{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T10:56:19Z","timestamp":1760784979210,"version":"3.40.5"},"reference-count":30,"publisher":"Public Library of Science (PLoS)","issue":"6","license":[{"start":{"date-parts":[[2021,6,2]],"date-time":"2021-06-02T00:00:00Z","timestamp":1622592000000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Funda\u00e7\u00e3o para a Ci\u00eancia e Tecnologia"},{"name":"COMPETE2020","award":["PORTUGAL 2020, European Development Fund"],"award-info":[{"award-number":["PORTUGAL 2020, European Development Fund"]}]},{"name":"COMPETE2020","award":["PORTUGAL 2020, European Development Fund"],"award-info":[{"award-number":["PORTUGAL 2020, European Development Fund"]}]},{"name":"CyberSec4Europe"}],"content-domain":{"domain":["www.plosone.org"],"crossmark-restriction":false},"short-container-title":["PLoS ONE"],"abstract":"<jats:p>Faced with the emergence of the Covid-19 pandemic, and to better understand and contain the disease\u2019s spread, health organisations increased the collaboration with other organisations sharing health data with data scientists and researchers. Data analysis assists such organisations in providing information that could help in decision-making processes. For this purpose, both national and regional health authorities provided health data for further processing and analysis. Shared data must comply with existing data protection and privacy regulations. Therefore, a robust de-identification procedure must be used, and a re-identification risk analysis should also be performed. De-identified data embodies state-of-the-art approaches in Data Protection by Design and Default because it requires the protection of direct and indirect identifiers (not just direct). This article highlights the importance of assessing re-identification risk before data disclosure by analysing a data set of individuals infected by Covid-19 that was made available for research purposes. We stress that it is highly important to make this data available for research purposes and that this process should be based on the state of the art methods in Data Protection by Design and by Default. Our main goal is to consider different re-identification risk analysis scenarios since the information on the intruder side is unknown. Our conclusions show that there is a risk of identity disclosure for all of the studied scenarios. For one, in particular, we proceed to an example of a re-identification attack. The outcome of such an attack reveals that it is possible to identify individuals with no much effort.<\/jats:p>","DOI":"10.1371\/journal.pone.0252169","type":"journal-article","created":{"date-parts":[[2021,6,2]],"date-time":"2021-06-02T21:21:19Z","timestamp":1622668879000},"page":"e0252169","update-policy":"https:\/\/doi.org\/10.1371\/journal.pone.corrections_policy","source":"Crossref","is-referenced-by-count":6,"title":["Fundamental privacy rights in a pandemic state"],"prefix":"10.1371","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7700-1955","authenticated-orcid":true,"given":"T\u00e2nia","family":"Carvalho","sequence":"first","affiliation":[]},{"given":"Pedro","family":"Faria","sequence":"additional","affiliation":[]},{"given":"Lu\u00eds","family":"Antunes","sequence":"additional","affiliation":[]},{"given":"Nuno","family":"Moniz","sequence":"additional","affiliation":[]}],"member":"340","published-online":{"date-parts":[[2021,6,2]]},"reference":[{"key":"pone.0252169.ref001","unstructured":"European Centre for Disease Prevention and Control. Coronavirus disease 2019 (COVID-19) and supply of substances of human origin in the EU\/EEA; 2020. https:\/\/www.ecdc.europa.eu\/sites\/default\/files\/documents\/covid-19-supply-substances-human-origin.pdf."},{"issue":"6498","key":"pone.0252169.ref002","doi-asserted-by":"crossref","first-page":"1422","DOI":"10.1126\/science.abc6197","article-title":"Reducing transmission of SARS-CoV-2","volume":"368","author":"KA Prather","year":"2020","journal-title":"Science"},{"key":"pone.0252169.ref003","unstructured":"World Health Organization. WHO Director-General\u2019s opening remarks at the media briefing on COVID-19\u201411 March 2020; 2020. https:\/\/bit.ly\/2CY7Gjp."},{"key":"pone.0252169.ref004","doi-asserted-by":"crossref","unstructured":"Narayanan A, Shmatikov V. Robust de-anonymization of large sparse datasets. In: 2008 IEEE Symposium on Security and Privacy (sp 2008). IEEE; 2008. p. 111\u2013125.","DOI":"10.1109\/SP.2008.33"},{"key":"pone.0252169.ref005","unstructured":"Ochoa S, Rasmussen J, Robson C, Salib M. Reidentification of individuals in Chicago\u2019s homicide database: A technical and legal study. Massachusetts Institute of Technology. 2001."},{"key":"pone.0252169.ref006","unstructured":"European Council. Declaration by the High Representative Josep Borrell, on behalf of the European Union, on human rights in the times of the coronavirus pandemic; 2020. https:\/\/bit.ly\/3dWHWAT."},{"key":"pone.0252169.ref007","unstructured":"European Data Protection Supervisor. Data Protection\u2014European Data Protection Supervisor; 2016. https:\/\/edps.europa.eu\/data-protection_en."},{"key":"pone.0252169.ref008","unstructured":"United Nations. Universal Declaration of Human Rights; 1948. https:\/\/www.un.org\/en\/universal-declaration-human-rights\/."},{"key":"pone.0252169.ref009","unstructured":"Council of Europe. European Convention on Human Rights; 1953. https:\/\/www.echr.coe.int\/Documents\/Convention_ENG.pdf."},{"key":"pone.0252169.ref010","unstructured":"European Convention. Charter of Fundamental Rights of the European Union; 2000. https:\/\/www.europarl.europa.eu\/charter\/pdf\/text_en.pdf."},{"key":"pone.0252169.ref011","unstructured":"Official Journal of the European Union. General Data Protection Regulation; 2016. https:\/\/gdpr-info.eu\/."},{"key":"pone.0252169.ref012","unstructured":"European Commission. Guidelines on Personal data breach notification under Regulation 2016\/679; 2017. https:\/\/ec.europa.eu\/newsroom\/article29\/item-detail.cfm?item_id=612052."},{"issue":"5","key":"pone.0252169.ref013","doi-asserted-by":"crossref","first-page":"830","DOI":"10.1016\/j.jbi.2013.06.010","article-title":"Defining and measuring completeness of electronic health records for secondary use","volume":"46","author":"NG Weiskopf","year":"2013","journal-title":"Journal of biomedical informatics"},{"key":"pone.0252169.ref014","unstructured":"Di\u00e1rio da Rep\u00fablica Eletr\u00f3nico. Lei n.\u00b0 58\/2019. Website. https:\/\/data.dre.pt\/eli\/lei\/58\/2019\/08\/08\/p\/dre. 2019."},{"key":"pone.0252169.ref015","unstructured":"Samarati P, Sweeney L. Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. In Proceedings of the IEEE Symposium on Research in Security and Privacy. 1998."},{"issue":"1","key":"pone.0252169.ref016","doi-asserted-by":"crossref","DOI":"10.1145\/1217299.1217302","article-title":"L-Diversity: Privacy beyond k-Anonymity","volume":"1","author":"A Machanavajjhala","year":"2007","journal-title":"ACM Trans Knowl Discov Data"},{"key":"pone.0252169.ref017","unstructured":"European Commission. Opinion 05\/2014 on Anonymisation Techniques; 2014. https:\/\/www.pdpjournals.com\/docs\/88197.pdf."},{"key":"pone.0252169.ref018","doi-asserted-by":"crossref","unstructured":"Ramachandran A, Singh L, Porter E, Nagle F. Exploring re-identification risks in public domains. In: 2012 Tenth Annual International Conference on Privacy, Security and Trust. IEEE; 2012. p. 35\u201342.","DOI":"10.1109\/PST.2012.6297917"},{"key":"pone.0252169.ref019","unstructured":"Dusetzina S, Tyree S, Meyer A, Meyer AM, Green L, Carpenter WR. Linking Data for Health Services Research: A Framework and Instructional Guide; 2014."},{"key":"pone.0252169.ref020","doi-asserted-by":"crossref","first-page":"180298","DOI":"10.1038\/sdata.2018.298","article-title":"Probabilistic record linkage of de-identified research datasets with discrepancies using diagnosis codes","volume":"6","author":"BP Hejblum","year":"2019","journal-title":"Scientific data"},{"key":"pone.0252169.ref021","first-page":"1","article-title":"Summarizing and linking electronic health records","author":"D Karapiperis","year":"2019","journal-title":"Distributed and Parallel Databases"},{"key":"pone.0252169.ref022","article-title":"Python Record Linkage Toolkit: A toolkit for record linkage and duplicate detection in Python","author":"J De Bruin","year":"2019","journal-title":"Zenodo"},{"key":"pone.0252169.ref023","doi-asserted-by":"crossref","first-page":"1183","DOI":"10.1080\/01621459.1969.10501049","article-title":"A Theory for Record Linkage","volume":"64","author":"IP Fellegi","year":"1969","journal-title":"Journal of the American Statistical Association"},{"key":"pone.0252169.ref024","doi-asserted-by":"crossref","first-page":"448","DOI":"10.1016\/j.procs.2015.10.073","article-title":"Preserving Privacy of Patients Based on Re-identification Risk","volume":"70","author":"H Taneja","year":"2015","journal-title":"Procedia Computer Science"},{"key":"pone.0252169.ref025","doi-asserted-by":"crossref","first-page":"105413","DOI":"10.1016\/j.clsr.2020.105413","article-title":"Building up the \u201cAccountable Ulysses\u201d model. The impact of GDPR and national implementations, ethics, and health-data research: Comparative remarks","volume":"37","author":"D Amram","year":"2020","journal-title":"Computer Law & Security Review"},{"key":"pone.0252169.ref026","article-title":"Data Protection and Research: A vital challenge in the era of Covid-19 Pandemic","author":"G Malgieri","year":"2020","journal-title":"Computer Law & Security Review"},{"key":"pone.0252169.ref027","unstructured":"Truta TM, Fotouhi F, Barth-Jones D. Disclosure risk measures for microdata. In: 15th International Conference on Scientific and Statistical Database Management, 2003. IEEE; 2003. p. 15\u201322."},{"key":"pone.0252169.ref028","doi-asserted-by":"crossref","unstructured":"Carpov S, Nguyen TH, Sirdey R, Constantino G, Martinelli F. Practical privacy-preserving medical diagnosis using homomorphic encryption. In: 2016 IEEE 9th International Conference on Cloud Computing (CLOUD). IEEE; 2016. p. 593\u2013599.","DOI":"10.1109\/CLOUD.2016.0084"},{"issue":"4","key":"pone.0252169.ref029","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3394658","article-title":"Homomorphic encryption for machine learning in medicine and bioinformatics","volume":"53","author":"A Wood","year":"2020","journal-title":"ACM Computing Surveys (CSUR)"},{"key":"pone.0252169.ref030","doi-asserted-by":"crossref","unstructured":"Dwork C. Differential privacy: A survey of results. In: International conference on theory and applications of models of computation. Springer; 2008. p. 1\u201319.","DOI":"10.1007\/978-3-540-79228-4_1"}],"container-title":["PLOS ONE"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dx.plos.org\/10.1371\/journal.pone.0252169","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,6,2]],"date-time":"2021-06-02T21:22:02Z","timestamp":1622668922000},"score":1,"resource":{"primary":{"URL":"https:\/\/dx.plos.org\/10.1371\/journal.pone.0252169"}},"subtitle":[],"editor":[{"given":"M. Usman","family":"Ashraf","sequence":"first","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2021,6,2]]},"references-count":30,"journal-issue":{"issue":"6","published-online":{"date-parts":[[2021,6,2]]}},"URL":"https:\/\/doi.org\/10.1371\/journal.pone.0252169","relation":{},"ISSN":["1932-6203"],"issn-type":[{"type":"electronic","value":"1932-6203"}],"subject":[],"published":{"date-parts":[[2021,6,2]]}}}