Demystifying the likelihood of reidentification in neuroimaging data: A technical and regulatory analysis

Imaging Neuroscience Pub Date : 2024-03-01 DOI:10.1162/imag_a_00111

A. S. Jwa, Oluwasanmi Koyejo, Russell A. Poldrack

{"title":"Demystifying the likelihood of reidentification in neuroimaging data: A technical and regulatory analysis","authors":"A. S. Jwa, Oluwasanmi Koyejo, Russell A. Poldrack","doi":"10.1162/imag_a_00111","DOIUrl":null,"url":null,"abstract":"Abstract Sharing research data has been widely promoted in the field of neuroimaging and has enhanced the rigor and reproducibility of neuroimaging studies. Yet the emergence of novel software tools and algorithms, such as face recognition, has raised concerns due to their potential to reidentify defaced neuroimaging data that are thought to have been deidentified. Despite the surge of privacy concerns, however, the risk of reidentification via these tools and algorithms has not yet been examined outside the limited settings for demonstration purposes. There is also a pressing need to carefully analyze regulatory implications of this new reidentification attack because concerns about the anonymity of data are the main reason that researchers think they are legally constrained from sharing their data. This study aims to tackle these gaps through rigorous technical and regulatory analyses. Using a simulation analysis, we first tested the generalizability of the matching accuracies in defaced neuroimaging data reported in a recent face recognition study (Schwarz et al., 2021). The results showed that the real-world likelihood of reidentification in defaced neuroimaging data via face recognition would be substantially lower than that reported in the previous studies. Next, by taking a US jurisdiction as a case study, we analyzed whether the novel reidentification threat posed by face recognition would place defaced neuroimaging data out of compliance under the current regulatory regime. Our analysis suggests that defaced neuroimaging data using existing tools would still meet the regulatory requirements for data deidentification. A brief comparison with the EU’s General Data Protection Regulation (GDPR) was also provided. Then, we examined the implication of NIH’s new Data Management and Sharing Policy on the current practice of neuroimaging data sharing based on the results of our simulation and regulatory analyses. Finally, we discussed future directions of open data sharing in neuroimaging.","PeriodicalId":507939,"journal":{"name":"Imaging Neuroscience","volume":"248 ","pages":"1-18"},"PeriodicalIF":0.0000,"publicationDate":"2024-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Imaging Neuroscience","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1162/imag_a_00111","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Abstract Sharing research data has been widely promoted in the field of neuroimaging and has enhanced the rigor and reproducibility of neuroimaging studies. Yet the emergence of novel software tools and algorithms, such as face recognition, has raised concerns due to their potential to reidentify defaced neuroimaging data that are thought to have been deidentified. Despite the surge of privacy concerns, however, the risk of reidentification via these tools and algorithms has not yet been examined outside the limited settings for demonstration purposes. There is also a pressing need to carefully analyze regulatory implications of this new reidentification attack because concerns about the anonymity of data are the main reason that researchers think they are legally constrained from sharing their data. This study aims to tackle these gaps through rigorous technical and regulatory analyses. Using a simulation analysis, we first tested the generalizability of the matching accuracies in defaced neuroimaging data reported in a recent face recognition study (Schwarz et al., 2021). The results showed that the real-world likelihood of reidentification in defaced neuroimaging data via face recognition would be substantially lower than that reported in the previous studies. Next, by taking a US jurisdiction as a case study, we analyzed whether the novel reidentification threat posed by face recognition would place defaced neuroimaging data out of compliance under the current regulatory regime. Our analysis suggests that defaced neuroimaging data using existing tools would still meet the regulatory requirements for data deidentification. A brief comparison with the EU’s General Data Protection Regulation (GDPR) was also provided. Then, we examined the implication of NIH’s new Data Management and Sharing Policy on the current practice of neuroimaging data sharing based on the results of our simulation and regulatory analyses. Finally, we discussed future directions of open data sharing in neuroimaging.

查看原文本刊更多论文

揭开神经影像数据重新识别可能性的神秘面纱：技术与监管分析

摘要共享研究数据在神经成像领域得到了广泛推广，并提高了神经成像研究的严谨性和可重复性。然而，新型软件工具和算法（如人脸识别）的出现引起了人们的担忧，因为它们有可能重新识别被认为已经去标识化的污损神经成像数据。然而，尽管隐私问题备受关注，但在有限的演示环境之外，人们尚未对通过这些工具和算法重新识别身份的风险进行研究。由于对数据匿名性的担忧是研究人员认为他们在共享数据方面受到法律限制的主要原因，因此还迫切需要仔细分析这种新的再识别攻击对监管的影响。本研究旨在通过严格的技术和监管分析来弥补这些不足。通过模拟分析，我们首先测试了最近一项人脸识别研究（Schwarz et al.）结果表明，现实世界中通过人脸识别对污损神经影像数据进行重新识别的可能性大大低于之前的研究报告。接下来，我们以美国司法管辖区为例，分析了人脸识别带来的新的再识别威胁是否会使污损的神经影像数据不符合现行的监管制度。我们的分析表明，使用现有工具对神经成像数据进行篡改仍然符合数据去标识化的监管要求。我们还提供了与《欧盟通用数据保护条例》（GDPR）的简要比较。然后，我们根据模拟和法规分析的结果，研究了美国国立卫生研究院（NIH）新的数据管理和共享政策对当前神经影像数据共享实践的影响。最后，我们讨论了神经影像学开放数据共享的未来方向。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Imaging Neuroscience

自引率

0.00%

发文量