⚒ Exploring a BIDS-DID Specification for Research Participant Data Self-Sovereignty #5
Description
Exploring a BIDS-DID Specification for Research Participant Data Self-Sovereignty
Regulatory Background
The General Data Protection Regulation (GDPR) provides a high level of protection for health and genetic data (Article 9), the conditions for consent (Article 7), defines individual rights of data subjects (Articles 13-22), and describes mechanisms for data subjects to enforce their rights (Articles 77-84).
The collection and banking of large datasets must be justified by the societal benefit and balanced against respect for dignity, autonomy, privacy, and confidentiality of individuals. Researchers must show that data cannot lead to "re-identifiability" and must describe procedures to protect users and allow them to opt-out of research projects that violate a person's ethical beliefs (discrimination, profiling, unethical weapons, marginalization).
Self-Sovereign and Decentralized Identity
A decentralized identity (DID) can streamline scientific human subjects research by allowing users to grant/revoke access to data collected under their DID. The Brain Imaging Data Structure (BIDS) provides clarity for data interoperability between research studies. However, the current specification leaves use-rights and licenses in the hands of the researchers/institutions sharing the data.
Specific goal
In this project, we will explore the feasibility of integrating existing DID frameworks with the BIDS specification to enable GDPR-compliant sharing of datasets. The milestones for this project are outlined below!
- Summarize GDPR regulations relevant to collecting neuroimaging data from human subjects
- Outline a revision to the BIDS specification to include DID tagging of participant data
- Outline a schema for a BIDS-compatible identity index
- Design a UI for uploading encrypted personal data to distributed cloud storage (IPFS)
- Implement Data Permissions Access/Revocation with 3box profiles API
- Demonstrate execution of a BIDS-app with confidential cloud computing on BIDS-DID dataset.
Skills required to participate
The only requirement is an interest to learn more about GDPR in the age of Web 3.0, DID, federated learning, and confidential cloud computing!
Preparation material
IDX: Identity protocol for Open Applications
IDX Specification
3box Profiles Documentation
3box Storage Documentation
Infura for IPFS Data Storage
BIDS Specification
GDPR and the research exemption
More information
This project is an extension of a previous hack-a-thon project to build open-source toolkits for decentralized science (De-Sci).
Communication
Join us on Discord
