Germany: BFARM: “Prüfkriterien für die von digitalen Gesundheitsanwendungen (DiGA) und digitalen Pflegeanwendungen (DiPA) nachzuweisenden Anforderungen an den Datenschutz Version 0.1 vom 09.08.2022”

“Prüfkriterien für die von digitalen Gesundheitsanwendungen (DiGA) und digitalen Pflegeanwendungen (DiPA) nachzuweisenden Anforderungen an den Datenschutz Version 0.1 vom 09.08.2022”
https://www.bfarm.de/SharedDocs/Downloads/DE/Medizinprodukte/diga-dipa-datenschutzkriterien.pdf;jsessionid=49CAEA4BE514F3061B395919BF48589D.intranet671?__blob=publicationFile

unter:
https://www.bfarm.de/DE/Medizinprodukte/Aufgaben/DiGA-und-DiPA/Datenschutzkriterien/_node.html

mit heise Artikel: https://www.heise.de/news/eHealth-Mehr-Datenschutz-fuer-digitale-Gesundheits-und-Pflegeanwendungen-7260944.html

CJEU, C‑184/20, “data that are liable INDIRECTLY to reveal sensitive information.. is not excluded from the strengthened protection regime

CJEU, C‑184/20, “data that are liable INDIRECTLY to reveal sensitive information concerning a … person is not excluded from the strengthened protection regime [Art. 9] since such exclusion might well compromise the effectiveness of that regime”

https://curia.europa.eu/juris/document/document.jsf?text=&docid=263708&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=313150

Germany: SDM: B1 Key data protection requirements of the GDPR

  • B1.1 Transparency for data subjects
  • B1.2 Purpose limitation
  • B1.3 Data minimisation
  • B1.4 Accuracy
  • B1.5 Storage Limitation
  • B1.6 Integrity
  • B1.7 Confidentiality
  • B1.8 Accountability and Verifiability
  • B1.9 Identification and Authentication
  • B1.10 Support in the exercise of data subjects’ rights
  • B1.11 Rectification of data
  • B1.12 Erasure of data
  • B1.13 Restriction of data processing
  • B1.14 Data portability
  • B1.15 Possibility to intervene in processes of automated decisions
  • B1.16 Freedom from error and discrimination in profiling
  • B1.17 Data protection by Default
  • B1.18 Availability
  • B1.19 Resilience
  • B1.20 Recoverability
  • B1.21 Evaluability
  • B1.22 Remedy and Mitigation of Data Protection Breaches
  • B1.23 Adequate Supervision of Processing
  • B2 Consent Management
  • B3 Implementation of Supervisory Orders

Source: https://www.datenschutzzentrum.de/uploads/sdm/SDM-Methodology_V2.0b.pdf

ICO: draft guidance on Privacy Enhancing Technologies (PET)

https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/09/ico-publishes-guidance-on-privacy-enhancing-technologies/

Draft document: https://ico.org.uk/media/about-the-ico/consultations/4021464/chapter-5-anonymisation-pets.pdf

Whats PETs are there?

  • Homomorphic encryption (HE)
  • Secure multiparty computation (SMPC)
  • Private set intersection (PSI)
  • Federated learning
  • Trusted execution environments
  • Zero-knowledge proofs
  • Differential privacy
  • Synthetic data