Protection of Personal Data in High Performance Computing Platform for Scientific Research Purposes

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12703)


The Open Science projects are also aimed at strongly encouraging the use of Cloud technologies and High Performance Computing (HPC), for the benefit of European researchers and universities. The emerging paradigm of Open Science enables an easier access to expert knowledge and material; however, it also raises some challenges regarding the protection of personal data, considering that part of the research data are personal data thus subjected to the EU’s General Data Protection Regulation (GDPR). This paper investigates the concept of scientific research in the field of data protection, with regard both to the European (GDPR) and national (Luxembourg Data Protection Law) legal framework for the compliance of the HPC technology. Therefore, it focuses on a case study, the HPC platform of the University of Luxembourg (ULHPC), to pinpoint the major data protection issues arising from the processing activities through HPC from the perspective of the HPC platform operators. Our study illustrates where the most problematic aspects of compliance lie. In this regard, possible solutions are also suggested, which mainly revolve around (1) standardisation of procedures; (2) cooperation at institutional level; (3) identification of guidelines for common challenges. This research is aimed to support legal researchers in the field of data protection, in order to help deepen the understanding of HPC technology’s challenges and universities and research centres holding an HPC platform for research purposes, which have to address the same issues.


HPC Scientific research GDPR Data protection Open Science Sharing data European institutions 


  1. 1.
    Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. In: OJ L119/1 (2016).
  2. 2.
    Council Regulation (EU) 2018/1488, establishing the European High Performance Computing Joint Undertaking. In: OJ L 252 (2018).
  3. 3.
    Beretta, F.: Cycle of (digital) knowledge production in historical sciences. In: Cappelluti, F., et al. (eds.) Open Science: Rethinking Rewards and Evaluation the Key to Change? Zenodo (2020).
  4. 4.
    Commission Recommendation (EU) 2018/790 on access to and preservation of scientific information. In: OJ L 134, 31 May 2018 (2018).
  5. 5.
    UNESCO, First draft of the UNESCO Recommendation on Open Science (2020). Accessed 03 Feb 2021
  6. 6.
    Ayris, P., et al.: Realising the European open science cloud. European Union (2016).
  7. 7.
    European Commission, European Cloud Initiative - Building a competitive data and knowledge economy in Europe, COM/2016/178 final (2016).
  8. 8.
    Saunders, G., et al.: Leveraging European infrastructures to access 1 million human genomes by 2022. Nat. Rev. Genet. 20(11), 698 (2019).
  9. 9.
    Budroni, P., Burgelman, J.-C., Schouppe, M.: Architectures of knowledge: the European open science cloud. ABI Tech. 39(2), 131 (2019). Scholar
  10. 10.
    Wilkinson, M.D., et al.: The FAIR guiding principles for scientific data management and stewardship. Sci. Data 3(1), 4 (2016). Scholar
  11. 11.
    Hodson, S., et al.: Turning FAIR into reality: final report and action plan from the European Commission expert group on FAIR data. European Union (2018).
  12. 12.
    European Data Protection Supervisor (EDPS), A Preliminary Opinion on data protection and scientific research (2020). Accessed 03 Feb 2021
  13. 13.
    Boniolo, G.: Il pulpito e la piazza. Democrazia, deliberazione e scienze della vita. Cortina Editore, Torino (2010)Google Scholar
  14. 14.
    Sjöberg, C.M.: Scientific research and academic e-learning in light of the EU’s legal framework for data protection. In: Corrales, M., Fenwick, M., Forgó, N. (eds.) New Technology, Big Data and the Law, pp. 43–63. Springer, Singapore (2017). Scholar
  15. 15.
    Ducato, R.: Data protection, scientific research, and the role of information. Comput. Law Secur. Rev. 37 (2020).
  16. 16.
    Ienca, M., et al.: How the general data protection regulation changes the rules for scientific research. European Parliamentary Research Service (EPRS), Scientific Foresight Unit (STOA) (2019).
  17. 17.
    Manis, M.L.: The processing of personal data in the context of scientific research. The new regime under the EU-GDPR. Biolaw J. 3 (2017).
  18. 18.
    Barfield, W., Pagallo, U.: Advanced Introduction to Law and Artificial Intelligence. Edward Elgar Publishing, Cheltenham (2020)CrossRefGoogle Scholar
  19. 19.
    Aurucci, P.: Legal issues in regulating observational studies: the impact of the GDPR on Italian biomedical research. Eur. Data Protect. Law Rev. 5(2), 197–208 (2019). Scholar
  20. 20.
    Loi du 1er août 2018 portant organisation de la Commission nationale pour la protection des données et du régime général sur la protection des données (Luxembourg Data Protection Law) (2018).
  21. 21.
    Trefois, C., Alper, P., Jones, S., Becker, R., et al.: Data protection impact assessment: general LCSB approach for processing research data. Internal report (2018)Google Scholar
  22. 22.
    Ganzinger, M., Glaab, E., et al.: Biomedical and clinical research data management. In: Systems Medicine: Integrative, Qualitative and Computational Approaches, vol 3. Academic Press (2021)Google Scholar
  23. 23.
    European Data Protection Board (EDPB), Guidelines on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak, 03 (2020). Accessed 03 Feb 2021
  24. 24.
    Durante, M.: Computational Power: The Impact of ICT on Law. Society and Knowledge. Routledge, London (2021)CrossRefGoogle Scholar
  25. 25.
    Pagallo, U., Casanovas, P., Madelin, R.: The middle-out approach: assessing models of legal governance in data protection, artificial intelligence, and the web of data. Theory Pract. Legislation 7(1) (2019).
  26. 26.
    Pagallo, U.: The legal challenges of big data: putting secondary rules first in the field of EU data protection. Eur. Data Prot. L. Rev. 3 (2017).
  27. 27.
    University of Leicester. Accessed 03 Feb 2021
  28. 28.
  29. 29.
    NIST SP 800–30 Rev. 1: Guide for Conducting Risk Assessments, Technical report (2012). Accessed 03 Feb 2021
  30. 30.
    ISO/IEC 27002:2013: Information technology, Security techniques, Code of practice for information security controls. Accessed 03 Feb 2021

Copyright information

© Springer Nature Switzerland AG 2021

Authors and Affiliations

  1. 1.CIRSFIDUniversity of BolognaBolognaItaly
  2. 2.FSTMUniversity of LuxembourgEsch-sur-AlzetteLuxembourg

Personalised recommendations