Master's thesis: Data Protection - Compliance in Decentralized Data Processing

Join a cutting-edge project at the intersection of AI and privacy regulation, which explores compliance with GDPR, EHDS, and the EU AI Act in decentralized data processing built on privacy-by-design principles.

Background
In today’s digital landscape, data privacy is of paramount importance. Regulatory frameworks such as the General Data Protection Regulation (GDPR), European Health Data Space (EHDS), and the upcoming EU AI Act set stringent requirements for data protection and privacy. Decentralized data processing, supported by privacy-enhancing technologies like secure aggregation and differential privacy, offers a promising solution to these challenges.

The SARDIN project, funded by Vinnova, is a collaborative effort between RISE and public healthcare providers to develop an open-source platform for distributed data analysis and federated machine learning. This platform, built on privacy-by-design principles, integrates advanced audit and reporting functionalities to ensure compliance with emerging regulations and facilitate secure, efficient data sharing, ultimately promoting innovation and improved healthcare outcomes.

Problem statement 
The project aims to address the regulatory requirements for decentralized data processing and the automation of audit reporting. This involves analysing the roles and responsibilities of organizations participating in decentralized analysis of health data, including the need to record all data processing activities and decisions made by system approvers.

Thesis Project Description
This Master’s thesis project will delve into the compliance aspects of GDPR, EHDS, and the EU AI Act as they pertain to a decentralized data processing platform. The student will focus on the SARDIN project, examining the specific roles and responsibilities of participating organizations. The primary objective will be to identify and document the requirements for recording data processing activities and to develop methods for automating the creation of comprehensive project audit reports.

Key Responsibilities

• Literature Review: Conduct a literature review on privacy risk in decentralized data processing.
• Regulatory Framework: Review relevant regulations, including the GDPR, EHDS, and the EU AI Act. Review ongoing court cases and regulatory sandbox studies related to data privacy.
• Methodology: Evaluate current methodologies for ensuring compliance in decentralized data processing platforms, including strategies for automating privacy audit reporting.
• Reporting: Document your work in a scientific report. Optionally, publish your results as an article.

Qualifications

• Strong interest in AI, data protection, and regulatory compliance.
• Background in law or engineering.
• Ability to work independently and collaboratively within a team.

Terms
Scope: 30 hp, one semester full time, with flexible starting date.
Location: Luleå. 
Benefits: A scholarship of 30,000 SEK is granted upon approval of the final report.

Welcome with your application
For questions and further information regarding this project opportunity contact Rickard Brännvall, rickard.brannvall@ri.se, +46 730-753 713. Last application date: November 30, 2024.

Keywords: Law, Computer Science, Industrial Economics, Data Privacy, AI Regulation and Compliance