• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

联邦机器学习、隐私增强技术和医疗研究中的数据保护法规:范围综述。

Federated Machine Learning, Privacy-Enhancing Technologies, and Data Protection Laws in Medical Research: Scoping Review.

机构信息

Hamburg University Faculty of Law, University of Hamburg, Hamburg, Germany.

Institute for Computational Systems Biology, University of Hamburg, Hamburg, Germany.

出版信息

J Med Internet Res. 2023 Mar 30;25:e41588. doi: 10.2196/41588.

DOI:10.2196/41588
PMID:36995759
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC10131784/
Abstract

BACKGROUND

The collection, storage, and analysis of large data sets are relevant in many sectors. Especially in the medical field, the processing of patient data promises great progress in personalized health care. However, it is strictly regulated, such as by the General Data Protection Regulation (GDPR). These regulations mandate strict data security and data protection and, thus, create major challenges for collecting and using large data sets. Technologies such as federated learning (FL), especially paired with differential privacy (DP) and secure multiparty computation (SMPC), aim to solve these challenges.

OBJECTIVE

This scoping review aimed to summarize the current discussion on the legal questions and concerns related to FL systems in medical research. We were particularly interested in whether and to what extent FL applications and training processes are compliant with the GDPR data protection law and whether the use of the aforementioned privacy-enhancing technologies (DP and SMPC) affects this legal compliance. We placed special emphasis on the consequences for medical research and development.

METHODS

We performed a scoping review according to the PRISMA-ScR (Preferred Reporting Items for Systematic Reviews and Meta-Analyses extension for Scoping Reviews). We reviewed articles on Beck-Online, SSRN, ScienceDirect, arXiv, and Google Scholar published in German or English between 2016 and 2022. We examined 4 questions: whether local and global models are "personal data" as per the GDPR; what the "roles" as defined by the GDPR of various parties in FL are; who controls the data at various stages of the training process; and how, if at all, the use of privacy-enhancing technologies affects these findings.

RESULTS

We identified and summarized the findings of 56 relevant publications on FL. Local and likely also global models constitute personal data according to the GDPR. FL strengthens data protection but is still vulnerable to a number of attacks and the possibility of data leakage. These concerns can be successfully addressed through the privacy-enhancing technologies SMPC and DP.

CONCLUSIONS

Combining FL with SMPC and DP is necessary to fulfill the legal data protection requirements (GDPR) in medical research dealing with personal data. Even though some technical and legal challenges remain, for example, the possibility of successful attacks on the system, combining FL with SMPC and DP creates enough security to satisfy the legal requirements of the GDPR. This combination thereby provides an attractive technical solution for health institutions willing to collaborate without exposing their data to risk. From a legal perspective, the combination provides enough built-in security measures to satisfy data protection requirements, and from a technical perspective, the combination provides secure systems with comparable performance with centralized machine learning applications.

摘要

背景

在许多领域,大规模数据集的收集、存储和分析都很重要。特别是在医疗领域,处理患者数据有望在个性化医疗保健方面取得重大进展。然而,这受到严格的监管,例如《通用数据保护条例》(GDPR)的监管。这些法规要求严格的数据安全和数据保护,因此给大规模数据集的收集和使用带来了重大挑战。联邦学习(FL)等技术,特别是与差分隐私(DP)和安全多方计算(SMPC)相结合,旨在解决这些挑战。

目的

本范围综述旨在总结当前关于医疗研究中与 FL 系统相关的法律问题和关注点的讨论。我们特别关注 FL 应用程序和培训过程是否以及在何种程度上符合 GDPR 数据保护法,以及使用上述隐私增强技术(DP 和 SMPC)是否会影响这种法律合规性。我们特别强调对医疗研究和开发的影响。

方法

我们根据 PRISMA-ScR(系统评价和荟萃分析扩展的首选报告项目,用于范围综述)进行了范围综述。我们在 Beck-Online、SSRNet、ScienceDirect、arXiv 和 Google Scholar 上检索了 2016 年至 2022 年间以德语或英语发表的文章。我们研究了以下 4 个问题:根据 GDPR,本地和全局模型是否属于“个人数据”;FL 中各方的“角色”定义是什么;在培训过程的各个阶段,谁控制数据;以及隐私增强技术的使用如果有影响的话,会产生什么影响。

结果

我们确定并总结了 56 篇关于 FL 的相关出版物的研究结果。根据 GDPR,本地和可能还有全局模型构成个人数据。FL 增强了数据保护,但仍容易受到多种攻击和数据泄露的可能性的影响。通过隐私增强技术 SMPC 和 DP,可以成功解决这些问题。

结论

将 FL 与 SMPC 和 DP 相结合,对于满足涉及个人数据的医疗研究的法律数据保护要求(GDPR)是必要的。尽管仍然存在一些技术和法律挑战,例如对系统的成功攻击的可能性,但将 FL 与 SMPC 和 DP 相结合可以提供足够的安全性来满足 GDPR 的法律要求。这种结合为愿意合作而又不将数据置于风险之中的医疗机构提供了一个有吸引力的技术解决方案。从法律角度来看,这种结合提供了足够的内置安全措施来满足数据保护要求,从技术角度来看,这种结合提供了具有可比性能的安全系统与集中式机器学习应用程序。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/48382e66a735/jmir_v25i1e41588_fig9.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/01f3b8893292/jmir_v25i1e41588_fig1.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/2904bec845d8/jmir_v25i1e41588_fig2.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/9f55fa3bd2e0/jmir_v25i1e41588_fig3.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/a0db9fe5647c/jmir_v25i1e41588_fig4.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/0814c2e5ce35/jmir_v25i1e41588_fig5.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/d83099a09041/jmir_v25i1e41588_fig6.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/600e0a237a19/jmir_v25i1e41588_fig7.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/77f30b5174dd/jmir_v25i1e41588_fig8.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/48382e66a735/jmir_v25i1e41588_fig9.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/01f3b8893292/jmir_v25i1e41588_fig1.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/2904bec845d8/jmir_v25i1e41588_fig2.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/9f55fa3bd2e0/jmir_v25i1e41588_fig3.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/a0db9fe5647c/jmir_v25i1e41588_fig4.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/0814c2e5ce35/jmir_v25i1e41588_fig5.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/d83099a09041/jmir_v25i1e41588_fig6.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/600e0a237a19/jmir_v25i1e41588_fig7.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/77f30b5174dd/jmir_v25i1e41588_fig8.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ed6c/10131784/48382e66a735/jmir_v25i1e41588_fig9.jpg

相似文献

1
Federated Machine Learning, Privacy-Enhancing Technologies, and Data Protection Laws in Medical Research: Scoping Review.联邦机器学习、隐私增强技术和医疗研究中的数据保护法规:范围综述。
J Med Internet Res. 2023 Mar 30;25:e41588. doi: 10.2196/41588.
2
mHealth Systems Need a Privacy-by-Design Approach: Commentary on "Federated Machine Learning, Privacy-Enhancing Technologies, and Data Protection Laws in Medical Research: Scoping Review".移动医疗系统需要采用隐私设计方法:评论文“医学研究中的联邦机器学习、隐私增强技术和数据保护法:范围综述”。
J Med Internet Res. 2023 Mar 30;25:e46700. doi: 10.2196/46700.
3
The potential of federated learning for public health purposes: a qualitative analysis of GDPR compliance, Europe, 2021.联邦学习在公共卫生领域的潜力:对 GDPR 合规性的定性分析,欧洲,2021 年。
Euro Surveill. 2024 Sep;29(38). doi: 10.2807/1560-7917.ES.2024.29.38.2300695.
4
Revolutionizing Medical Data Sharing Using Advanced Privacy-Enhancing Technologies: Technical, Legal, and Ethical Synthesis.利用先进的隐私增强技术实现医学数据共享的革命:技术、法律和伦理综合。
J Med Internet Res. 2021 Feb 25;23(2):e25120. doi: 10.2196/25120.
5
The FeatureCloud Platform for Federated Learning in Biomedicine: Unified Approach.FeatureCloud 平台在生物医学领域的联邦学习:统一方法。
J Med Internet Res. 2023 Jul 12;25:e42621. doi: 10.2196/42621.
6
Exploring the Relationship Between Privacy and Utility in Mobile Health: Algorithm Development and Validation via Simulations of Federated Learning, Differential Privacy, and External Attacks.探索移动健康中隐私与效用的关系:通过联邦学习、差分隐私和外部攻击的模拟算法开发和验证。
J Med Internet Res. 2023 Apr 20;25:e43664. doi: 10.2196/43664.
7
Analysis of Privacy-Enhancing Technologies in Open-Source Federated Learning Frameworks for Driver Activity Recognition.分析用于驾驶员活动识别的开源联邦学习框架中的隐私增强技术。
Sensors (Basel). 2022 Apr 13;22(8):2983. doi: 10.3390/s22082983.
8
Applications of Federated Learning in Mobile Health: Scoping Review.联邦学习在移动医疗中的应用:范围综述。
J Med Internet Res. 2023 May 1;25:e43006. doi: 10.2196/43006.
9
Federated learning with differential privacy for breast cancer diagnosis enabling secure data sharing and model integrity.用于乳腺癌诊断的具有差分隐私的联邦学习,实现安全的数据共享和模型完整性。
Sci Rep. 2025 Apr 16;15(1):13061. doi: 10.1038/s41598-025-95858-2.
10
openEHR Based Systems and the General Data Protection Regulation (GDPR).基于开放电子健康记录(openEHR)的系统与通用数据保护条例(GDPR)。
Stud Health Technol Inform. 2018;247:91-95.

引用本文的文献

1
FedscGen: privacy-preserving federated batch effect correction of single-cell RNA sequencing data.FedscGen:单细胞RNA测序数据的隐私保护联邦批次效应校正
Genome Biol. 2025 Jul 22;26(1):216. doi: 10.1186/s13059-025-03684-6.
2
Implementing Artificial Intelligence in Critical Care Medicine: a consensus of 22.在重症医学中实施人工智能:22 位专家的共识
Crit Care. 2025 Jul 8;29(1):290. doi: 10.1186/s13054-025-05532-2.
3
Leveraging machine learning in nursing: innovations, challenges, and ethical insights.护理领域中机器学习的应用:创新、挑战与伦理洞察。

本文引用的文献

1
Privacy and Robustness in Federated Learning: Attacks and Defenses.联邦学习中的隐私与鲁棒性:攻击与防御
IEEE Trans Neural Netw Learn Syst. 2024 Jul;35(7):8726-8746. doi: 10.1109/TNNLS.2022.3216981. Epub 2024 Jul 8.
2
Dataset Security for Machine Learning: Data Poisoning, Backdoor Attacks, and Defenses.机器学习中的数据集安全:数据投毒、后门攻击及防御
IEEE Trans Pattern Anal Mach Intell. 2023 Feb;45(2):1563-1580. doi: 10.1109/TPAMI.2022.3162397. Epub 2023 Jan 6.
3
Ethical machines: The human-centric use of artificial intelligence.
Front Digit Health. 2025 May 23;7:1514133. doi: 10.3389/fdgth.2025.1514133. eCollection 2025.
4
Development and implementation of a digiphysical screening model with nationwide reach to diagnose familial hypercholesterolemia.开发并实施一种具有全国范围影响力的数字物理筛查模型,用于诊断家族性高胆固醇血症。
Digit Health. 2025 Jan 23;11:20552076241311156. doi: 10.1177/20552076241311156. eCollection 2025 Jan-Dec.
5
Integration of large language models and federated learning.大语言模型与联邦学习的整合。
Patterns (N Y). 2024 Dec 13;5(12):101098. doi: 10.1016/j.patter.2024.101098.
6
Issues in federated learning: some experiments and preliminary results.联邦学习中的问题:一些实验与初步结果。
Sci Rep. 2024 Dec 2;14(1):29881. doi: 10.1038/s41598-024-81732-0.
7
Machine Learning for Mental Health: Applications, Challenges, and the Clinician's Role.心理健康领域的机器学习:应用、挑战及临床医生的角色
Curr Psychiatry Rep. 2024 Dec;26(12):694-702. doi: 10.1007/s11920-024-01561-w. Epub 2024 Nov 11.
8
Privacy-preserving decentralized learning methods for biomedical applications.用于生物医学应用的隐私保护分散式学习方法。
Comput Struct Biotechnol J. 2024 Aug 30;23:3281-3287. doi: 10.1016/j.csbj.2024.08.024. eCollection 2024 Dec.
9
Legal aspects of privacy-enhancing technologies in genome-wide association studies and their impact on performance and feasibility.全基因组关联研究中隐私增强技术的法律问题及其对性能和可行性的影响。
Genome Biol. 2024 Jun 13;25(1):154. doi: 10.1186/s13059-024-03296-6.
10
Architectural Design of a Blockchain-Enabled, Federated Learning Platform for Algorithmic Fairness in Predictive Health Care: Design Science Study.区块链赋能的联邦学习平台的架构设计用于预测性医疗保健中的算法公平性:设计科学研究。
J Med Internet Res. 2023 Oct 30;25:e46547. doi: 10.2196/46547.
合乎伦理的机器:以人类为中心的人工智能应用
iScience. 2021 Mar 3;24(3):102249. doi: 10.1016/j.isci.2021.102249. eCollection 2021 Mar 19.
4
A Critical Evaluation of Privacy and Security Threats in Federated Learning.联邦学习中的隐私与安全威胁的批判性评估
Sensors (Basel). 2020 Dec 15;20(24):7182. doi: 10.3390/s20247182.
5
Federated Learning on Clinical Benchmark Data: Performance Assessment.基于临床基准数据的联邦学习:性能评估。
J Med Internet Res. 2020 Oct 26;22(10):e20891. doi: 10.2196/20891.
6
The future of digital health with federated learning.联合学习助力数字健康的未来。
NPJ Digit Med. 2020 Sep 14;3:119. doi: 10.1038/s41746-020-00323-1. eCollection 2020.
7
PRISMA Extension for Scoping Reviews (PRISMA-ScR): Checklist and Explanation.PRISMA 扩展用于范围审查 (PRISMA-ScR): 清单和解释。
Ann Intern Med. 2018 Oct 2;169(7):467-473. doi: 10.7326/M18-0850. Epub 2018 Sep 4.