Written by Robert Porthan and Kevin Surakka

Information has always been a valuable resource. With the introduction of modern technology, data has become the new gold. Information is no longer merely a valuable resource; it is THE resource. Data is used by businesses and sectors all around the world to fund initiatives, sell advertisements, gather statistics, and enhance healthcare, among other things. Data as a resource still has enormous potential, and new ideas are discovered on a daily basis.

But with the introduction of new technologies and data as a resource, new problems have arisen. Personal information is in circulation across the globe. Information is transferred between different parties and organizations every second. This leads to problems with personal information and integrity.

Do you give consent to organisations handling your private data? The first real challenge against this order was the Court of Justice of the European Union's (CJEU) ruling in the Schrems II case on the 16th of July 2020. In summary, the court ruled in favour of Maximillan Schrems and the Data Protection Commissioner against Facebook Ireland. Schrems argued that Facebook Ireland violated the GDPR and EU law by transferring his personal data to the US.

The current data transfer landscape is complicated. The EU has taken measures to regulate data after the Schrems II ruling in the form of the GDPR and other regulations. The EU has other data protection regulations currently on the drawing board, these are the AI regulation act and the data governance act. These acts are still proposals. However, the EU has acted on the need for data regulation. This is beneficial for people's integrity and privacy, but data also has a great deal of value. Nevertheless, data can also be used in various ways for the benefit of mankind. New breakthrough approaches to treat patients and new drugs could be developed using health data. For example, data statistics can be used to prevent traffic accidents. The possibilities are practically limitless. However, with the new restrictions, this method of data sharing is no longer as straightforward.

Data transfers differ in the sense that the regulations affect the transfers differently inside EU and outside of the EU. Not to add that all member countries in the EU also have national regulations that they have and parties outside of the countries have to follow. The EU operates currently primarily on the adequate transfer system. The EU Commission deems countries outside of the EU adequate for data transfers alongside the member countries. For instance, Norway is a country that is not a member of the EU. The Commission has however deemed Norway adequate for data transfers from the EU as their data protection and data security is ruled to be on par with the European Union. A data transfer can be completed on the basis of an adequacy decision. Data transfers can also be completed on the basis of transfer agreements, the most common of these are BCRs such as the Standard Contractual Clauses.

This summer (June 4, 2021), the EU Commission issued new standard contractual clauses (SCCs), that tackle transfers of data to third countries (e.g the UK or the US) and relationships between controllers and processors. Following, standard contractual clauses providing sufficient data protection measures can be used as a basis for data transfers from the EU to third countries, according to the General Data Protection Regulation (GDPR).

The new SCCs comes in a modular approach that is divided into four contrasting modules that divide compliance between different transfer relationships, these are Module 1: Controller to Controller, Module 2: Transfer controller to the processor, Module 3: Transfer processor to processor and Module 4: Transfer processor to the controller.

Hence, the new SCC’s issued by the EU commission will replace the previous standard contractual clauses, which were implemented in 2010. The new provisions reflect changes made in the aftermath of the introduction of the EU's new privacy legislation, the General Data Protection Regulation (GDPR) of 2018. The GDPR limits the types of personal data that may be shared legally. Consequently, companies have until December 27, 2022, to meet the current contractual obligations and therefore update their standard contractual clauses.

Finally, the most important aspect for a data driven business is to be aware of what type of data they are processing. Awareness of the data landscape is key to successful and regulatory data transfers. Data Intermediary services are most recommended for an expertise in what type of regulations your data is bound by, a data intermediary handles the data and deems it compliant for transfers. ----------------------

1) https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

Dynamics of the Dilaw Compliance Service - Data transfer Legally and Dynamically

Are you concerned about the security and legality of the patient and personal information used in your company?

You might also be interested about how to secure and be sure about the lawful and proper use of personal information used in your business?

With Dilaw Compliance service, the legal documentation is available before you start saving and using the data.

Contact us and we'll tell you more - how we do the trick?

Examples of our service models

Roadmap service

The Dilaw service creates a -Roadmap to Compliance- for your company.

The Roadmap service includes customized Compliance Document templates for your business and instructions on how to complete them.

Dilaw compliance models allow you to prepare documents that meet regulatory requirements that are required by auditors. Dynamic maintenance ensures that the documents you submit are always up-to-date, including the latest regulations.

In the service, your company's compliance officer updates your company's information in the Dilaw -Roadmap to Compliance service and prints the documents. You only pay for the service according to your usage, ie when you need new documents. The maintenance of the service is ensured by a nominal monthly fee based on the agreement.

Holistic compliance service

In the Dilaw service, your company's patient data is mapped and continuous maintenance is agreed.

In this comprehensive service, Dilaw prepares all compliance documents that correspond to your company's information usage situation. Dilaw automatically updates the system documents. From now on, Dilaw Compliance will be responsible for real-time document maintenance, so your Dilaw Holistic Compliance system will be automatically updated when requirements change. Since you are already a Dilaw customer, you do not need to maintain the company's compliance status in the system. Dilaw Compliance lawyers will take care of any necessary changes and updates to the documentation. Updates are made at agreed intervals for a monthly fee.

Tailored Customized compliance solution

Dilaw will implement a research project for your company. After the research project the report, a proposal and a plan is prepared, as well as a maintenance model. The level of service depends on the requirements you set. You can continue with the implementation project independently or with your own partner on the basis of the Dilaw design project.

Blockchain technology, the future of information databases

Written by Alwar Holmberg

What is blockchain?

In its simplest form, blockchain is a ledger of gathered information that makes it difficult for an outside source to change or hack the information within. The “chain” of computers that makes the blockchain works as a decentralized system that records every input and transaction that has occured, and is more commonly referred to as Distributed Ledger Technology (DLT). Blockchain is a type of DLT, and uses the network of computers to record any changes in the chain to verify the integrity of the ledger. If one computer attempts to tamper with the blockchain ledger, it will be cross referenced against all the other linked computers on the chain, and removed.

Blockchain is most famously used in digital currency, but how does it work?

The main problem with digital currency in the past has been the issue with trust and accountability. An earlier attempt was made in The United States by David Chaum with “DigiCash”. His idea was to use a token that had been stamped with a verified signature of authenticity with his “blinding formula” encryption. His idea was so respected in silicon valley, that he was offered a deal by Bill Gates to integrate the “Ecash” into every copy of windows 95. However, due to personal issues, the deal fell through and a short while later, Digicash went bankrupt in 1998.

Today, we have the technology to make digital currency secure with the use of blockchain. The data stored on a blockchain can be anything, including money. Instead of an encryption based authenticity stamp, like David Chaum intended to use, we use the decentralized network of computers of blockchain. This means that the system is distributed and that there is no central point of failure. These computers work together to add new information to the blockchain. This information is added in bundles known as blocks, and each time a new block of information is added, it is chained to the previous one in a linear fashion resulting in the blockchain. Because of the nature of the blockchain decentralized system, no single entity can make changes, like giving themselves infinite money, as the system would recognize this as an error and verify the information using all the other linked “chains”.

What problems does blockchain solve?

Modern banking, while being easy and fast to use with the SWIFT banking network, takes two to three days for most monetary transactions. This time can be cut down to mere minutes using blockchain verification. With its trustless system, all transactions will be written in stone and become unchangeable as soon as an agreement is made. One would for instance be able to agree with a partner for a transaction of 2€ for a chocolate bar, and even if either party were to change their mind on the price later, the agreement could not be altered.

What other uses are there for blockchain?

Smart contracts

Secure sharing of medical data

Music royalties tracking

Real-time IoT operating systems

Personal identity security

Anti-money laundering tracking system

Supply chain and logistics monitoring

Voting mechanism

Advertising insights

Original content creation

What lies in the future for blockchain?

In this ever evolving world and rising international participation, the future will definitely need some kind of DLT. Blockchain technology remains a quickly-growing area of growth for companies across most industries. It is possible that blockchain technology will be seen as the most groundbreaking innovation to come out in recent years.

Schrems II

Schrems II - Can your data ever be secure

Written by Alwar Holmberg

What is it?

Schrems II refers to a legal case named after activist, lawyer, and author Maximilian Schrems. He found evidence of illegal personal data transfer conducted by Facebook sending personal data from Europe to their U.S. offices. The data could then be accessed by U.S. intelligence agencies. Maximilian Schrems stated that this stands in direct violation of GDPR.

Background of the case

Maximilian Schrems first gained fame during the CJEU case (Schrems I, or the schrems case) due to similar complaints of Facebook gathering personal data for NSA’s data collection practice. The complaint was first lodged on june 25th, 2013, and was brought to the high court of Ireland before being referred to the CJEU (The Court of Justice of the European Union). This case brought an end to the “Safe Harbor” agreement, and made way for the EU-US Privacy Shield. Which was deemed adequate for data transfers under EU law by the European Commission on July 12, 2016.

How did the data transfer violate GDPR?

In its simplest form, GDPR rules that all data transfers outside of the EU and EEA must have a verifiably secure safeguard, or they will be prohibited. Schrems submitted a complaint that Facebook has continued personal data transfers, in breach of the renewed EU-US privacy shield. The case was examined on April 12th, 2018 by the Irish High Court, which then presented CJEU with eleven (11) questions to address. Two years later, on July 16th 2020, the CJEU issued its judgment in Schrems II.

The Schrems II judgment

The EU-US privacy shield was invalidated soon after due to shortcomings in US laws regarding protection of personal data. The court pointed to the far-reaching implications of the US Foreign Intelligence Surveillance Act, which lets US authorities access and use personal data that was gathered from the EU. The privacy shield was intended as a protection mechanism by using an ombudsman, but was invalidated due to being ineffective in binding US intelligence services.

SCC’s (standard contractual clauses) were also examined through the Schrems II case. The CJEU upheld the use of SCC’s, and stated that any further data controllers are obligated to “verify, on a case-by-case basis and, where appropriate, in collaboration with the recipient of the data, whether the law of the third country of destination ensures adequate protection, under EU law, of personal data transferred pursuant to standard data protection clauses, by providing, where necessary, additional safeguards to those offered by those clauses.”

European Data Protection Board (EDPB) recommendations

The EDPB released a recommendation on protection of personal data on November 10th 2020, and adopted the final recommendations on June 18th 2021. In the Final recommendations, the EDPB has included a roadmap for data transfers to always abide by.

1. Know your transfers

2. Identify the transfer tools you are relying on

3. Assess whether the Article 46 GDPR transfer tool you are relying on is effective in light of all circumstances of the transfer

4. Adopt a supplementary measures

5. Procedural steps if you have identified effective supplementary measures

6. Re-evaluate at appropriate intervals

Written by Alwar Holmberg

Data ethics is a new concept concerning the moral obligations of gathering, protecting and using personal information. Large enterprises have recently noticed a trend of grave untrust between them and their customers, and have to start building that trust from the ground up by enacting ethical data use principles.

Why should I care?

You have shared personal data to dozens of companies, whether you are aware of it or not.

Massive online entities like Amazon, Google, or Youtube gather the personal data of their users to better advertise for a demographic, or to sell to other interested parties. Cyberattacks are becoming more frequent, and may lead to massive data breaches of users' personal information. Back in 2013, Yahoo was breached as Verizon was acquiring the company, and an estimated number of 3 billion users' information was accessed by the hackers. With established principles for ethical data use, the privacy of the customers' information would be prioritized.

The principles of ethical use of data

According to a recent study by KPMGUS, 97% of customers believe that data privacy is important, while only 46% believe that companies use the data of their customers ethically. The percentages are concerning for enterprises that rely on their user data, which has led to finding new systems to ensure a more trustworthy and transparent personal data storage.

There exist six principles under data ethics that are aimed at protecting the rights of an individual that has granted access to their personal data. The six principles are;

1. Ownership

An individual shall own their personal data.

2. Transaction transparency

If the personal data of an individual is used, they shall have full knowledge of what that data is being used for.

3. Consent

If the personal data of an individual were to be used, informed and explicitly expressed consent needs to be given by the owner of the data.

4. Privacy

In any transaction including personal data, all reasonable efforts will be made to preserve the privacy of the data owner.

5. Currency

An individual shall have full knowledge of any transactions that include their personal data.

6. Openness

Combined data registries should be available to all.

Beware the data deluge

Ever since the popularization of the internet, data quantity and quality has exponentially been increasing. As the boom of popularity has been so fast, data processing applications and the solving of ethical dilemmas of data gathering have fallen behind. The field of healthcare is one of the most complicated fields in regard to data processing, due to the numerous innovations in medical research that are constantly being achieved. This has led to an information explosion, or a “data deluge”, which could be described as a situation where data is so abundant, that the managing of information will become essentially impossible with the systems currently in place. Data ethics works as a sort of “data within data”, by categorizing personal data by systemizing, defending and recommending concepts of right and wrong. This works as a safeguard against the incoming data deluge, by shifting through relevant data and discarding the rest.

Better for everyone

Ethical data use will become common practice soon enough. Governments and worldwide organizations are constantly constructing new ways to protect the privacy of the individual. Regulations set in place in Europe and California etc. are just the start in the establishing of the principles of ethical data use.

The European Commission has presented their proposal for the European Health Data Space (EHDS) on may 3rd 2022, with the intent to build a stable cornerstone for a strong European Health Union. EHDS will aid the EU in providing healthcare to citizens through an easier and faster process. The presented proposal would give EU citizens tools to manage and access their own health data at home, wherever they are located inside the EU. EHDS will contribute to a real internal market for digital health services and products.

To clarify, EHDS will bring EU citizens an easier and more accessible system to manage their own healthcare data. So how does the system work? How do you benefit? and When can you expect to see it in action?

How does EHDS function?

The European Health Data Space aims to revolutionize how we use health data for research, innovation and policy-making. It will create a legal framework that allows public institutions, researchers and industry to combine and re-use health data.

There are three objectives to achieve with EHDS:

* Give digital access of personal healthcare data to people.

* Create a working single market for digital health services and products.

* Set up clear rules for the use of patient data for health research and regulation.

How do you benefit?

There are essentially five key points that EHDS will improve in healthcare.

1. Healthcare improvements while traveling

When you’re traveling abroad and get into an accident, or eat something gone bad, you may have to visit a doctor that you don’t share a language with. EHDS will give the doctor access to your translated health data, so you can get the best care possible.

2. Electronic prescription in all EU states

With E-prescriptions enabled, all citizens can walk into any pharmacy within EU states and get whatever has been prescribed to them. This will help especially those that travel a lot by saving them a trip to their home country to get their medicine.

3. Data to improve healthcare

Data has streamlined many businesses, such as no-contact food delivery, automated hotels and apps for even meeting people. However, there have been no major breakthroughs in the healthcare industry. EHDS will give health data the same facelift that most other industries have already gone through. Your health data will be easily accessible, possibly by an easy-to-use app, and more available to researchers and innovators. The problem until now have been the extensive banks of data that have been inaccessible for those that most need it. Research into destructive diseases like cancer or HIV will especially benefit from a more accessible system.

4. Jobs and growth

The European Union works best when the member states can cooperate together by using the same systems and sharing their resources and knowledge. A single market in Europe has been a center for growth and jobs throughout the EU region. This unity through cooperation will also be evident in the healthcare field through EHDS. As development and maintenance of EHDS will become a necessity, tech savvy states like Finland will definitely see an increase in jobs in the health tech areas.

5. Standards for healthcare quality

Quite likely the most straightforward point of the five presented; more data = more volume for use in research = more accuracy in results. EHDS will give researchers a vastly superior pool of data to be used in their work. As the results of research are based on the number of observations being compared to expectations in the hypothesis, increased quantity will only lead to more accurate healthcare research.

When will we see EHDS in action?

The proposal set forth by the European Commission for EHDS is currently estimated to being implemented in the 2025-2030 period. While there seem to be some questions regarding the funding for the framework, a sum of 810mil has been made available on the EU level to start development. For the framework to successfully be applied in all of the EU, member states need to participate in the development and integration into their own healthcare systems. Cooperating on the creation of the EHDS framework will benefit all of the EU and, after a thorough vetting process, should be put at the forefront of most states’ priorities.

—————-

Xhofleer, T. (2022, May 3). The European Health Data Space Proposal (Ehds) Explained. ICT&health. https://ictandhealth.com/the-european-health-data-space-proposal-ehds-explained/news/

E. (2022, May 4). The European Health Data Space: an ambitious framework for health data, but more clarity is needed on how it will work. DIGITALEUROPE. https://www.digitaleurope.org/news/the-european-health-data-space-an-ambitious-framework-for-health-data-but-more-clarity-is-needed-on-how-it-will-work/

Klotz, F. (2022a, May 4). European Health Data Space launched: Can it achieve its goals? Healthcare IT News. https://www.healthcareitnews.com/news/emea/european-health-data-space-launched-can-it-achieve-its-goals

The European Health Data Space Proposal of the European Commission. (n.d.). Bird & Bird. https://www.twobirds.com/en/insights/2022/germany/the-european-health-data-space-proposal-of-the-european-commission

How to motivate your user base

Written by Alwar Holmberg

Tokenomics refers to the crypto currency tokens and the value that can be given to one specific token(1. The value can depend on several factors; such as the maximum token supply, how new tokens are added to or removed from circulation, incentives for token holders, and a project's utility.

To explain tokenomics we need to first understand what a “token” is. It refers to crypto tokens, which is a digital currency that operates on a blockchain. Our earlier newsletters explained blockchains already, so if you need more information you can find it in this link _https://www.dilaw.fi/newsletters. Tokens are given certain characteristics by the developers, with three major features in mind(2

1. Utility

Likely the most important factor for the value of a crypto currency token. It refers to the usability of the token. The question of “what can it be used for?” must be in the mind of everyone that is looking to fund the project by buying tokens. Quite simply, if you cannot use the tokens as currency, they have no practical value.

2. Supply and Price Stability Mechanisms

The supply is central to the value of a token, as inflation works the same as in any other economy. If there are a million tokens in circulation vs if there are one thousand, the value of one token is roughly 0.001 of the more rare token.

The stability of a token will fluctuate depending on if the token is inflationary or deflationary. Some tokens have a market cap for how many there can be at maximum, while others have no maximum capacity.

3. Distribution

As a project is brought to life, some tokens must be taken into circulation. Most projects send out caches of tokens for early funders and original participants in creating the project. As the tokens have an owner, they can be bought and sold by any entity willing to exchange other currencies for the tokens. Transparency and trust is important in bringing the project to life, as too much centralization for the tokens is looked down upon by the crypto currency community.

Tokens as a reward?

Tokens may work quite well as an incentive to promote a certain behavior. On a miniscule scale, granting tokens to children for completing certain tasks for a chance to spend the tokens on a large reward has been effective in raising children(3. While it is effective on children, it does not mean that it is an immature reward system. The same system for rewards is used in arcade games, amusement parks and most mobile apps nowadays.

The rewards system can be used beneficially for everyone involved. You may already be acquainted with token rewards in mobile learning apps. There are a few participants in the circular tokenomics of the application.

First there is you, the one earning tokens. You may be learning a language on mobile, a valuable skill in itself, and by returning daily you are earning the tokens of the application. You can then spend those tokens on the app for a prettier user experience, or something visually enhancing. That visual improvement was created by someone, who was paid for their work. The application is also funded by advertising, which benefits the creators of the app. And the advertisers gain a new potential customer in you, who is seeing those ads.

The next logical step is to bring real world value to the tokens. This can be done by creating a cryptocurrency token that can be used in the application, while simultaneously working on the free market. The token can still be used to buy cosmetic upgrades, while also being able to be traded for other cryptocurrencies and sold for cash.

Tokenomics in healthcare

We have been lately talking about the benefits of sharing your healthcare information for research purposes. And while many are interested in doing it out of purely altruistic tendencies, there is definitely a better way to ensure that more people would share their data. That way is to provide an incentive.

Our belief is that a token rewards system for providing healthcare data would bring in a larger user base and benefit the research of rare diseases. The tokens could be provided for each use of the data granted, and would be used in one of three ways4). 1. Redeem services provided within the system 2. Trade in for other cryptocurrencies 3. exchange directly for cash to use. Actively collaborating in the system works as a way to bring value to your earned coin as well. So continued participation is highly encouraged.

The best part is that those with diseases are concurrently earning tokens while also advancing the research of their own disease.

----------------------

1) Stevens, R. (2022, April 11). What Is Tokenomics and Why Is It Important? Robert Stevens. https://www.coindesk.com/learn/what-is-tokenomics-and-why-is-it-important/

2) Shahzad, I. (2022, May 4). Tokenomics: 4 Crucial Factors to Consider | Coinmonks. Medium. https://medium.com/coinmonks/tokenomics-4-factors-that-determine-a-cryptos-success-858ee7a0cf94

3) How to Create a Token Economy System That Will Motivate Your Child. (2021, September 23). Verywell Family. https://www.verywellfamily.com/create-a-token-economy-system-to-improve-child-behavior-1094888

4) How to Create a Token Economy System That Will Motivate Your Child. (2021, September 23). Verywell Family. https://www.verywellfamily.com/create-a-token-economy-system-to-improve-child-behavior-1094888