Key points are not available for this paper at this time.
While synthetic data has the potential to address privacy concerns associated with real-world data in many scenarios — ranging from health applications to machine learning — organisations must proceed carefully to ensure they do not inadvertently violate the General Data Protection Regulation or other data protection laws. The boundaries between the processing of personal and anonymised data are sometimes overlooked, creating potential risks for individuals' rights and freedoms. This paper will start from a definition of synthetic data and, after reviewing some foreseeable use cases (also promoted by forthcoming sector legislations in the areas of artificial intelligence and data sharing), it will address the conditions set out in data protection laws (the EU General Data Protection Regulation in primis) in order to consider a set of data as properly anonymised, as well as the phases of synthetic data generation and use where personal data might still be processed, proposing some reflections towards genuine legal compliance.
Giuseppe D'Acquisto (Fri,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: