The REWIRE project and its partners aim to ensure the adherence of all relevant EU-level legal frameworks and directives toward privacy and personal data protection, maintenance of high cybersecurity standards, and guarantees of the ethical use of the data within the EU. The present blog article summarizes the key legislative frameworks that guide the REWIRE consortium’s practices throughout the project’s lifecycle. More specifically, Figure 1 below showcases the EU Legislations, directives and other regulatory and legal instruments consulted within the context of REWIRE project.
Figure 1: Brief representation of the REWIRE Regulations
More analytically, the primary regulations governing research data are monitored and derived from EC website. Specifically, the Council of Europe Convention No. 108, is considered the first binding international legal instrument on data protection, influencing also GDPR. Its modernized version, Convention 108, updates protections to address evolving technological challenges. Furthermore, articles 7 and 8 of the Charter of Fundamental Rights of the EU (CFR) establish privacy and data protection as fundamental rights, requiring fair data processing based on consent or legal grounds. The ePrivacy Directive 2002/58/EC complements the GDPR by regulating electronic communications, including cookies and spam, with an upcoming ePrivacy Regulation expected to modernize these rules.
During the last decade, the General Data Protection Regulation (GDPR) (EU) 2016/679, which was enforced since 2018, harmonizes data protection laws and establishes principles such as fairness, transparency, data minimization, and accountability. In addition, the Data Protection Law Enforcement Directive (EU) 2016/680 ensures personal data protection in law enforcement contexts, balancing security needs with fundamental rights. Lastly, the Open Data Directive (EU) 2019/1024 facilitates the reuse of public sector information, fostering innovation while protecting privacy. Together, these laws create a comprehensive data protection framework ensuring privacy, security, and ethical data governance across the EU. More recently, the Data Act Regulation (EU) 2023/2854 promotes non-personal data sharing for innovation while maintaining user control. Similarly, the Data Governance Act (EU) 2022/868 enhances data-sharing frameworks with a focus on trust and ethical use.
In a nutshell, REWIRE complies with the above-mentioned regulations by ensuring that no Personally Identifiable Information (PII) or sensitive data is collected during its research and evaluation activities. Instead of using real use cases, REWIRE employs simulated and emulated “hardware-in-the-loop” methodologies. This approach, with realistic yet synthetic data, not only ensures compliance to data protection regulations but also provides the flexibility needed for testing and evaluation across diverse scenarios and conditions. Recall that one of endmost goals of REWIRE is to provide all core trust enables for the establishment of a generic Trust Assessment Framework (TAF) focusing on the RISC-V enabled far edge devices and to analyze its impact on the trust levels indicated by the TAF for a given service. This strategy, based on simulated data, facilitates the comprehension of how stakeholders can potentially exploit these trust calculations to improve the trustworthiness and effectiveness of their services without any privacy breach.
The overarching objective of REWIRE is to accommodate the definition of a generic trust assessment methodology tailored to the unique needs of the Compute Continuum environment. To this end, as elaborated in the following chapter, REWIRE investigates not only the technical aspects but also considers the social and ethical dimensions of trust. The aim is to understand how these dimensions interact and influence end-user and stakeholder acceptance of such a framework. Addressing the social and ethical facets of trust, REWIRE examines newly introduced standards and regulations, particularly drawing on the EU AI Act. This Act identifies seven key areas for trustworthy AI, which REWIRE adopts as a foundation for establishing trustworthiness principles within the Compute Continuum domain.
Finally, the REWIRE project manages to address the potential legal and ethical risks with a coherent but holistic plan. To this end, the present blog article represents a blueprint for the identification, definition, description and mitigation of the risks. REWIRE’s approach to managing and processing research data, either regarding the artefacts or in terms of the evaluation activities, focuses on the interplay analysis of trust and ethics.