D2.1. Privacy, data protection, social and ethical issues preliminary guide for iToBoS design and development

The deliverable “Deliverable 2.1. Privacy, data protection, social and ethical issues preliminary guide for iToBoS design and development” has been successfully submitted. The goal of this report is to provide a preliminary guide outlining key privacy, data protection, social and ethical issues to support technical partners in the design and development of the iToBoS solutions.

It is produced in the context of the privacy, social and ethical impact assessment deployed by the project. This guide is the first output as part of a suite of deliverables to support GDPR compliance and to demonstrate accountability. It acts as a resource to ensure that the project deploys privacy-by-design, data protection-by-design-and-by-default and security-by-design methodologies. The issues discussed in this report are not finite and will be expanded as the project evolves. The impact assessment process led by TRI will be ongoing over the duration of the project and will require project stakeholders to work collaboratively to develop tools and methods that maximise benefits while minimising potential risks.

Section 2 of this report introduces the iToBoS project and the rationale for conducting a Privacy, Social and Ethical Impact Assessment (PIA+). The primary aim of the iToBoS project is to develop an AI diagnostic platform for early detection of melanoma. The platform will include a novel total body scanner and a Computer Aided Diagnostics (CAD) tool that integrates relevant data points such as patient data, genetic data, imaging data, and family medical history. The PIA+ is a multi-step process, iteratively performed at key points in the development cycle in partnership with the technical developers and end users involved in the project. Section 3 presents an overview of the main objectives of the PIA+ and the key considerations identified in the iToBoS preliminary PIA+ and their related Work Package dependencies.

Through an initial literature review, the themes considered relevant by TRI in the initial stages of the PIA+ are described, in Section 4. This includes considerations for the ethical and social impacts of the project’s tools, such as medical ethics and informed consent. The legal challenges are presented in Section 5, covering aspects of Data Protection regulations, and other relevant regulations and standards to be considered in demonstrating the safety and effectiveness of the iToBoS solutions.

This report concludes with a summary of the next steps in conducting the PIA+. This will include consultation with relevant stakeholders (e.g., technical developers, dermatologists, patient advocates, bioethicists, human rights experts, and legal professionals) through focus groups and interviews. The next iteration of the PIA+ (Deliverable 2.6) will be delivered in M12 of the project lifecycle (April 2022).