planned processing
164 +* (% style="color:#c0392b" %)//DPIA * under preparation//
165 +* Data Transfer agreement or Data Sharing Agreement
166 +* Collaboration Agreement
167 +* Data Use agreement
168 +* MIP Installation Agreement
161 161  )))
162 162  )))
163 163