The main purpose of this document is to provide a useful description of the safety and security standards, procedures and technologies for the collection, transmission, storage and processing of personal data, that are adopted or taken into account by the OCTAVE project in developing its platform, in designing its connections to the End-User Applications, and in dealing with sensitive data and privacy of the ‘data subjects’ i.e. all persons that will be involved in laboratory tests or in on-field trials.This document provides:
- a brief introduction concerning the benefits and dangers implied in the use of the biometric data for authentication (uniqueness);
- a recap of the “Data Management Requirements” (D8.2);
- a brief discussion on the importance of embedding the seven principles of Privacy by Design in the Architecture (background, theory);
- a brief description of ISO/IEC 27001 standard – Information security management;
- a brief description of the roles of Controller and Processor, and an explanation of how and why the definition have been applied to each of the Partners;
- a recap of the rules concerning the processing of biometric data laid down by the General Data Protection Regulation (GDPR), with a focus on the security actions to be considered “appropriate to the risk” – (in particular pseudonymisation and encryption of personal data);
- a deep, complete description of the technical framework including, among others the PET (Privacy Enhancing Technologies) and the OpenID Connect standard;
- and, an overview of a selection of PETs that may be applied for SEA and Findomestic use Cases, namely anonymisation/revocability, multiple identity and linkability restriction.
Source: WP 5 Standards and Procedures for Personal Data Protection
Dissemination level: Confidential. A public version of this report is available as Deliverable D57.