With MPEG-G any application handling genomic data can check if the actions the user intends to perform are compliant with the consent rules expressed by the owner of the data. This is possible because in MPEG-G the sequenced data are linked to privacy rules that define the conditions enforced by the owner on data access and use. The compliance verification system can operate locally at the user’s premises or remotely (for example on the data custodian’s repository).
In a typical use case the data analyst submits the relevant information about the action she wants to be performed:
- the intended use (e.g. not for further use, commercial use, relatives search, forensics, scientific purposes)
- her identity as contact information and role (e.g. analyst, researcher, healthcare, forensic, not specified)
- the action to perform (e.g. genetic analysis for diagnostic, analysis for a research project, view information, paternity test, forensic use)
- the recipient of the results (e.g. contact information and role)
- the set of genomic regions where the action will be performed
Then the security system checks if the provided user information and privacy rules can be verified. After verification, the system checks if the provided information meets the privacy rules and potentially other data protection rules enforced by the regulator, and performs necessary actions, such as informing the owner or requesting a further confirmation from the owner. Depending on the result of privacy rules evaluation, the system performs the requested action on the genomic data. The system can as well notify the owner about the result, if requested.