Modelling Privacy Threats of Medical Data and Health Data Spaces

  • Panel
  • Class Room
  • Wednesday 21.05 — 11:50 - 13:05

Organising Institution

Karlsruhe Institute of Technology

Karlsruhe Institute of Technology (KIT) is one of Germany’s leading research universities, merging a strong academic tradition with large-scale national research. With a mission to pioneer solutions for the challenges of tomorrow, KIT integrates engineering, natural sciences, and humanities. Its Faculty of Computer Science is internationally recognized for excellence in cybersecurity, robotics, AI, and human-computer interaction. KIT is home to numerous collaborative research centers and graduate schools, attracting top talent from around the globe. The university fosters innovation through strong industry partnerships and interdisciplinary initiatives. As part of the Helmholtz Association, KIT combines the strengths of a university and a national lab in a unique institutional model.
  • Academic 3
  • Business 1
  • Policy 2
Publication and sharing of medical data is considered desirable for precision medicine and research, especially for rare diseases. The European Union and several member states are therefore planning extensive sharing of medical data with public and private research institutions, for example through the Electronic Health Record (ePA). However, medical data is obviously extremely privacy sensitive. Modelling privacy threats will be necessary for the preparation of DPIAs, but has proven to be complex and difficult to achieve objective results. This panel will therefore discuss experiences and approaches to privacy threat modelling and impact assessment in the context of medical data sharing.

Questions to be answered

  1. Which risks arise in the context of medical data sharing, and how can their potential impact be assessed.
  2. What is the impact of recent advances in training foundation models and data reconstruction attacks, and possible future techniques on this issue?
  3. How can such risks systematically be identified, how can tools like PIA, LINDDUN and similar approaches help?
  4. How can we reduce the risk of medical data disclosure disasters in the EU?

Moderator

Thorsten Strufe

Karlsruhe Institute of Technology - Germany

Thorsten Strufe is professor of IT Security at Karlsruhe Institute of Technology (KIT/KASTEL), and adjunct professor for Privacy and Network Security at TU Dresden. He is a deputy speaker of the Excellence Centre for Tactile Internet with Human-in-the-Loop (CeTI), and a PI in the national IT security competence center KASTEL Security Research Labs. His research interests lie in the areas of privacy and network security, especially in the context of social networking services and novel mixed reality applications. Recently, he has focused on studying privacy implications of user behavior and possibilities to provide privacy-preserving and secure networked services. Previous posts include faculty positions at TU Dresden, TU Darmstadt, and Uni Mannheim, as well as postdoc/researcher positions at EURECOM (France) and TU Ilmenau.

Speaker

Franziska Boehm

FIZ - Germany

Prof. Dr. Franziska Boehm is Professor of Intellectual Property Rights at the Karlsruhe Institute of Technology (KIT) and Vice President Intellectual Property and Data Science at FIZ Karlsruhe – Leibniz Institute for Information Infrastructure. She studied law in Germany and France, earning her PhD from the University of Luxembourg on data protection and information sharing in the EU. Her academic path includes roles at the University of Münster, University of Luxembourg, and interdisciplinary centers focused on IT law and data governance. Her research bridges European law, privacy, and information infrastructure with a strong focus on digital rights and legal harmonization in the EU.