JURIX2018: The 31st international conference on Legal Knowledge and Information Systems - December 12–14, 2018 in Groningen, The Netherlands
Minimisation of Incidental Findings, and Residual Risks for Security Compliance: the SPIRIT Project
Paper presented at TERECOM-2018 and AICOL-2018. JURIX-2018, the 31st international conference on Legal Knowledge and Information Systems, Groningen, The Netherlands, December 12, 2018.
This paper introduces the policy for minimisation of incidental findings and residual risks of the SPIRIT Project. SPIRIT is a EU H2020 Security project, aimed at browsing relevant sources, including the socalled “dark web”. It proposes a semantically rich sense-making set of tools aimed at detecting identity fraud patterns. It provides “Technologies for prevention, investigation, and mitigation in the context of fight against crime and terrorism” for the use of LEAs in Europe. According to GDPR, some protections must be put in place. We explain how we planned and designed them. Specifically, we turned incidental findings into an incidental risks policy, planned a risk mitigation strategy (ongoing privacy preserving algorithm development), and set a dynamic DPIA.