Journal of Agricultural Big Data >
Rule-Based Framework for Scientific Data Security Governance: A New Tool for Understanding the Imbalance and Challenges of Data Protection and Utilization
Received date: 2024-06-08
Accepted date: 2024-09-24
Online published: 2024-10-01
With the implementation of various data security laws and regulations centered on privacy protection, and the emergence of new governance factors such as data sovereignty, technological competition, and geopolitics, the requirements for the "protection" of scientific data have been increasingly elevated. This has objectively suppressed the "utilization" functions of data collection, processing, transmission, and analysis, leading to a significant risk of imbalance between the protection and utilization of scientific data. This imbalance is externally manifested in challenges such as the excessive burden of legal compliance and the weakening availability of public scientific data. The academic community, data managers, and policymakers urgently need effective analytical tools to understand and address these challenges in a systematic way. In response to this gap, this paper proposes a rule-based governance framework for scientific data security, aiming to provide a systematic analytical tool to address the protection-utilization imbalance and related challenges from the perspective of governance rules, including laws, ethics, and institutional policies. This framework integrates the major rule types in scientific data security governance and introduces three analytical tools: the "Island-Bridge Model," the "Law-Ethics Balance," and the "Moderate Implementation" principle, to explain the interaction mechanisms of these rules. The framework establishes the transmission paths between governance rules and the protection-utilization balance and uses these tools to explain two key challenges—excessive compliance burdens and weakened public scientific data availability—demonstrating its explanatory power and practical value. In the context of the long-term tightening of data security regulations, the rule-based analytical perspective and tools proposed in this paper enrich the theoretical foundation of scientific data security governance and provide practical references for addressing these challenges. The framework also offers essential theoretical support for policy communication among the academic community, data managers, and policymakers, ensuring the sustainable utilization of scientific data in the future.
WANG Jian, ZHOU GuoMin, LIAO FangYu, XU ZhePing, ZHANG JianHua, LIU TingTing . Rule-Based Framework for Scientific Data Security Governance: A New Tool for Understanding the Imbalance and Challenges of Data Protection and Utilization[J]. Journal of Agricultural Big Data, 2024 , 6(3) : 295 -306 . DOI: 10.19788/j.issn.2096-6369.000068
| [1] | GAETA M C. Hard law and soft law on data protection: What a DPO should know to better perform his or her tasks[J/OL]. European Journal of Privacy Law & Technologies, 2019/2:61-78. |
| [2] | LI S C, CHEN Y W, HUANG Y. Examining compliance with personal data protection regulations in interorganizational data analysis[J/OL]. Sustainability, 2021, 13(20): 11459. DOI:10.3390/su132011459. |
| [3] | RUBINSTEIN I S, HARTZOG W. Anonymization and risk[J]. Washington Law Review, 2016, 91(2): 703-760. |
| [4] | 郭华东. 专刊导读:把握“保护-利用”动态平衡,推进科学数据高质量发展[J]. 农业大数据学报, 2024, 6(2): 145. DOI:10.19788/j.issn.2096-6369.200003. |
| [5] | 廖方宇, 李婧. 开放科学背景下科学数据开放共享安全挑战及我国对策思考[J]. 农业大数据学报, 2024, 6(2): 146-155. DOI:10.19788/j.issn.2096-6369.000027. |
| [6] | YAO K, PARK M K. Strengthening Data Governance for Effective Use of Open Data and Big Data Analytics for Combating COVID-19[M/OL]// UN Department of Economic and Social Affairs Policy Briefs NO89, 2020. https://desapublications.un.org/policy-briefs/undesa-policy-brief-89-strengthening-data-governance-effective-use-open-data-and-big. |
| [7] | VOIGT P, VON DEM BUSSCHE A. The EU General Data Protection Regulation (GDPR): A practical guide[M]. Springer International Publishing, 2017. |
| [8] | ALL EUROPEAN ACADEMIES, EUROPEAN ACADEMIES SCIENCE ADVISORY COUNCIL, FEDERATION OF EUROPEAN ACADEMIES OF MEDICINE. International Sharing of Personal Health Data for Research[M/OL]. 2021. DOI: https://doi.org/10.26356/IHDT. |
| [9] | DE HERT P, PAPAKONSTANTINOU V. The new general data protection regulation: Still a sound system for the protection of individuals?[J]. Computer Law & Security Review, 2012, 28(2): 130-142. |
| [10] | BORGMAN C L. Big Data, Little Data, No Data: Scholarship in the Networked World[M]. MIT Press, 2015. |
| [11] | KAYE J, WHITLEY E A, LUND D, et al. Dynamic consent: a patient interface for twenty-first century research networks[J]. European Journal of Human Genetics, 2015, 23(2): 141-146. |
| [12] | GARRIDO S, FELLOWS L. The impact of data protection regulations on research: Balancing data sharing and privacy concerns[J]. Journal of Law, Medicine & Ethics, 2016, 44(1): 127-141. |
| [13] | PHILLIPS M, DOVE E S, KNOPPERS B M. A population data perspective on the regulation of health research[J]. Journal of Law and the Biosciences, 2017, 4(1): 27-46. |
| [14] | STAHL B C, RAINEY S, SHAW M. Challenges and opportunities of data governance in research: A critical perspective[J]. Science and Public Policy, 2021, 48(3): 395-407. |
| [15] | CONTRERAS J L. Bermuda’s legacy: Patents, policy and the design of the genome commons[J]. Minnesota Journal of Law, Science & Technology, 2011, 12(1): 61-125. |
| [16] | EDWARDS J L. Research and societal benefits of the global biodiversity information facility[J/OL]. BioScience, 2004, 54(6):485-486. https://doi.org/10.1641/0006-3568(2004)054[0486:RASBOT]2.0.CO;2. |
| [17] | PISANI E, AABY P, BREUGELMANS J G, et al. Beyond open data: realizing the health benefits of sharing data[J]. BMJ, 2016, 355:i5295. https://doi.org/10.1136/bmj.i5295. |
| [18] | A Preliminary Opinion on data protection and scientific research[M/OL]. European Data Protection Supervisor, 2020. https://www.edps.europa.eu/sites/default/files/publication/20-01-06_opinion_research_en.pdf. |
| [19] | SCHWARTZ P M, SOLOVE D J. Reconciling personal information in the United States and European Union[J]. California Law Review, 2014, 102(4): 877-916. |
| [20] | BENDER A. The invalidation of the EU-U.S. safe harbor agreement: Implications for transatlantic data flows[J]. German Law Journal, 2016, 17(6): 1267-1282. |
| [21] | HOWISON M, ANGELL M, HASTINGS J S. Protecting sensitive data with secure data enclaves[J/OL]. Digital Government: Research and Practice, 2024, 5(2): 1-11. DOI:10.1145/3643686. |
| [22] | SABERI S, KOUHIZADEH M, SARKIS J, et al. Blockchain technology and its relationships to sustainable supply chain management[J/OL]. International Journal of Production Research, 2019, 57(7): 2117-2135. https://doi.org/10.1080/00207543.2018.1533261. |
| [23] | 龚海燕, 李晓刚. 区块链与机密计算技术在材料数据库平台中的应用分析[J]. 农业大数据学报, 2024, 6(2): 241-252. DOI:10.19788/j.issn.2096-6369.000026. |
| [24] | 陈纯, 任奎, 杨小虎, 等. 区块链与科学数据治理[J]. 科学通报, 2024, 69(9): 1137-1141. |
| [25] | ZWITTER A, GSTREIN O J. Big data, privacy, and COVID-19— learning from humanitarian expertise in data protection[J]. Journal of International Humanitarian Action, 2020, 5(1): 1-8. |
| [26] | FOSTER C, JACOB T. The impacts of data localization on privacy, security, and innovation[J]. Journal of Cyber Policy, 2018, 3(3): 365-384. |
| [27] | 李宜展, 李泽霞. 国际科技组织与国际科技合作计划中的科学数据安全治理[J]. 农业大数据学报, 2024, 6(2): 161. DOI:10.19788/j.issn.2096-6369.000031. |
| [28] | CHANDER A, SUN H. Data SOVEREIGNTY: From the Digital Silk Road to the Return of the State[M/OL]. New York: Oxford University Press, 2023. https://academic.oup.com/book/55328. |
| [29] | 宁宣凤, 吴涵, 付昊, 等. “数据主权”浪潮下企业如何构建全球数据管理体系 ——兼评美国《国家安全与个人数据保护法》提案[EB/OL]. https://www.chinalawinsight.com/2019/11/articles/cyber-security/数据主权浪潮下企业如何构建全球数据管理体系/. |
| [30] | 黄海瑛, 何梦婷, 冉从敬. 数据主权安全风险的国际治理体系与我国路径研究[J]. 图书与情报, 2021(4): 15-28. |
| [31] | KOUPER I, RAYMOND A H, GIROUX S. An exploratory study of research data governance in the U.S.[J/OL]. Open Information Science, 2020, 4(1): 122-142. DOI:10.1515/opis-2020-0010. |
| [32] | MAHANTI R. Data Governance Success: Growing and Sustaining Data Governance[M/OL]. Singapore: Springer Singapore, 2021. https://link.springer.com/10.1007/978-981-16-5086-4. |
| [33] | HINKLE O. The Evolution of Data Governance[EB/OL]. (2020-05-18). https://www.dataversity.net/the-evolution-of-data-governance/. |
| [34] | AL-RUITHE M, BENKHELIFA E, HAMEED K. A systematic literature review of data governance and cloud data governance[J/OL]. Personal and Ubiquitous Computing, 2019, 23(5-6): 839-859. DOI:10.1007/s00779-017-1104-3. |
| [35] | LADLEY J. Data Governance: How to Design, Deploy, and Sustain an Effective Data Governance Program[M/OL]. Elsevier Science, 2019. https://books.google.com.sg/books?id=AkW9DwAAQBAJ. |
| [36] | SARSFIELD S. The Data Governance Imperative[M/OL]. IT Governance Publishing, 2009. https://www.jstor.org/stable/j.ctt5hh6sb. |
| [37] | MARCUCCI S, ALARCóN N G, VERHULST S G, et al. Informing the Global Data Future: Benchmarking Data Governance Frameworks[J/OL]. Data & Policy, 2023, 5: e30. DOI:10.1017/dap.2023.24. |
| [38] | HENDERSON D, EARLEY S, DATA ADMINISTRATION MANAGEMENT ASSOCIATION. DAMA-DMBOK: data management body of knowledge[M].Second edition. Basking Ridge, New Jersey: Technics Publications, 2017. |
| [39] | FOTHERGILL B T, KNIGHT W, STAHL B C, et al. Responsible data governance of neuroscience big data[J/OL]. Frontiers in Neuro-informatics, 2019, 13:28. https://doi.org/10.3389/fninf.2019.00028. |
| [40] | AL-RUITHE M, BENKHELIFA E, HAMEED K. Data governance taxonomy: Cloud versus non-cloud[J/OL]. Sustainability, 2018, 10(1): 95. https://doi.org/10.3390/su10010095. |
| [41] | 刘桂锋, 钱锦琳, 卢章平. 国内外数据治理研究进展:内涵,要素,模型与框架[J]. 图书情报工作, 2017, 61(21): 8. |
| [42] | FERNANDES L, O’CONNOR M. Data governance and data stewardship. Critical issues in the move toward EHRs and HIE[J]. Journal of AHIMA, 2009, 80(5): 36-39. |
| [43] | BEHRINGER G, HIZLI M. Data Governance: State-of-the-Art[C/OL]// AHLEMANN F, SCHüTTE R, STIEGLITZ S. Innovation Through Information Systems. Cham: Springer International Publishing, 2021: 687-699. DOI:10.1007/978-3-030-86797-3_45. |
| [44] | MAHANTI R. Introduction to Data, Data Governance, and Data Management[M/OL]//MAHANTI R. Data Governance and Data Management. Singapore: Springer Singapore, 2021: 1-3. https://link.springer.com/10.1007/978-981-16-3583-0_1. |
| [45] | ABRAHAM R, SCHNEIDER J, VOM BROCKE J. Data governance: A conceptual framework, structured review, and research agenda[J/OL]. International Journal of Information Management, 2019, 49: 424-438. DOI:10.1016/j.ijinfomgt.2019.07.008. |
| [46] | 梅宏. 数据治理之论[M]. 北京: 中国人民大学出版社, 2020. |
| [47] | NIELSEN O B. A Comprehensive Review of Data Governance Literature[J/OL]// Selected Papers of the IRIS, 2017(Nr 8): 3. https://aisel.aisnet.org/iris2017/3/. |
| [48] | SOLOMONIDES A. Research Data Governance, Roles, and Infrastructure[M/OL]//RICHESSON R L, ANDREWS J E. Clinical Research Informatics. Cham: Springer International Publishing, 2019: 291-310. http://link.springer.com/10.1007/978-3-319-98779-8_14. |
| [49] | 刘莉, 司莉. 科学数据治理实践:内容体系与发展趋势[J]. 情报理论与实践. 2023, 46(12): 175-182. |
| [50] | 张娟, 张志强, 阮伟南, 等. 科技强国最新数据战略及其实施态势分析[J]. 世界科技研究与发展, 2021, 43(3):286-298. |
| [51] | EKE D O, BERNARD A, BJAALIE J G, et al. International data governance for neuroscience[J/OL]. Neuron, 2022, 110(4): 600-612. DOI:10.1016/j.neuron.2021.11.017. |
| [52] | DAVIS R. Data protection laws and regulations in China[J]. Journal of Cybersecurity Policy, 2020, 12(4): 345-367. |
| [53] | SHELTON S. The EU data act and its implications[J]. European Data Law Review, 2019, 22(1): 15-27. |
| [54] | 刘先瑞, 司莉. 科学数据伦理治理:政策框架与路径——以英国为例[J/OL]. 现代情报:(录用定稿)[网络首发2024-08-01]. |
| [55] | TRUBEK D M. Soft law and the legitimation of global governance[J]. Journal of International Law, 2015, 7(2): 123-147. |
| [56] | 廖方宇, 胡良霖, 王健, 等. 科学数据安全标准研究与工作建议[J]. 科学通报, 2024, 69(9): 1142-1148. |
| [57] | 刘碧琦. 美欧《隐私盾协议》评析[J]. 国际法研究, 2016(6):35-47. |
| [58] | 刘文杰. 美欧数据跨境流动的规则博弈及走向[J]. 国际问题研究, 2022(6):65-78+136. |
| [59] | 桂畅旎, 任政, 熊菲. 美欧跨境数据流动规则演变及启示[J]. 信息安全与通信保密, 2023(11): 15-24. |
| [60] | 隆云滔, 王磊, 刘海波. 跨境数据流动治理规则研究[J]. 数据与计算发展前沿, 2023, 5(1): 74-84. |
| [61] | 单文华, 邓娜. 从“数据隐私框架”看欧美数据跨境流动的规则博弈[J]. 太平洋学报, 2024, 32(1):44-56. |
| [62] | GREEN E D, WATSON J D, COLLINS F S. Human Genome Project: Twenty-five years of big biology[J/OL]. Nature, 2015, 526(7571): 29-31. DOI:10.1038/526029a. |
| [63] | AMANN R I, BAICHOO S, BLENCOWE B J, et al. Toward unrestricted use of public genomic data[J/OL]. Science, 2019, 363(6425): 350-352. DOI:10.1126/science.aaw1280. |
| [64] | CLARKE N, VALE G, REEVES E P, et al. GDPR: an impediment to research?[J]. Irish Journal of Medical Science, 2019, 188(4): 1129-1135. DOI:10.1007/s11845-019-01980-2. |
| [65] | PELOQUIN D, DIMAIO M, BIERER B, et al. Disruptive and avoidable: GDPR challenges to secondary research uses of data[J]. European Journal of Human Genetics, 2020, 28(6): 697-705. DOI:10.1038/s41431-020-0596-x. |
| [66] | CHASSANG G. The impact of the EU general data protection regulation on scientific research[J/OL]. ecancermedicalscience, 2017, 11:709. DOI:10.3332/ecancer.2017.709. |
| [67] | QUINN P. Research under the GDPR - a level playing field for public and private sector research?[J/OL]. Life Sciences, Society and Policy, 2021, 17(1): 4. DOI:10.1186/s40504-021-00111-z. |
| [68] | EISS R. Confusion over Europe’s data-protection law is stalling scientific progress[J]. Nature, 2020, 584(7822): 498-498. DOI: 10.1038/d41586-020-02454-7. |
| [69] | RABESANDRATANA T. European data law is impeding studies on diabetes and Alzheimer’s, researchers warn[J/OL]. Science, 2019-11-20. DOI:10.1126/science.aba2926. |
| [70] | Opinions | European Data Protection Supervisor[EB/OL]. [2024-01-23]. https://edps.europa.eu/data-protection/our-work/our-work-by-type/opinions_en. |
| [71] | 如何理解和应对美国限制访问敏感个人数据行政命令[EB/OL]. https://www.secrss.com/article/64086. |
| [72] | MESZAROS J, HO C. AI research and data protection: Can the same rules apply for commercial and academic research under the GDPR?[J/OL]. Computer Law & Security Review, 2021, 41: 105532. https://doi.org/10.1016/j.clsr.2021.105532. |
| [73] | MOHAMMAD A M, JESUS M, FANAEI S D, et al. Artificial intelligence ethics and challenges in healthcare applications: A comprehensive review in the context of the European GDPR Mandate[J/OL]. Machine Learning and Knowledge Extraction, 2023, 5(3): 1023-1035. https://doi.org:10.3390/make5030053. |
| [74] | Bits of Power: Issues in Global Access to Scientific Data[M/OL]. Washington D C: National Academies Press, 1997: 5504. http://www.nap.edu/catalog/5504. DOI:10.17226/5504. |
| [75] | 魏鑫, 汪洋. 我国科学数据出境管理对策研究[J]. 农业大数据学报, 2024, 6(2): 156. DOI:10.19788/j.issn.2096-6369.000036. |
/
| 〈 |
|
〉 |
